1 / 22

Cyber Security Research at the University of Texas at Dallas

Cyber Security Research at the University of Texas at Dallas. Dr. Bhavani Thuraisingham The University of Texas at Dallas bhavani.thuraisingham@utdallas.edu April 23, 2007. About the Cyber Security Research Center.

audi
Télécharger la présentation

Cyber Security Research at the University of Texas at Dallas

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security Research at the University of Texas at Dallas Dr. Bhavani Thuraisingham The University of Texas at Dallas bhavani.thuraisingham@utdallas.edu April 23, 2007

  2. About the Cyber Security Research Center • NSA/DHS Center for Excellence in Information Assurance Education (2004, 2007) • Over 20 Faculty in Jonsson School conducting research in Cyber Security • Collaborating with researchers in the School of Management on Risk analysis and Game theory applications • Beginning collaboration with UT Southwestern medical Center • Joint projects and proposals with leading researchers • Part of UTD’s CyberSecuirty and Emergency Preparedness Institute • Executive Director: Prof. Douglas Harris

  3. Cyber Security Research Areas at UTD • Network Security • Secure wireless and sensor networks • Systems and Language Security • Embedded systems security, Buffer overflow defense • Data and Applications Security • Information sharing, Geospatial data management, Surveillance, Secure web services, Privacy, Dependable information management, Intrusion detection • Security Theory and Protocols • Secure group communication • Security Engineering • Secure component-based software • Cross Cutting Themes • Vulnerability analysis, Access control

  4. Our Model: R&D, Technology Transfer Standardization and Commercialization • Basic Research (6-1 Type) • Funding agencies such as NSF, AFOSR, etc. Publish our research in top journals (ACM and IEEE Transactions) • Applied Research • Some federal funding (e.g., from government programs) and Commercial Corporations (e.g., Raytheon); Our current collaboration with AFRL-ARL • Technology Transfer / Development • Work with corporations such as Raytheon to showcase our research to sponsors (e.g., GEOINT) and transfer research to operational programs such as DCGS • Standardization • Our collaborations with OGC and standardization of our research (e.g., GRDF) • Commercialization • Patents, Work with VCs, Corporations, SBIR, STTR for commercialization of our tools (e.g., our work on data mining tools)

  5. Technical and Professional Accomplishments • Publications of research in top journals and conferences, books • IEEE Transactions, ACM Transactions, 8 books published and 2 books in preparation including one on UTD research (Data Mining Applications, Awad, Khan and Thuraisingham) • Member of Editorial Boards/Editor in Chief • Journal of Computer Security, ACM Transactions on Information and Systems Security, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Knowledge and Data Engineering, Computer Standards and Interfaces - - - • Advisory Boards / Memberships/Other • Purdue University CS Department, Invitations to write articles in Encyclopedia Britannica on data mining, Keynote addresses, Talks at DFW NAFTA and Chamber of Commerce, Commercialization discussions of data mining tools for security • Awards and Fellowships • IEEE Fellow, AAAS Fellow, BCS Fellow, IEEE Technical Achievement Award, IEEE Senior Members

  6. Data and Applications SecurityResearch at UTD • Core Group • Prof. Bhavai Thuraisingham (Professor & Director, Cyber Security Research Center) • Prof. Latifur Khan (Director, Data Mining Laboratory) • Prof. Murat Kantarcioglu (Joined Fall 2005, PhD. Purdue U.) • Prof. Kevin Hamlen (Peer to Peer systems Security, Joined 2006 from Cornell U.) • Prof. I-Ling Yen (Director, Web Services Lab) • Prof. Prabhakaran (Director, Motion Capture Lab) • Students and Funding • Over 20 PhD Students, 40 MS students (combined) • Research grants: Air Force Office of Scientific Research (2), Raytheon Corporation (2), Nokia Corporation, National Science Foundation (2), AFRL-ARL Collaboration, TX State

  7. Assured Information Sharing Data/Policy for Coalition Publish Publish Data/Policy Data/Policy Publish Data/Policy Component Component Data/Policy for Data/Policy for Agency A Agency C • Friendly partners • Semi-honest partners • Untrustworthy partners Component Research funded by two grants from AFOSR Data/Policy for Agency B

  8. Secure Semantic Web • Machine Understandable Web Pages • What are we doing: CPT Policy enforcement (Confidentiality, Privacy, Trust) CONFIDENTILAITY TRUST P R I V A C Y Logic, Proof and Trust Rules/Query RDF, Ontologies XML, XML Schemas URI, UNICODE

  9. Secure Geospatial Data Management Semantic Metadata Extraction Decision Centric Fusion Geospatial data interoperability through web services Geospatial data mining Geospatial semantic web Data Source A Tools for Analysts Data Source B SECURITY/ QUALITY Data Source C Research Supported by Raytheon on pne grant; working on robust prototypes on second grant

  10. Framework for Geospatial Data Security

  11. Suspicious Event Detection: Surveillance • Defined an event representation measure based on low-level features • Defined “normal” and “suspicious” behavior and classify events in unlabeled video sequences appropriately • Tool to determine whether events are suspicious or not • Privacy preserving surveillance

  12. Surveillance and Privacy Raw video surveillance data Face Detection and Face Derecognizing system Suspicious people found Faces of trusted people derecognized to preserve privacy Suspicious events found Comprehensive security report listing suspicious events and people detected Suspicious Event Detection System Manual Inspection of video data Report of security personnel

  13. Social Networks • Individuals engaged in suspicious or undesirable behavior rarely act alone • We can infer than those associated with a person positively identified as suspicious have a high probability of being either: • Accomplices (participants in suspicious activity) • Witnesses (observers of suspicious activity) • Making these assumptions, we create a context of association between users of a communication network

  14. Privacy Preserving Data Mining • Prevent useful results from mining • Introduce “cover stories” to give “false” results • Only make a sample of data available so that an adversary is unable to come up with useful rules and predictive functions • Randomization and Perturbation • Introduce random values into the data and/or results • Challenge is to introduce random values without significantly affecting the data mining results • Give range of values for results instead of exact values • Secure Multi-party Computation • Each party knows its own inputs; encryption techniques used to compute final results

  15. Data Mining for Intrusion Detection / Worm Detection Training Data Classification Hierarchical Clustering (DGSOT) SVM Class Training Testing DGSOT: Dynamically growing self organizing tree SVM: Support Vector Machine Testing Data

  16. Example Projects • Assured Information Sharing • Secure Semantic Web Technologies • Social Networks and game playing • Privacy Preserving Data Mining • Geospatial Data Management • Secure Geospatial semantic web • Geospatial data mining • Surveillance • Suspicious Event Detention • Privacy preserving Surveillance • Automatic Face Detection, RFID technologies • Cross Cutting Themes • Data Mining for Security Applications (e.g., Intrusion detection, Mining Arabic Documents); Dependable Information Management

  17. Other Research in Cyber SecuritySingle Packet IP Traceback (Prof. Kamil Sarac) • Goal: trace an IP packet back to its source • Usage of IP traceback • Internet forensic analysis • Denial-of-service attack defense • Design issues for practical IP traceback • Reducing overhead on routers • Supporting incremental and partial deployment • Traceback speed and efficiency

  18. Protecting Computer Security via Hardware/Software: Prof. Edwin Sha Hardware/Software Defender • A complete protection from buffer overflow attacks. • An efficient checking mechanism for a system integrator. • Compiler is easy to handle. • Hardware and timing overhead are little. The most widely exploited vulnerabilities are buffer overflow related, causing billion dollars of damage. Almost all effective worms use this vulnerability to attack. Eg. Internet Worm, Code Red, MS Blaster, Sasser worm, etc. • Design new instructions and hardware to avoid buffer overflow vulnerabilities. • Stack Smashing Attack Protection - Two methods proposed: • Hardware Boundary Check • New Secure Function Call instructions: Scall and Sret. • Function Pointer Attack Protection • New secure instruction for jumping function pointer: SJMP For the most common stack smashing attacks, HSDefender provides a complete protection. For the function pointer attack, it makes an hacker extremely hard to change a function pointer leading to his hostile code. With little time overhead (0.098%), it can be applied to critical real-time systems.

  19. Buffer Overflow Attacks: Prof. Gupta • Buffer Overflow Attacks (B.O.A): A majority of attacks for which advisories are issued are based on B.O.A. • Other forms of attacks, such as distributed denial of service attacks, sometimes rely on B.O.A. • B.O.A. exploit the memory organization of the traditional activation stack model to overwrite the return address stored on the stack. • This memory organization can be slightly changed so as to prevent buffer overflows overwriting return addresses. • Our system automatically transforms code binaries in accordance to this modified memory organization, thereby preventing most common forms of buffer overflow attacks. • Our tool (under development) can be used on third-party software and off-the-shelf products, and does not require access to source code.

  20. Information Assurance Education (Prof. Gupta) • Current Courses • Introduction to Computer and Network Security: Prof. Sha • Cryptography: Profs. Sudborough, Murat • Data and Applications Security: Prof. Bhavani Thuraisingham • Biometrics: Prof. Bhavani • Privacy: Prof. Murat Kantarcioglu • Secure Language, Prof. Kevin Hamlen • Digital Forensics: Prof. Bhavani Thuraisingham • Trustworthy semantic web: Prof. Bhavani • NSA/DHS Center for Information Assurance Education (2004, 2007) • Courses at AFCEA and AF Bases • Knowledge Management, Data Mining for Counter-terrorism, Data Security, preparing a course on SOA and NCES with Prof. Alex Levis - GMU and Prof. Hal Sorenson - UCSD)

  21. Development Room (19.5’ x 29’) Testing Area (22’ x 31.5’) Cable tray Cable tray Cable tray Cable tray Wireless Network Area (8’ x 19’) Cable tray Security Analysis and Information Assurance Laboratory SAIAL Laboratory (Security Analysis and Information Assurance Laboratory) Attenuation levels of radiated signals as tested to MIL-STD-285 Magnetic Mode                          60 dB at 10KHz to 100KHz at 100dB Electric Mode                            100 dB from 1 KHz to 1 GHz Plane Ware and Microwave         100 dB from 1 GHz to 10 GHz Mainframes 2 PC’s 54 Work Stations 6 Laptops 5 Servers 7 Switches 4 Routers 10 PDA’s 15 Access Points 8 Network Analyzer 1 Protocol Analyzer 1 Development Software & Hardware

  22. Directions and Plans • Take Advantage of SAIAL Lab • Opportunity for Information Operations portion of the AFOSR project • Increase focus areas • Major focus the past 2 years has been on Data Security; • Expand the focus utilizing our strengths and state/federal interests • Digital forensics is becoming an important area • Interdisciplinary research and multiple domains • Healthcare, Telecom, etc. • Collaboration • Integrate programs across the schools at UTD • Increase collaboration with our partners • Our major goal is to establish a Center Scale Project

More Related