1 / 29

TRUST Center Activities

TRUST Center Activities. Stephen B. Wicker Cornell University. Center Activities. Focus on creative, collaborative events designed to stimulate and disseminate TRUST research Faculty/Student Workshops PhD Student Exchanges Collaborative Publications Collaboration with Government Agencies

kermit
Télécharger la présentation

TRUST Center Activities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TRUST Center Activities Stephen B. Wicker Cornell University

  2. Center Activities • Focus on creative, collaborative events designed to stimulate and disseminate TRUST research • Faculty/Student Workshops • PhD Student Exchanges • Collaborative Publications • Collaboration with Government Agencies • AFOSR • Treasury • DHS • International Collaboration • Industrial Collaboration • Distinguished External Advisory Board (DEAB) Center Activities

  3. Example Workshops • Participation from faculty, students, industry, and government. • Sensor Networking • Technology • Security Issues • Privacy Issues • Electronic Medical Records • Secure/Privacy-Aware Transport • Multi-Level Access • Computer Security • Trustworthy Interfaces • Securing E-Commerce Center Activities

  4. Sensor Networking Workshops • Secure Sensor Networks - CMU, May 9 - 10 , 2006 • Sponsored by TRUST, NSF, ARO • Organizers: • Adrian Perrig (TRUST/CMU) • Karl Levitt (NSF) • Radha Poovendran (University of Washington) • Cliff Wang (ARO) • Participants: • Yongdae Kim (UMN), Richard Han (University of Colorado, Boulder), Gene Tsudik (UC Irvine), Wade Trappe (Rutgers), Sencun Zhu (Penn State), Jack Stankovic (University of Virginia), Wenliang (Kevin) Du (SUNY Syracuse), Peng Ning (NC State), Steve Wicker (Cornell), Virgil D. Gligor (University of Maryland, College Park), Kevin Fu (UMass Amherst), Yanyong Zhang (Rutgers), Wesley Snyder (Cont, ARL/ARO) • Topics • Data Privacy in Ad hoc Networks • WSN Architecture • WSN Attacks and Security • WSN Data Routing/Aggregation Center Activities

  5. J J • Cross Disciplinary Symposium at UC Berkeley, 3-4 November 2006 • Sponsored by TRUST, Samuelson Law, Technology, and Public Policy Clinic, Boalt School of Law, CITRIS • Participants include TRUST faculty; faculty in law, engineering, literature, history, sociology, and geography; ACLU Center Activities

  6. Sample Talks • The Document People: Privacy, Identity, and Continuous Personal Experience Capture • Ian Kerr and Jane Bailey - University of Ottawa • Public Privacy: Surveillance of Public Places and the Right to Anonymity • Christopher Slobogin - University of Florida • From Citizen to Subject: The Perils of Privacy • Margaret Kohn - University of Florida, Gainesville • The Dover Ban: Wartime Control over Images of Public and Private Deaths • Brian Gran - Case Western Reserve University • Privacy, Visibility, and Exposure • Julie E. Cohen - Georgetown University Law Center • In Defense of Public Places • Deirdre Mulligan - UC Berkeley • Visual Privacy in the Collaborative Cyber-infrastructure Environment • Ruzena Bajcsy, UC Berkeley, Katherine Mezur, Mills College • Unblinking in Mobile Learning • Alice M. Agogino - UC Berkeley • Comments, and Privacy Concerns in New Technologies • Stephen Wicker, Cornell University Center Activities

  7. Patient Monitoring Workshops • Vanderbilt Medical Center and ISIS, September 12, 2006, Nashville • Participants: Vanderbilt Medical School, Cornell, Stanford, Vanderbilt-ISIS, • Privacy and Confidentiality WorkshopVanderbilt Center for Better Health, September 13-14, 2006, Nashville • TRUST Participants: Cornell, Stanford, Vanderbilt-ISIS, • Biweekly Modeling Working Group meetings • Participants: ISIS, Vanderbilt Medical School, Vanderbilt Medical Center • Weekly Stanford-Vanderbilt Telecon Center Activities

  8. Patient Monitoring Working Meeting • Berkeley, Dec 15th, 2006 • Participants • Berkeley, Cornell, Vanderbilt, Illinois • Faculty and PhD students • Discussion Items • Uniform and/or interoperable sensor platform • Integrated experiment scenario • Medical industry collaboration for system deployment and experiment Center Activities

  9. Patient Monitoring - Results • Medical sensor devices and platforms • Berkeley: Several types of medical sensors including accelerometer, ECG, etc. • Vanderbilt: video sensors and Mica2 motes • Cornell: sensors with various communication interfaces • Integrated experiment scenario • Body movement sensor triggers the operation of video sensor based on privacy policies • better situation awareness • policy-driven video delivery • Industry and medical center collaboration. • System Deployment and Experiment in • Vanderbilt Home Care Services, Inc. - agreement now in place • McKendree Village • Research issues • Privacy and security in video sensor networks (Berkeley, Cornell Vanderbilt,) • Signal processing and pattern recognition in medical data (Berkeley) • Communication interference between IEEE 802.15.4 and IEEE 802.11 (Cornell, Vanderbilt) • OUTCOME: 2007 CyberTRUST Proposal (Illinois, Berkeley, Cornell, Vanderbilt) Center Activities

  10. Electronic Medical Records Workshop • Berkeley April 28th, 2006: • TRUST with UCB School of Public Health, Cal Regional Health Information Office (RHIO), Cornell, and Vanderbilt Medical School • Program focii • EMR Implementation requirements • Privacy and Security in EMR • David Brailer, key note on Federal mandate • Legal and Policy Issues • Research Issues Center Activities

  11. Computer Security Workshops • Trustworthy Interfaces for Passwords and Personal Information II - Stanford University, June 19, 2006 • Statement of Purpose • Users still typically provide personal information and credentials such as passwords the same way they did 30 years ago: through a text interface that they assume they can trust. • Purpose: Find an effective solution by bringing together the designers of the cryptographic protocols with the implementers of the user interfaces. • Workshop for industry and West Coast Electronic Crime Taskforce Center Activities

  12. TIPPI 2 Workshop • Sample Talks: • Site to User Authentication - Real World End User ResultsLouie Gasparini, RSA Security • Evolution of The Threat and its Impact on RequirementsDavid Jevans, APWG • Security Skins: The Design and Evaluation of Unspoofable, Embedded Security IndicatorsRachna Dhamija, Harvard University • Context-Aware Phishing Attacks and Client-Side DefensesCollin Jackson, Stanford University • Web Wallet: Preventing Phishing Attacks by Revealing User IntentionRob Miller, MIT • Securing The Web Browser: Keeping The Phish In The Sea   George Staikos, Staikos • Microsoft InfoCard: Design and ImplementationBill Barnes, Microsoft Corp. • Google Safe BrowsingNiels Provos, Google • Outbound Authentication on the Users TermsPhillip Hallam-Baker, Verisign • A "Wholistic" View of Client-Side Anti-Phishing TechnologiesZulfikar Ramzan, Symantec Corp. • Graphical Password with Integrated Trustworthy InterfacePatricia Lareau, Passfaces • Bharosa Authenticator: Securing OTP Data Over a Compromised ComputerArun Kothonath, Bharosa Center Activities

  13. Collaboration with US Government Agencies • TRUST/AFOSR • A new spinoff TRUST-related center focused on the needs of Air Force and other military vendors as the GIG/NCES rollout occurs • Operating as a PRET with funding of about $1M per year. Emphasis is on mid-term to long-term opportunities, collaboration • Includes about 10 TRUST researchers • Ongoing dialog with Air Force to help them develop research agendas around the TRUST issues raised by the GIG and NCES.  • Active dialog in the OIM area; we expect to see them using our technologies in a series of pilot projects in 2007 Center Activities

  14. Collaboration with US Government Agencies • NSF • Helped NSF plan and articulate their need embedded and real-time systems agenda • DHS • DHS has established a center of excellence at SRI which is partnered with TRUST (the PI at SRI Lincoln is a former student of John Mitchell’s). • DHS-Cybersecurity Center and TRUST participants have held numerous tech transfer forums for the financial sector including Schwab, Bank of America, Symmantec, Oracle, Sun, … and numerous start ups (usually every 3-4 months). Rodriguez (former USSS) has been the facilitator Center Activities

  15. Further DHS TRUST Activities • Phishing, Spyware and Identity Theft work started with initial seed funding from NSF (PM Maughan) • DETER testbed funded with joint NSF/DHS funding. DHS is transitioning the research testbed into an Operational Testbed named DECCOR starting July 2006. • Participation in DHS Identity Theft Technology Council • John Mitchell (TRUST Stanford) - Member US Secret Service Electronic Crimes Task Force, organizing committee for their quarterly meetings, speaker at last meeting Center Activities

  16. DHS and TRUST Education • TRUST education technology is transitioned under the U.S. Department of Homeland Security (DHS) Competitive Training Grant Program (CTGP). • The Adaptive Cyber-Security Training (ACT) Online will train information assurance personnel • to identify potential sources of threats, • to institute the most effective deterrents and • to respond and recover to attack . • Larry Howard, Vanderbilt-ISIS leads the Vanderbilt team in the project including the University of Memphis and Sparta Inc. Center Activities

  17. International Collaboration • One of TRUST’s central goals: dissemination • Thrust: international collaboration • Focus: small number leading international groups • First major collaboration Taiwan • Authorized by Taiwan legislature • Personal attention from Taiwan Minister of State Center Activities

  18. Taiwan Collaboration • About Taiwan • Internet users14.6 million • Broadband users 10.5 million • Population 22.7 million • In top three Asian software industry and web services industry (with Japan & South Korea) • Has a high incident of security incidents • Large fraction appear to originate from China Center Activities

  19. Taiwan groups • iCAST: Umbrella for International Collaboration in Advanced Science and Technology • Major members • STAG: Science and Technology Advisory Group • Executive Branch group • Personally directed by a Minister-level staff member • NSC: National Science Council (Taiwan’s NSF) • III: Institute for Information Industry • Public/Private software industry coordinating group • ITRI: Industrial Technology Research Institute • Public/Private eloectronics industry coordinating group • TWISC: Taiwan Information Security Center • Modeled on TRUST • Major infrastructure groups (telecoms) • Government groups (law enforcement, public safety, etc) Center Activities

  20. Main Thrusts at iCAST-CMU Banks/Streets/etc. Surveillance Industry/ Government SoftwareVerification RemoteAuthentication Mobile Phones Intrusion Detection Computer Emergency Response Team Coordination Center (CERT/CC) Hackers Strongly tied with Taiwan, and will remain dynamic… Center Activities

  21. CMU/TRUST Involvement • Funded by Taiwan National Science Council NSC) at $1M/year • Current Team Members • Adrian Perrig, Mike Reiter, Ed Clarke, Peter Lee, Raj Rajkumar, Hui Zhang • CERT/CC, training courses • Don McGillen, logistics • Tsuhan Chen, Director Center Activities

  22. Other International Efforts • Professor Ruth Breu, Dr. Michael Hafner, University of Innsbruck, Austria • model-based methods for privacy and security in service architectures; • Clinical Information Systems • Meetings: Sztipanovits, Breu, Hafner: February 5, 2007, Rome, IT; Ledeczi, Breu, Hafner: February 26, 2007, Innsbruck, Austria • Integrated Risk Reduction of Information-based Infrastructure Systems (IRRIIS) EU Integrative Project. Center Activities

  23. Industrial Collaboration • TRUST Industrial Advisory Board, Berkeley, April 25th, 2006 • Partners include IBM, HP, Symmantec, Microsoft, Cisco, Intel,Telecom-Italia, Infineon, United Technologies, BT. • Summer Computer Security Course at Stanford for Industry professionals (profs: D. Boneh and J. Mitchell) July 17-20th,2006 • Stanford Security Forum for Industry affiliates http://forum.stanford.edu/events/workshop/security Center Activities

  24. Further Collaboration • Robert Wood Johnson Foundation awarded a planning grant to industry and academic institutions for new health design ideas. • Vanderbilt-TRUST/ISIS is collaborating with the Vanderbilt Medical School in one of these projects focusing on safe medication of children. • Oak Ridge National Laboratory: project design for secure sensor networks. • Dr. Akos Ledeczi and ISIS-Vanderbilt graduate student interns help in feasibility studies. • ESCHER companies (Boeing, Raytheon, General Motors) receive updates on TRUST progress in the area of embedded systems security. Center Activities

  25. Further Collaboration (TRUST Faculty - Examples) • Collaboration with RSA on porting PwdHash to their SecurID product • Collaboration with former PayPal employee on web server timing attacks • Collaboration with Microsoft on Extended Validation Certificate brower • Collaboration with Tata Consultancy Services (TCS) on data privacy • Collaboration with VMWare on use of virtualization for recovery from security attacks • Interaction with Coverity Inc; used their donated tools for code analysisstudy of web server security Center Activities

  26. Further Collaboration (TRUST Faculty - Examples) • Working with Cisco to help develop more stable, scalable platform options for their large Internet routes (the product division, not the research division). • Working with several companies to demonstrate better technologies for building large datacenters, mirror file systems over high-speed but high-latency links, build highly responsive services.  • Raytheon, Infosys, Apache consortium (both branches – Red Hat and also WSO2), Intel, MSN (MSFT) • Consulted for “the largest Wall Street brokerage” on redesign of an in-house stock market platform that carries out trades for almost 1/3 of the domestic market (their own traffic but also that of their clients, who can trade through their system).  Center Activities

  27. Technology Transition Plans • PwdHash: RSA Security (www.pwdhash.com) • Initial integration completed this quarter • Hope to convince IE team to embed natively in IE • SpyBlock deployment: • Available at http://getspyblock.com/ • Relevant companies: Mocha5, VMWare • Dialog with companies concerned with transaction gen • SafeHistory: Microsoft, Mozilla. • Available at www.safehistory.com • Vanderbilt Home Care Services • Deployment of patient monitoring technologies Center Activities

  28. Center Activities

  29. Events Associated with Outreach(more in Prof. Bajcsy’s talk) • Information Assurance Capacity Building Program at CMU July 5-21, 2006 • TRUST Summer Institute for Women “Women’s Institute for Summer Enrichment (WISE)”, July 5 – 11, 2006 • TRUST-SUPERB and SIPHER run from June 21st to August 5th for undergraduate research • CURIS projects at Stanford: summer work with undergraduates on research related to TRUST • Cornell-Smith Research Exchange in Secure Sensor Nets, Fall 2006, Spring 2007 Center Activities

More Related