Research in Security and Dependable Computing

1
Research in Security and Dependable Computing

• Shambhu Upadhyaya
• Computer Science and Engineering
• University at Buffalo
• Shambhu_at_cse.buffalo.edu
• August 28, 2003

2
Outline

• Background
• Students and List of Projects
• Brief Description of Projects
• Synergistic Activities

3
Welcome

4
Roadmap

2001
5
UBs Center of Excellence

• (Unofficial) Logo

6
IA Constituents

Law School
Computer Science Eng
CSE
LAW
School of Management
Information Assurance
SOM
Document Analysis Recognition
CEISARE Information Systems Assurance Research
and Education
CEDAR
MAT
Mathematics
ILPB
Lasers, Photonics Biophotonics
CCR
Bioinformatics
Computational Research
7
Students

• Recently graduated students
• Kiran Mantha, MS, 2001 (Deloitte Touche, NY)
• Hugh Wu, Ph.D, 2002 (Faculty, Taiwan)
• Neelesh Arora, MS, 2003 (Thomson Financial, NY)
• Pradeep Nagaraj (2002), Sajit Balraj (2002),
  Gaurav Bhargava, 2003, MS (Qualcom, CA)
• Current students
• Ramkumar Chinchani, MS, 2002 (PhD student)
• Suranjan Pramanik (PhD student)
• Ashish Garg (PhD student)
• Mohit Virendra (PhD student)
• Anusha Iyer (PhD student)
• Dan Zhao (PhD student)
• M. Nair (PhD student)
• S. Vidyaraman (PhD student)
• Aarthie Muthukrishnan (MS student)
• Madhu Chandrasekharan (MS student)

8
Collaborators

• Research
• Martin Margala, University of Rochester
• P.R. Mukund, RIT
• Kevin Kwiat, AFRL
• Bharat Jayaraman, CSE, UB
• Jim Llinas, IE, UB
• H.R. Rao, SOM, UB
• Education
• Jeannette Neal, ECC
• Donna Kaputa, ECC
• Marina Cappellino, GCC

9
Research and Educational Grants

• Research Grants
• AFRL (2000 2004)
• NYSTAR (2002 2004)
• DARPA seedling (2003 2004)
• NSA/ARDA (2003 2005)
• AFRL (2003 2005), pending final approval
• SRC (2003 2006)
• Educational Grants
• DoD/NSA
• Students Supported
• 7 students as RA and 4 as IA Scholars
• 2-4 new positions available

10
Research Projects

• Computer Security
• Intrusion detection by encapsulating users
  intent Concept development, simulation,
  investigation of scalability (thrust anomaly
  detection)
• Reasoning about intrusions (thrust risk
  analysis)
• Building secure enclaves (thrust graph theory)
• Simulation support for IA experiments (thrust
  event-based)
• Secure voting protocols (thrust replication and
  two-phase commit)
• Securing documents from Insider Threat A
  multi-phase approach (thrust attack graph,
  vulnerability analysis)
• Event correlation for cyber attack recognition
  systems (thrust data fusion)

11
Research Projects (Contd.)

• Distributed Systems
• Fault tolerance and security in enterprise
  servers (thrust checkpointing and recovery)
• VLSI Design and Test
• Test scheduling in Systems-on-chips (thrust
  algorithms)
• Adaptive BIST for complex Systems-on-chip
  (thrust built-in current sensors)
• Test control architecture for future SOCs using
  on-chip wireless communication (thrust on-chip
  RF nodes)

12
Where Does Our Security Research Fit In?

13
Underlying Principles

• Use the principle of least privilege to achieve
  better security
• Use mandatory access control wherever appropriate
• Data used for intrusion detection should be kept
  simple and small
• Intrusion detection capabilities are enhanced if
  environment specific factors are taken into
  account

14
User Intent Encapsulation

15
Building Secure Enclaves

• Tamper-resistant security monitoring
• Available choices
• Replication (Chameleon at UIUC) ?
• Layered Hierarchy (AAFID at Purdue)
• Both can be easily compromised
• Proposed solution
• Circulant graph
• Overhead is manageable
• There is no mutual trust
• among the watchers
• (Ref IEEE IWIA 2003)

16
Securing Documents A Three-Phase Approach
Pre-document Access Phase

• Insider modeling
• Policy definition and refinement

Mid-document Access Phase

• Anomaly based monitoring to check user actions
• Zero-trust self monitoring and logging

Post-document Access Phase

• Forensics
• Policy refinement

17
Policy Enforcement

• Most systems only log user logins
• Not easy to determine which user violated normal
  document policies
• Violators can act without fear of non-repudiable
  trace-back
• How do you handle the problem?
• Tie each entity with a digital certificate
• Policy enforcement module
• Kerberized certificates for authentication and
  data integrity
• Scalability?

18
Synergistic Activities

• Information Assurance Scholarship program
• Organized 1st New York State Cyber Security
  Symposium at Utica, NY, Feb. 2003 jointly with
  Griffiss Institute, Utica, NY
• Planning on a IA Workshop in Buffalo in the area
  of Secure Knowledge Management