8 July 2005 MM Sprinkle UC Berkeley

TRUST:Team for Research in Ubiquitous Secure Technologies

An Overview

Shankar Sastry (Berkeley), Ruzena Bajcsy (Berkeley), Sigurd Meldal (SJSU), John Mitchell (Stanford), Mike Reiter (CMU), Fred Schneider (Cornell), Janos Sztipanovits (Vanderbilt), Steve Wicker (Cornell)

2

8 July 2005MM Sprinkle UC Berkeley

Attacks are growing in sophistication

3

8 July 2005MM Sprinkle UC Berkeley

Attack Incidents[Reports to CERT/CC]

4

8 July 2005MM Sprinkle UC Berkeley

The Internet in 1980

5

8 July 2005MM Sprinkle UC Berkeley

The Internet Today http://cm.bell-labs.com/who/ches/map/gallery/index.html

6

8 July 2005MM Sprinkle UC Berkeley

Bad Code + Big Networks = Problems

Geographic spread of Sapphire worm 30 minutes after release

Source: http://www.caida.org

CodeRed worm (Summer 2001)– Infected 360,000 hosts in 10 hours (CRv2)

Sapphire/Slammer worm (Spring 2003) – 90% of Internet scanned in <10mins

7

8 July 2005MM Sprinkle UC Berkeley

Technology Generations of Information Assurance

1st Generation1st Generation(Prevent Intrusions)(Prevent Intrusions)

Intrusions will Occur

Some Attacks will Succeed

Cryptography

Trusted Computing Base

Access Control & Physical Security

Multiple Levels of Security

2nd Generation2nd Generation(Detect Intrusions, Limit Damage)(Detect Intrusions, Limit Damage) Firewalls Intrusion Detection

SystemsBoundary Controllers VPNs

PKI

3rd Generation(Operate Through Attacks) Big Board View of Attacks

Real-Time Situation Awareness& Response

Intrusion Tolerance

Graceful Degradation

Hardened Core

Functionality

Performance

Security

8

8 July 2005MM Sprinkle UC Berkeley

TRUSTed Systems and Software

TRUST is more than resistance to information attack: Today’s systems and networks are fragile, difficult-to-

compose and maintain:– Non-robust– Non-adaptive– Untrustworthy

Point failures bring down systems Difficult, costly-to-compose useful systems from multiple

components Poor or nonexistent means for building reliable systems from

necessarily unreliable components Poor understanding of vulnerabilities of networks,

performance under – and uncharacterized attacks No clear history, pedigree on data, code

9

8 July 2005MM Sprinkle UC Berkeley

TRUST worthy Systems

More than an Information Technology issue Complicated interdependencies and composition issues

– Spans security, systems, and social, legal and economic sciences– Cyber security for computer networks– Critical infrastructure protection – Economic policy, privacy

TRUST: “holistic” interdisciplinary systems view of security, software technology, analysis of complex interacting systems, economic, legal, and public policy issues

Goals: – Composition and computer security for component technologies– Integrate and evaluate on testbeds– Address societal objectives for stakeholders in real systems

10

8 July 2005MM Sprinkle UC Berkeley

Research Agenda

Security Science (Schneider)– Software Security (Mitchell)– Trusted Platforms (Boneh)– Applied Cryptography Protocols (Wagner)– Network Security (Joseph)

Systems Science (Schmidt)– Interdependency Modeling and Analysis (Anantharam)– Secure Network Embedded Systems (Wicker)– Model Based Integration of Trusted Components (Sztipanovits)– Secure Information Management Tools (Birman)

Social, Economic and Legal Considerations (Samuelson)– Economics, Public Policy and Societal Challenges (Varian)– Digital Forensics and Privacy (Tygar)– Human computer Interfaces and Security (Reiter)

11

8 July 2005MM Sprinkle UC Berkeley

Broad Research Vision

Privacy

Computer andNetwork Security

Power GridTestbed

Network SecurityTestbed

Secure NetworkedEmbedded Systems

Testbed

Software Security

Trusted Platforms

Applied Crypto -graphic Protocols

NetworkSecurity

Secure NetworkEmbedded Sys

Forensic and Privacy

Complex Inter -Dependency mod.

Model -basedSecurity Integration.

Econ., Public Pol. Soc. Chall.

Secure Compo -nent platforms

HCI andSecurity

Secure Info Mgt.Software Tools

Component Technologies

Societal Challenges

Integrative Testbeds

TRUST will address social, economic and legal challenges

Specific systems thatrepresent these socialchallenges.

Component technologiesthat will provide solutions

Critical Infrastructure

12

8 July 2005MM Sprinkle UC Berkeley

Integration of Research Agenda

Four testbeds chosen to be responsive to national needs: Computer and network security, Critical infrastructure protection, Privacy (Sztipanovits coordinator)

– Integration testbed – Secure Network Embedded Systems– Planet Lab (Culler)– Cyber Defense Technology Experimental Research testbed

(DETER) (Benzel/Joseph/Sastry) Technical Management Plan through time sensitive

internal deliverables of software, systems among team members

Exchange of scientific personnel among team members

13

8 July 2005MM Sprinkle UC Berkeley

Education Program Vision

Security must be consciously engineered into new and legacy critical infrastructure systems

Every component level needs rethinking and education: need to build in TRUST: security science, systems science and social, legal, economic considerations into every course in undergrad and grad curricula (“liberal” technologically literate education)

Summer school, hallmark of TRUST for hottest new research

Repositorying content developed Evaluation of Effectiveness

14

8 July 2005MM Sprinkle UC Berkeley

Education Evaluation Metrics

Goal Objective Metrics Frequency

K-12 Education K-6 education School visits,Educational material,Teacher education

Bi-annual

6-12 education Science fairs,Trust lectures, University visits

Bi-annual

Undergrad Education

Security Modules Education Materials,Repository,Classroom testing

Annual

Security Course Education Materials,Repository,Classroom testing

Annual

Capstone Course Education Materials,Repository,Classroom testing,Cyber Clinic usage

Annual

Graduate Education

Security Course Education Materials,Repository,Classroom testing

Annual

Seminar Courses Respository Bi-annual

Goal Objective Metrics Frequency

K-12 Education K-6 education School visits,Educational material,Teacher education

Bi-annual

6-12 education Science fairs,Trust lectures, University visits

Bi-annual

Undergrad Education

Security Modules Education Materials,Repository,Classroom testing

Annual

Security Course Education Materials,Repository,Classroom testing

Annual

Capstone Course Education Materials,Repository,Classroom testing,Cyber Clinic usage

Annual

Graduate Education

Security Course Education Materials,Repository,Classroom testing

Annual

Seminar Courses Respository Bi-annual

GoalGoal ObjectiveObjective MetricsMetrics FrequencyFrequency

K-12 EducationK-12 Education K-6 educationK-6 education School visits,Educational material,Teacher education

School visits,Educational material,Teacher education

Bi-annualBi-annual

6-12 education6-12 education Science fairs,Trust lectures, University visits

Science fairs,Trust lectures, University visits

Bi-annualBi-annual

Undergrad EducationUndergrad Education

Security ModulesSecurity Modules Education Materials,Repository,Classroom testing

Education Materials,Repository,Classroom testing

AnnualAnnual

Security CourseSecurity Course Education Materials,Repository,Classroom testing

Education Materials,Repository,Classroom testing

AnnualAnnual

Capstone CourseCapstone Course Education Materials,Repository,Classroom testing,Cyber Clinic usage

Education Materials,Repository,Classroom testing,Cyber Clinic usage

AnnualAnnual

Graduate EducationGraduate Education

Security CourseSecurity Course Education Materials,Repository,Classroom testing

Education Materials,Repository,Classroom testing

AnnualAnnual

Seminar CoursesSeminar Courses RespositoryRespository Bi-annualBi-annual

15

8 July 2005MM Sprinkle UC Berkeley

Outreach Vision and Goals

It is an oft quoted adage that security is as strong as the weakest link. Our aim is to have no weak links left in the education of our society about the technical, compositional, privacy, economic and legal aspects of trusted information systems. We will begin locally but spread our outreach as far as we can along as many diverse axes as we can.Current outreach and diversity efforts are piecemeal. We have a comprehensive solution

K-6, 6-12 school outreach Summer research for HBCU/HSIfaculty Curriculum development for HBCU/HSIfaculty Undergrad Research Opportunities Grad Research Opportunities Summer Immersion Institute for women Community Outreach

16

8 July 2005MM Sprinkle UC Berkeley

Knowledge Transfer Vision: TRUST as a Public Private Partnership

TRUST as trusted intermediary between industry, government, non-profit and academia for answering hard questions:

– Who will pay for security– Should the Feds play the role of market maker– Roadmaps for guiding investment– The role of regulation/insurance

Open dissemination of research:– Publications and software– Short courses – Public lectures and forums– Curriculum development and courses

17

8 July 2005MM Sprinkle UC Berkeley

Key Infrastructures Chosen for Transition

Electric Power Infrastructures: SCADA networks and their evolution, wireless sensor network testbed at Oak Ridge, DoE’s DC net

Financial Infrastructures: key partnerships with Secret Service and Treasury, USPS and financial institutions

DoD’s Global Information Grid (GIG): key partnerships with Air Force (JBI), Command and Control (Constellation) networks

18

8 July 2005MM Sprinkle UC Berkeley

Leadership and Outreach to other groups

EU-IST and US partnerships in dependability and TRUST

OSTP/DHS/Treasury/DoE/DoD workshops Workshops for venture partners Special issues of ACM/IEEE/… ESCHER, a non-profit for repositorying TRUST software ACM-SIGBED Partnerships with Singapore (Nanyang) and Taiwan

(National Chiao Tong and National Taiwan University)