Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering...
-
date post
15-Jan-2016 -
Category
Documents
-
view
222 -
download
0
Transcript of Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering...
![Page 1: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/1.jpg)
Research in Security and Dependable Computing
Shambhu UpadhyayaComputer Science and Engineering
University at Buffalo
August 28, 2003
![Page 2: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/2.jpg)
CEISARE @2
Outline
Background
Students and List of Projects
Brief Description of Projects
Synergistic Activities
![Page 3: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/3.jpg)
CEISARE @3
Welcome
![Page 4: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/4.jpg)
CEISARE @4
Roadmap
2001
??COE, IASP
AFRL, Telcordia
Certificate, Newcourses,
Security lab, More funds, Student training
2002
2003
![Page 5: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/5.jpg)
CEISARE @5
UB’s Center of Excellence
(Unofficial) Logo
![Page 6: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/6.jpg)
CEISARE @6
IA Constituents
Information Assurance
CEISAREInformation Systems Assurance Research
and Education
CEDAR
ILPB
CCR
SOM
LAW
MAT
CSE
Bioinformatics
Document Analysis &Recognition
Lasers, Photonics &Biophotonics
Computational Research
Computer Science &Eng
School of Management
Law School
Mathematics
![Page 7: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/7.jpg)
CEISARE @7
Students Recently graduated students
Kiran Mantha, MS, 2001 (Deloitte & Touche, NY)
Hugh Wu, Ph.D, 2002 (Faculty, Taiwan)
Neelesh Arora, MS, 2003 (Thomson Financial, NY)
Pradeep Nagaraj (2002), Sajit Balraj (2002), Gaurav Bhargava, 2003, MS (Qualcom, CA)
Current students Ramkumar Chinchani, MS, 2002 (PhD student)
Suranjan Pramanik (PhD student)
Ashish Garg (PhD student)
Mohit Virendra (PhD student)
Anusha Iyer (PhD student)
Dan Zhao (PhD student)
M. Nair (PhD student)
S. Vidyaraman (PhD student)
Aarthie Muthukrishnan (MS student)
Madhu Chandrasekharan (MS student)
![Page 8: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/8.jpg)
CEISARE @8
Collaborators Research
Martin Margala, University of Rochester
P.R. Mukund, RIT
Kevin Kwiat, AFRL
Bharat Jayaraman, CSE, UB
Jim Llinas, IE, UB
H.R. Rao, SOM, UB
Education Jeannette Neal, ECC
Donna Kaputa, ECC
Marina Cappellino, GCC
![Page 9: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/9.jpg)
CEISARE @9
Research and Educational Grants Research Grants
AFRL (2000 – 2004)
NYSTAR (2002 – 2004)
DARPA seedling (2003 – 2004)
NSA/ARDA (2003 – 2005)
AFRL (2003 – 2005), pending final approval
SRC (2003 – 2006)
Educational Grants DoD/NSA
Students Supported 7 students as RA and 4 as IA Scholars
2-4 new positions available
![Page 10: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/10.jpg)
CEISARE @10
Research Projects
Computer Security Intrusion detection by encapsulating user’s intent – Concept
development, simulation, investigation of scalability (thrust:
anomaly detection)
Reasoning about intrusions (thrust: risk analysis)
Building secure enclaves (thrust: graph theory)
Simulation support for IA experiments (thrust: event-based)
Secure voting protocols (thrust: replication and two-phase commit)
Securing documents from Insider Threat – A multi-phase approach
(thrust: attack graph, vulnerability analysis)
Event correlation for cyber attack recognition systems (thrust: data
fusion)
![Page 11: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/11.jpg)
CEISARE @11
Research Projects (Contd.) Distributed Systems
Fault tolerance and security in enterprise servers (thrust:
checkpointing and recovery)
VLSI Design and Test
Test scheduling in Systems-on-chips (thrust: algorithms)
Adaptive BIST for complex Systems-on-chip (thrust: built-in
current sensors)
Test control architecture for future SOCs using on-chip
wireless communication (thrust: on-chip RF nodes)
![Page 12: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/12.jpg)
CEISARE @12
Where Does Our Security Research Fit In?
![Page 13: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/13.jpg)
CEISARE @13
Underlying Principles
Use the principle of least privilege to achieve better
security
Use mandatory access control wherever appropriate
Data used for intrusion detection should be kept
simple and small
Intrusion detection capabilities are enhanced if
environment specific factors are taken into account
![Page 14: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/14.jpg)
CEISARE @14
User Intent Encapsulation
![Page 15: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/15.jpg)
CEISARE @15
Building Secure Enclaves Tamper-resistant security monitoring Available choices
Replication (Chameleon at UIUC) Layered Hierarchy (AAFID at Purdue) Both can be easily compromised
Proposed solution Circulant graph Overhead is manageable There is no mutual trust
among the watchers (Ref: IEEE IWIA 2003)
![Page 16: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/16.jpg)
CEISARE @16
Securing Documents: A Three-Phase Approach
Pre-Pre-document document
Access PhaseAccess Phase
Mid-Mid-document document
Access PhaseAccess Phase
Post-Post-document document
Access PhaseAccess PhaseForensicsForensicsPolicy refinementPolicy refinement
Anomaly based monitoring to check Anomaly based monitoring to check user actionsuser actionsZero-trust self monitoring and loggingZero-trust self monitoring and logging
Insider modelingInsider modelingPolicy definition and refinementPolicy definition and refinement
![Page 17: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/17.jpg)
CEISARE @17
Policy Enforcement Most systems only log user logins Not easy to determine which user violated
normal document policies Violators can act without fear of non-
repudiable trace-back How do you handle the problem?
Tie each entity with a digital certificate Policy enforcement module Kerberized certificates for authentication
and data integrity Scalability?
![Page 18: Research in Security and Dependable Computing Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Shambhu@cse.buffalo.edu August 28,](https://reader036.fdocuments.us/reader036/viewer/2022062518/56649d575503460f94a35894/html5/thumbnails/18.jpg)
CEISARE @18
Synergistic Activities
Information Assurance Scholarship program
Organized 1st New York State Cyber Security
Symposium at Utica, NY, Feb. 2003 jointly with
Griffiss Institute, Utica, NY
Planning on a IA Workshop in Buffalo in the area
of Secure Knowledge Management