university of texas at dallas cyber security research at the university of texas at dallas dr....
TRANSCRIPT
University of Texas at Dallas
Cyber Security Research at the University of Texas at Dallas
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
April 23, 2007
University of Texas at Dallas
About the Cyber Security Research Center
NSA/DHS Center for Excellence in Information Assurance Education (2004, 2007)
Over 20 Faculty in Jonsson School conducting research in Cyber Security
Collaborating with researchers in the School of Management on Risk analysis and Game theory applications
Beginning collaboration with UT Southwestern medical Center
Joint projects and proposals with leading researchers
Part of UTD’s CyberSecuirty and Emergency Preparedness Institute
Executive Director: Prof. Douglas Harris
University of Texas at Dallas
Cyber Security Research Areas at UTD Network Security
Secure wireless and sensor networks Systems and Language Security
Embedded systems security, Buffer overflow defense Data and Applications Security
Information sharing, Geospatial data management, Surveillance, Secure web services, Privacy, Dependable information management, Intrusion detection
Security Theory and Protocols Secure group communication
Security Engineering Secure component-based software
Cross Cutting Themes Vulnerability analysis, Access control
University of Texas at Dallas
Our Model: R&D, Technology Transfer Standardization and Commercialization Basic Research (6-1 Type)
Funding agencies such as NSF, AFOSR, etc. Publish our research in top journals (ACM and IEEE Transactions)
Applied Research Some federal funding (e.g., from government programs) and Commercial Corporations (e.g., Raytheon); Our current collaboration with AFRL-ARL
Technology Transfer / DevelopmentWork with corporations such as Raytheon to showcase our research to sponsors (e.g., GEOINT) and transfer research to operational programs such as DCGS
StandardizationOur collaborations with OGC and standardization of our research (e.g., GRDF)
Commercialization Patents, Work with VCs, Corporations, SBIR, STTR for commercialization of our tools (e.g., our work on data mining tools)
University of Texas at Dallas
Technical and Professional Accomplishments
Publications of research in top journals and conferences, books IEEE Transactions, ACM Transactions, 8 books published and 2 books in preparation including one on UTD research (Data Mining Applications, Awad, Khan and Thuraisingham)
Member of Editorial Boards/Editor in Chief Journal of Computer Security, ACM Transactions on Information and Systems Security, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Knowledge and Data Engineering, Computer Standards and Interfaces - - -
Advisory Boards / Memberships/OtherPurdue University CS Department, Invitations to write articles in Encyclopedia Britannica on data mining, Keynote addresses, Talks at DFW NAFTA and Chamber of Commerce, Commercialization discussions of data mining tools for security
Awards and Fellowships IEEE Fellow, AAAS Fellow, BCS Fellow, IEEE Technical Achievement Award, IEEE Senior Members
University of Texas at Dallas
Data and Applications SecurityResearch at UTD
Core Group
- Prof. Bhavai Thuraisingham (Professor & Director, Cyber Security Research Center)
- Prof. Latifur Khan (Director, Data Mining Laboratory)
- Prof. Murat Kantarcioglu (Joined Fall 2005, PhD. Purdue U.)
- Prof. Kevin Hamlen (Peer to Peer systems Security, Joined 2006 from Cornell U.)
- Prof. I-Ling Yen (Director, Web Services Lab)
- Prof. Prabhakaran (Director, Motion Capture Lab) Students and Funding
- Over 20 PhD Students, 40 MS students (combined)
- Research grants: Air Force Office of Scientific Research (2), Raytheon Corporation (2), Nokia Corporation, National Science Foundation (2), AFRL-ARL Collaboration, TX State
University of Texas at Dallas
Assured Information Sharing
PublishData/Policy
ComponentData/Policy for Agency A
Data/Policy for Coalition
PublishData/Policy
ComponentData/Policy for Agency C
ComponentData/Policy for Agency B
PublishData/Policy
1. Friendly partners
2. Semi-honest partners
3. Untrustworthy partners
Research funded by two
grants from AFOSR
University of Texas at Dallas
Secure Semantic Web
XML, XML Schemas
Rules/Query
Logic, Proof and TrustTRUST
CONFIDENTILAITY
RDF, Ontologies
URI, UNICODE
PRIVACY
0Machine Understandable Web Pages
0What are we doing: CPT Policy enforcement (Confidentiality, Privacy, Trust)
University of Texas at Dallas
Secure Geospatial Data Management
Data Source A
Data Source B
Data Source CSECURITY/ QUALITY
Semantic Metadata ExtractionDecision Centric FusionGeospatial data interoperability through web servicesGeospatial data miningGeospatial semantic web
Tools for Analysts
Research Supported by Raytheon on pne grant; working on robust prototypes on second grant
University of Texas at Dallas
Framework for Geospatial Data Security
DATA PRESENTATION COMPONENTS
Access Control Module
Geospatial Data Registration
spatial and temporal registration of geospatial data
Data Integration Services&
Data Repository Access
DATA ACCESS LAYER
DAC/RBAC Policy Specification
Policy ReasoningEngine
Trust & Privacy Management
Authentic Data Publication
Auditing
Misuse Detection
SECURITY LAYER
OpenGeospatialConsortiumFramework
Core &ApplicationSchemas
GeospatialFeatures
GeographyMarkupLanguage
Metadata
GIS Web ServicesTraditional GIS
Wrapper
GeospatialDataRepositories
University of Texas at Dallas
Suspicious Event Detection: Surveillance
Defined an event representation measure based on low-level features Defined “normal” and “suspicious” behavior and classify events in
unlabeled video sequences appropriately Tool to determine whether events are suspicious or not Privacy preserving surveillance
University of Texas at Dallas
Surveillance and Privacy
Raw video surveillance data
Face Detection and Face Derecognizing system
Suspicious Event Detection System
Manual Inspection of video data
Comprehensive security report listing suspicious events and people detected
Suspicious people found
Suspicious events found
Report of security personnel
Faces of trusted people derecognized to preserve privacy
University of Texas at Dallas
Social Networks
Individuals engaged in suspicious or undesirable behavior rarely act alone
We can infer than those associated with a person positively identified as suspicious have a high probability of being either:
- Accomplices (participants in suspicious activity)
- Witnesses (observers of suspicious activity) Making these assumptions, we create a context of association
between users of a communication network
University of Texas at Dallas
Privacy Preserving Data Mining Prevent useful results from mining
- Introduce “cover stories” to give “false” results
- Only make a sample of data available so that an adversary is unable to come up with useful rules and predictive functions
Randomization and Perturbation
- Introduce random values into the data and/or results
- Challenge is to introduce random values without significantly affecting the data mining results
- Give range of values for results instead of exact values Secure Multi-party Computation
- Each party knows its own inputs; encryption techniques used to compute final results
University of Texas at Dallas
Data Mining for Intrusion Detection / Worm Detection
TrainingData Classification
Hierarchical Clustering (DGSOT)
Testing
Testing Data
SVM Class Training
DGSOT: Dynamically growing self organizing treeSVM: Support Vector Machine
University of Texas at Dallas
Example Projects Assured Information Sharing
- Secure Semantic Web Technologies
- Social Networks and game playing
- Privacy Preserving Data Mining
Geospatial Data Management
- Secure Geospatial semantic web
- Geospatial data mining
Surveillance
- Suspicious Event Detention
- Privacy preserving Surveillance
- Automatic Face Detection, RFID technologies
Cross Cutting Themes
- Data Mining for Security Applications (e.g., Intrusion detection, Mining Arabic Documents); Dependable Information Management
University of Texas at Dallas
Other Research in Cyber SecuritySingle Packet IP Traceback (Prof. Kamil Sarac)
Goal: trace an IP packet back to its source Usage of IP traceback
- Internet forensic analysis
- Denial-of-service attack defense Design issues for practical IP traceback
- Reducing overhead on routers
- Supporting incremental and partial deployment
- Traceback speed and efficiency
University of Texas at Dallas
Protecting Computer Security via Hardware/Software: Prof. Edwin Sha
The most widely exploited vulnerabilities are buffer overflow related, causing billion dollars of damage.Almost all effective worms use this vulnerability to attack.Eg. Internet Worm, Code Red, MS Blaster, Sasser worm, etc.
Hardware/Software Defender
1. A complete protection from buffer overflow
attacks.
2. An efficient checking mechanism for a system
integrator.
3. Compiler is easy to handle.
4. Hardware and timing overhead are little.Design new instructions and hardware to avoid
buffer overflow vulnerabilities.Stack Smashing Attack Protection - Two
methods proposed: Hardware Boundary Check New Secure Function Call instructions:
Scall and Sret.Function Pointer Attack ProtectionNew secure instruction for jumping function
pointer: SJMP
For the most common stack smashing attacks, HSDefender provides a complete protection.For the function pointer attack, it makes an hacker extremely hard to change a function pointer leading to his hostile code. With little time overhead (0.098%), it can be applied to critical real-time systems.
University of Texas at Dallas
Buffer Overflow Attacks (B.O.A): A majority of attacks for which advisories are issued are based on B.O.A.
Other forms of attacks, such as distributed denial of service attacks, sometimes rely on B.O.A.
B.O.A. exploit the memory organization of the traditional activation stack model to overwrite the return address stored on the stack.
This memory organization can be slightly changed so as to prevent buffer overflows overwriting return addresses.
Our system automatically transforms code binaries in accordance to this modified memory organization, thereby preventing most common forms of buffer overflow attacks.
Our tool (under development) can be used on third-party software and off-the-shelf products, and does not require access to source code.
Buffer Overflow Attacks: Prof. Gupta
University of Texas at Dallas
Information Assurance Education (Prof. Gupta)
Current CoursesIntroduction to Computer and Network Security: Prof. ShaCryptography: Profs. Sudborough, MuratData and Applications Security: Prof. Bhavani ThuraisinghamBiometrics: Prof. Bhavani Privacy: Prof. Murat KantarciogluSecure Language, Prof. Kevin HamlenDigital Forensics: Prof. Bhavani ThuraisinghamTrustworthy semantic web: Prof. Bhavani
NSA/DHS Center for Information Assurance Education (2004, 2007)
Courses at AFCEA and AF BasesKnowledge Management, Data Mining for Counter-terrorism, Data Security, preparing a course on SOA and NCES with Prof. Alex Levis - GMU and Prof. Hal Sorenson - UCSD)
University of Texas at Dallas
Wireless NetworkArea
(8’ x 19’)
Development Room(19.5’ x 29’)
Testing Area(22’ x 31.5’)
Cable tray
Cab
le t
ray
Cab
le t
ray
Cab
le t
ray
Cable tray
Security Analysis and Information Assurance Laboratory
Mainframes 2PC’s 54Work Stations 6Laptops 5Servers 7Switches 4Routers 10PDA’s 15Access Points 8Network Analyzer 1Protocol Analyzer 1Development Software & Hardware
Attenuation levels of radiated signals as tested to MIL-STD-285 Magnetic Mode 60 dB at 10KHz to 100KHz at 100dB Electric Mode 100 dB from 1 KHz to 1 GHz Plane Ware and Microwave 100 dB from 1 GHz to 10 GHz
SAIAL Laboratory (Security Analysis and Information Assurance Laboratory)
University of Texas at Dallas
Directions and Plans
Take Advantage of SAIAL Lab Opportunity for Information Operations portion of the AFOSR project
Increase focus areasMajor focus the past 2 years has been on Data Security;Expand the focus utilizing our strengths and state/federal interests
Digital forensics is becoming an important area
Interdisciplinary research and multiple domainsHealthcare, Telecom, etc.
CollaborationIntegrate programs across the schools at UTDIncrease collaboration with our partners
Our major goal is to establish a Center Scale Project