Embed Size (px)
Citation preview
Research in Security and Dependable Computing
Shambhu UpadhyayaComputer Science and Engineering
University at Buffalo
August 28, 2003
CEISARE @2
Outline
Background
Students and List of Projects
Brief Description of Projects
Synergistic Activities
CEISARE @3
Welcome
CEISARE @4
Roadmap
2001
??COE, IASP
AFRL, Telcordia
Certificate, Newcourses,
Security lab, More funds, Student training
2002
2003
CEISARE @5
UB’s Center of Excellence
(Unofficial) Logo
CEISARE @6
IA Constituents
Information Assurance
CEISAREInformation Systems Assurance Research
and Education
CEDAR
ILPB
CCR
SOM
LAW
MAT
CSE
Bioinformatics
Document Analysis &Recognition
Lasers, Photonics &Biophotonics
Computational Research
Computer Science &Eng
School of Management
Law School
Mathematics
CEISARE @7
Students Recently graduated students
Kiran Mantha, MS, 2001 (Deloitte & Touche, NY)
Hugh Wu, Ph.D, 2002 (Faculty, Taiwan)
Neelesh Arora, MS, 2003 (Thomson Financial, NY)
Pradeep Nagaraj (2002), Sajit Balraj (2002), Gaurav Bhargava, 2003, MS (Qualcom, CA)
Current students Ramkumar Chinchani, MS, 2002 (PhD student)
Suranjan Pramanik (PhD student)
Ashish Garg (PhD student)
Mohit Virendra (PhD student)
Anusha Iyer (PhD student)
Dan Zhao (PhD student)
M. Nair (PhD student)
S. Vidyaraman (PhD student)
Aarthie Muthukrishnan (MS student)
Madhu Chandrasekharan (MS student)
CEISARE @8
Collaborators Research
Martin Margala, University of Rochester
P.R. Mukund, RIT
Kevin Kwiat, AFRL
Bharat Jayaraman, CSE, UB
Jim Llinas, IE, UB
H.R. Rao, SOM, UB
Education Jeannette Neal, ECC
Donna Kaputa, ECC
Marina Cappellino, GCC
CEISARE @9
Research and Educational Grants Research Grants
AFRL (2000 – 2004)
NYSTAR (2002 – 2004)
DARPA seedling (2003 – 2004)
NSA/ARDA (2003 – 2005)
AFRL (2003 – 2005), pending final approval
SRC (2003 – 2006)
Educational Grants DoD/NSA
Students Supported 7 students as RA and 4 as IA Scholars
2-4 new positions available
CEISARE @10
Research Projects
Computer Security Intrusion detection by encapsulating user’s intent – Concept
development, simulation, investigation of scalability (thrust:
anomaly detection)
Reasoning about intrusions (thrust: risk analysis)
Building secure enclaves (thrust: graph theory)
Simulation support for IA experiments (thrust: event-based)
Secure voting protocols (thrust: replication and two-phase commit)
Securing documents from Insider Threat – A multi-phase approach
(thrust: attack graph, vulnerability analysis)
Event correlation for cyber attack recognition systems (thrust: data
fusion)
CEISARE @11
Research Projects (Contd.) Distributed Systems
Fault tolerance and security in enterprise servers (thrust:
checkpointing and recovery)
VLSI Design and Test
Test scheduling in Systems-on-chips (thrust: algorithms)
Adaptive BIST for complex Systems-on-chip (thrust: built-in
current sensors)
Test control architecture for future SOCs using on-chip
wireless communication (thrust: on-chip RF nodes)
CEISARE @12
Where Does Our Security Research Fit In?
CEISARE @13
Underlying Principles
Use the principle of least privilege to achieve better
security
Use mandatory access control wherever appropriate
Data used for intrusion detection should be kept
simple and small
Intrusion detection capabilities are enhanced if
environment specific factors are taken into account
CEISARE @14
User Intent Encapsulation
CEISARE @15
Building Secure Enclaves Tamper-resistant security monitoring Available choices
Replication (Chameleon at UIUC) Layered Hierarchy (AAFID at Purdue) Both can be easily compromised
Proposed solution Circulant graph Overhead is manageable There is no mutual trust
among the watchers (Ref: IEEE IWIA 2003)
CEISARE @16
Securing Documents: A Three-Phase Approach
Pre-Pre-document document
Access PhaseAccess Phase
Mid-Mid-document document
Access PhaseAccess Phase
Post-Post-document document
Access PhaseAccess PhaseForensicsForensicsPolicy refinementPolicy refinement
Anomaly based monitoring to check Anomaly based monitoring to check user actionsuser actionsZero-trust self monitoring and loggingZero-trust self monitoring and logging
Insider modelingInsider modelingPolicy definition and refinementPolicy definition and refinement
CEISARE @17
Policy Enforcement Most systems only log user logins Not easy to determine which user violated
normal document policies Violators can act without fear of non-
repudiable trace-back How do you handle the problem?
Tie each entity with a digital certificate Policy enforcement module Kerberized certificates for authentication
and data integrity Scalability?
CEISARE @18
Synergistic Activities
Information Assurance Scholarship program
Organized 1st New York State Cyber Security
Symposium at Utica, NY, Feb. 2003 jointly with
Griffiss Institute, Utica, NY
Planning on a IA Workshop in Buffalo in the area
of Secure Knowledge Management
