1 / 26

WELCOME

WELCOME. 1 st Annual Visiting Professor Collaborative Research Program (VPCRP) Workshop March 14 – 15, 2005 Oak Ridge National Laboratory Joseph P. Trien Group Leader Cyber Security & Information Infrastructure Research (CS&IIR) & Interim Director Information Operations Center (IOC).

cleta
Télécharger la présentation

WELCOME

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WELCOME 1st Annual Visiting Professor Collaborative Research Program (VPCRP) Workshop March 14 – 15, 2005 Oak Ridge National Laboratory Joseph P. Trien Group Leader Cyber Security & Information Infrastructure Research (CS&IIR) & Interim Director Information Operations Center (IOC)

  2. ORNL Knowledge Management Focus

  3. ORNL has many Knowledge Management Strategic Research Thrusts • Modeling and Simulation • Parallel Discrete Event Simulations • Inverse simulations • Dynamic prediction simulations • Distributed control • Information Systems • Data systems architecture • Distributed data management • Dynamic data management • Sensor data management • Information Discovery • Dynamic text analysis • Knowledge extraction sciences • Dynamic Information Retrieval • Information/Knowledge Fusion • Geospatial Sciences • Population dynamics • Community modeling • Commodity tracking • Information Operations • Steganography • Quantum Cryptography • Insider Threat Detection & Mitigation • Distributed Authentication and Trust • Automated Code Verification & Validation • Information Assurance • 3-D Situation Awareness • Decision Sciences • Man/Machine Interfaces • Behavioral Sciences • Cognitive Inference

  4. Strategic Thrust: Cyber Security • Cyber Security • Cyber Attack Detection and Machine Speed Response • Zero-Day Attack Detection • Multi-Level and Distributed Ad-Hoc Trust • Large-scale Cyber Situation Awareness, Warnings, & Response • Leverage existing commercial distributed framework technologies • Integrate LDRD initiatives • Insider Threat Detection • Protection of data (secure, trusted, protected information sharing) • Prevent ex-filtration and corruption of stored data • Stand-off brain scan authentication and identification • Large-Scale Cyber Security & Network Test Bed • Expand existing network lab into recognize single location to perform world-class large-scale test, evaluation, and implementation protocols • Vulnerability Assessments • Automated Software Code Verification & Validation tool and certification center

  5. Strategic Thrust: Infrastructure • Infrastructure • Large Scale Network Modeling and Simulation • CADENCE/OPNET supercomputer initiative • Commercial Vehicle Integrated Safety and Security Enforcement System • Integrated information collection, transmission, processing, dissemination architecture & protocol • Sensor Net Network Systems and Network Security Architecture Research

  6. Visiting Professor Collaborative Research Program (VPCRP): 1st Annual Workshop • Common Goal • Develop our near term research goals aimed at finding/building a tangible doable foundation that can help expand our collective capabilities and broaden our opportunities for future collaborative (i.e., summer research visitations and beyond) R&D success in Cyber Security and Information Infrastructure.

  7. Focus: Insider Threats • Develop outside-of-the-box concepts for near-term capabilities in identifying, defending against, andcounteringan insider who attempts to abuse his or her computer privileges. • The potential for damage from insider threats are potentially catastrophic. • Defined as the potential damage to the interests of an organization, a company, or a corporation, done by a person regarded as loyally working for or on behalf of the organization, company, or corporation. • The insider threat focus is limited to threats posed to devices connected to a network. This can be simply inadvertent violation of security policy or overt attempt at defeating the security systems from within the network.

  8. Focus: Life Cycle Threats • There is not a means for automated testing of large software, both static and mobile code, to detect, identify malicious code, sleeper codes, and exploitable vulnerabilities and to determine and understand the potential impact on the life-cycle of the codes. • Current testing approaches are largely manual rather than automated

  9. Focus: Distributed Ad Hoc Trust/ Multi-Level Trust • A mobile ad hoc network (MANET) is a network formed in a spontaneous manner without any central administration or with few connections to other fixed networks (i.e., an autonomous system of mobile nodes). • The absence of the pre-existing knowledge between the nodes and no trusted central server make traditional trust establishment mechanisms and assumptions inappropriate. The communication among nodes is prone to security attacks and nodes can be easily compromised. • Attacks such as wormhole and DoS can compromise routes through spoofing ARP or IP packets (passively/actively). Threshold cryptography is an example of one solution but suffers in cases of bandwidth constraints and energy conservation so an efficient implementation of the scheme is critical. • A multi-level trust model is needed, in which a device's capabilities in the network are determined by the level of trust assigned to them and the trust level is determined by the certificates issued by their peers.

  10. Workshop Goals • Establish and Foster Environment for Collaborative Research and Development between CS&IIR and Academia. • Develop 3 – 4 research topics relevant to the Focus Areas for the summer program • Research topics to include • Concepts must support and/or complement the focus areas • Targeted problem/focus areas clearly articulated • Approach must be innovative - leading to breakthrough • Deliverables must be tangible • Milestones • Summer Research Program • One to three research proposals will be funded this summer • Research will be performed jointly at ORNL

  11. Lets Begin 1st Annual Visiting Professor Collaborative Research Program (VPCRP) Workshop March 14 – 15, 2005 Oak Ridge National Laboratory Frederick T. Sheldon, Ph.D. Software Engineering for Secure and Dependable Systems Lab http://www.csm.ornl.gov/~sheldon http://www.ioc.ornl.gov

  12. CSIIR Landscape I • Information infrastructure consists of technologies and capabilities for gathering, handling, and sharing information accessible to, or commonly depended upon by, multiple organizations, within a single enterprise, a critical infrastructure sector (e.g., banking/finance), the U.S. Government, the nation as a whole, or transnationally. • Information infrastructure includes well-engineered systems as well as poorly configured systems in businesses and homes.

  13. CSIIR Landscape II • United States: Private, academic, and public sectors invest significantly in cyber security. • The commercial sector primarily performs cyber security research as an investment in future products and services. • Public sector also funds R&D in cyber security, the majority of this activity focuses on the specific missions of the government agency funding the work. • Thus, broad areas of cyber security remain neglected or underdeveloped. • Therefore, our agenda identifies the high-priority gaps, . . . • R&D problems of significant value to the security of the information infrastructure that are either not funded or under-funded within the collection of private sector and government-sponsored research in the U.S., but are expected to become significant foci in the future.

  14. National Agenda • Enterprise Security Management • Trust Among Distributed Autonomous Parties • Discovery and Analysis of Security Properties and Vulnerabilities • Secure System and Network Response and Recovery • Traceback, Identification, and Forensics • Wireless Security / MANET • Metrics and Models

  15. Workshop Format • Informal • Open • In the time available, we hope to… • Develop a coherent strategy for • Short term initiative(s) designed to yield successful fruit, as well as the seeds • Long term path forward • Discover our individual/cooperative capabilities • Gain a historical perspective / facilities & programs • Vision for research common ground

  16. A Word About EH&S and Security I • Maintain a safe workplace environment complying with all procedures and ES&H. In day-to-day activities be aware of potential safety issues and provide an example of safety compliance. The assembly point, in case of alarm, is due west of this, the JICS building. • Laboratory area encompassing 330 acres, with outlying facilities and waste management storage areas utilizing another 1,125 acres. The main Laboratory area is designated as a Property Protection Area (PPA) as are outlying facilities and waste management storage areas. • Located within the main Laboratory PPA are a number of islands of security (including fourteen {14} separate and distinct Limited Areas and one Protected Area) which are formally designated and signed as security areas, for which physical protection is provided, and for which definitive access controls are applied. Because we use various hazardous materials, it is important that you are alert to all special instructions, signs, tags, and barriers.The ORNL campus, owing to its role in the Manhattan Project and other pioneering activities of the atomic age, is posted as a "Controlled Area" and includes several radiological areas. These radiological areas pose little, if any, risk to the staff and visiting public when properly observed.

  17. A Word About EH&S and Security II • Visitor Computer Access Limits: Limited computer access is allowed for visitors. Use of ORNL computers for computer access is limited to browsing external web sites , public (non-internal) ORNL web sites and to read email at remote locations. You may access the visitor’s wireless network using your ORNL issued badge number using your own computer. • as a minimum on the day of arrival, in addition to the initial site access orientation the host should ensure the visitor(s) receives a briefing which includes the specific areas where the visitor(s) may access, those areas they should not access, the specific area in which they may park their private vehicles, the route of travel to be taken in accessing authorized facilities, emergency signals for the site, emergency egress procedures, etc. • Security Police Officers/Security Officers assigned to the Protective Force at ORNL portals may check vehicles transporting the visitor for the presence of prohibited articles. Visitor(s) will be provided a Site Access Orientation Brochure and further be briefed regarding rules of conduct and prohibited items such as weapons, explosives, drugs, drug paraphernalia, etc. Permitted hours of access of foreign national visitors and guest assignees to ORNL, the regular work day hours are designated as 6:00 a.m. to 8:00 p.m., Monday through Friday.

  18. Monday Morning • 8:00 a.m. Coffee and pastries • 8:10 a.m. Welcome April McMillin, Introduction and overview – Joe Trien • 8:30 a.m. Fast Abstracts Round Robin 3-5 minutes per person as follows: Mili, Kafura, Yoo, Che, McGregor, Schumann, Park, Arazi, Prowell, Langston, Shankar/Sheldon • 9:15 a.m. Presentation by Nagi Rao (ORNL/CSMD), Infrastructure and Protocols for Dedicated Bandwidth Channels • 9:45 a.m. Prof.Ali Mili (N.J. Institute of Tech./CS), An Integrated Approach to Security Management • 10:30 a.m. Break • 10:45 a.m. Prof.Dennis Kafura (Virginia Tech./CS), Policy Delegation and Dynamic Policy for Authorization in Pervasive Cyber Infrastructures • 11:30 a.m. Prof.Seong-Moo Yoo (Univ. of AL Huntsville/CSE), Case Based Reasoning Approach to Intrusion Detection • 12:15 a.m. Lunch at cafeteria (across the const site due East)

  19. Monday Afternoon • 1:15 a.m. Prof.Che Hao (Univ. of TX at Arlington/CSE), Detection and Containment: Algorithms and High Speed Dynamic Filtering • 2:00 p.m. Prof.John McGregor (Clemson Univ./CS), Techniques for Validating the Security Quality Attributes of Infrastructure Software • 2:45 p.m. 30 minOpen Discussion (Concepts, Approach, Deliverables, Targeted Problem Areas) • 3:15 p.m. SNS Tour (Van available) • 4:15 p.m. Return to JICS building • 4:30 p.m. Professor Arazi (Univ. of Kentucky/CS), Wireless Sensor Networks Security • 5:15 p.m. Return to Hotel

  20. Monday Evening • 6:00 p.m. Van picks everyone up from the Hampton lobby at Cedar Bluff • 6:30 p.m. Reservation at Calhoun’s on the River, Lenoir City Dinner and Open Issues Discussion • 8:00 p.m. Dr. Sheldon (CSED/ CSIIR),Wrap-up of Day 1 and Agenda for Day 2

  21. Tuesday Morning • 8:00 a.m. Coffee and pastries • 8:15 a.m. Dr. R. Abercrombie and R. Walker (CSED/ CSIIR), DoD/DHS Infrastructure Applications • 8:45 a.m. Dr. Johann Schumann (NASA/Ames), Design Tools for Reliable Secure Communication Software • 9:30 a.m. Prof.Jung-Min Park (Virginia Tech./ECE), Defending Against Denial-of-Service Attacks in Wired and Wireless Networks • 10:15 a.m. Break • 10:30 a.m. Arjun Shankar (ORNL/CSED), Fusing Intrusion Data for Pro- Active Containment • 11:00 a.m. Prof. Stacy Prowell (Univ. of TN/CS and SEI), Automated Program Behavior Analysis • 11:30 p.m. Prof. Mike Langston (Univ. of TN/CS), Trusted Computing Amidst Untrustworthy Intermediaries • 12:00 p.m. Open Discussion Agenda by Joe Trien

  22. Tuesday Afternoon • 12:15 p.m. 3 Hour Working Lunch (catered) – Open Discussion • Develop research topics for the summer program • Research topic areas to include: • Concepts, approach, and deliverables • Targeted problem areas and time table • Identify research strategies for sustained funding • 3:15 p.m. Closing remarks • 3:30 p.m. National Transportation Research Center (NTRC) Tour (Van available) • 4:00 p.m. Return to Visitor Center for Departure

  23. Weeks and Months Ahead • Based on the group consensus, lets decide how to proceed with our research thrusts…

More Related