WELCOME

Cyber Security & Information Infrastructure Research (CS&IIR) & Information Operations Center (IOCCyber Security & Information Infrastructure Research (CS&IIR) & Information Operations Center (IOC)

WELCOME

1st Annual Visiting Professor Collaborative Research Program

(VPCRP) WorkshopMarch 14 – 15, 2005

Oak Ridge National Laboratory

Joseph P. TrienGroup Leader

Cyber Security & Information Infrastructure Research (CS&IIR)&

Interim DirectorInformation Operations Center (IOC)


ORNL Knowledge Management Focus


ORNL has many Knowledge Management Strategic Research

Thrusts

Modeling and Simulation – Parallel Discrete Event

Simulations– Inverse simulations– Dynamic prediction simulations– Distributed control

Information Systems– Data systems architecture– Distributed data management– Dynamic data management– Sensor data management

Information Discovery– Dynamic text analysis– Knowledge extraction sciences– Dynamic Information Retrieval– Information/Knowledge Fusion

Geospatial Sciences– Population dynamics– Community modeling– Commodity tracking

Information Operations– Steganography– Quantum Cryptography– Insider Threat Detection & Mitigation– Distributed Authentication and Trust– Automated Code Verification &

Validation– Information Assurance– 3-D Situation Awareness

Decision Sciences– Man/Machine Interfaces– Behavioral Sciences– Cognitive Inference


Strategic Thrust: Cyber Security

Cyber Security– Cyber Attack Detection and Machine Speed Response

• Zero-Day Attack Detection• Multi-Level and Distributed Ad-Hoc Trust

– Large-scale Cyber Situation Awareness, Warnings, & Response• Leverage existing commercial distributed framework technologies• Integrate LDRD initiatives

– Insider Threat Detection• Protection of data (secure, trusted, protected information sharing)• Prevent ex-filtration and corruption of stored data• Stand-off brain scan authentication and identification

– Large-Scale Cyber Security & Network Test Bed• Expand existing network lab into recognize single location to

perform world-class large-scale test, evaluation, and implementation protocols

• Vulnerability Assessments• Automated Software Code Verification & Validation tool and

certification center


Strategic Thrust: Infrastructure

Infrastructure– Large Scale Network Modeling and

Simulation• CADENCE/OPNET supercomputer initiative

– Commercial Vehicle Integrated Safety and Security Enforcement System• Integrated information collection, transmission,

processing, dissemination architecture & protocol

– Sensor Net Network Systems and Network Security Architecture Research


Common Goal

– Develop our near term research goals aimed at finding/building a tangible doable foundation that can help expand our collective capabilities and broaden our opportunities for future collaborative (i.e., summer research visitations and beyond) R&D success in Cyber Security and Information Infrastructure.

Visiting Professor Collaborative Visiting Professor Collaborative Research Program (VPCRP): Research Program (VPCRP): 11stst Annual Annual

WorkshopWorkshop


Develop outside-of-the-box concepts for near-term capabilities in identifying, defending against, and countering an insider who attempts to abuse his or her computer privileges.

The potential for damage from insider threats are potentially catastrophic. – Defined as the potential damage to the interests of an

organization, a company, or a corporation, done by a person regarded as loyally working for or on behalf of the organization, company, or corporation.

– The insider threat focus is limited to threats posed to devices connected to a network. This can be simply inadvertent violation of security policy or overt attempt at defeating the security systems from within the network.

Focus: Focus: Insider ThreatsInsider Threats


There is not a means for automated testing of large software, both static and mobile code, to detect, identify malicious code, sleeper codes, and exploitable vulnerabilities and to determine and understand the potential impact on the life-cycle of the codes.

Current testing approaches are largely manual rather than automated

Focus: Focus: Life Cycle Life Cycle ThreatsThreats


A mobile ad hoc network (MANET) is a network formed in a spontaneous manner without any central administration or with few connections to other fixed networks (i.e., an autonomous system of mobile nodes).

The absence of the pre-existing knowledge between the nodes and no trusted central server make traditional trust establishment mechanisms and assumptions inappropriate. The communication among nodes is prone to security attacks and nodes can be easily compromised.

Attacks such as wormhole and DoS can compromise routes through spoofing ARP or IP packets (passively/actively). Threshold cryptography is an example of one solution but suffers in cases of bandwidth constraints and energy conservation so an efficient implementation of the scheme is critical.

A multi-level trust model is needed, in which a device's capabilities in the network are determined by the level of trust assigned to them and the trust level is determined by the certificates issued by their peers.

Focus: Focus: Distributed Ad Hoc Distributed Ad Hoc Trust/ Multi-Level TrustTrust/ Multi-Level Trust


Workshop GoalsWorkshop Goals

Establish and Foster Environment for Collaborative Research and Development between CS&IIR and Academia.

Develop 3 – 4 research topics relevant to the Focus Areas for the summer program

Research topics to include– Concepts must support and/or complement the focus areas– Targeted problem/focus areas clearly articulated– Approach must be innovative - leading to breakthrough– Deliverables must be tangible– Milestones

Summer Research Program– One to three research proposals will be funded this summer– Research will be performed jointly at ORNL


Lets Begin

1st Annual Visiting Professor Collaborative Research Program

(VPCRP) WorkshopMarch 14 – 15, 2005

Oak Ridge National Laboratory

Frederick T. Sheldon, Ph.D.Software Engineering for Secure and Dependable Systems Lab

http://www.csm.ornl.gov/~sheldonhttp://www.ioc.ornl.gov


CSIIR Landscape ICSIIR Landscape I

Information infrastructure consists of technologies and capabilities for gathering, handling, and sharing information accessible to, or commonly depended upon by, multiple organizations, within a single enterprise, a critical infrastructure sector (e.g., banking/finance), the U.S. Government, the nation as a whole, or transnationally.

Information infrastructure includes well-engineered systems as well as poorly configured systems in businesses and homes.


CSIIR Landscape IICSIIR Landscape II

United States: Private, academic, and public sectors invest significantly in cyber security. – The commercial sector primarily performs cyber security research

as an investment in future products and services. – Public sector also funds R&D in cyber security, the majority of this

activity focuses on the specific missions of the government agency funding the work.

– Thus, broad areas of cyber security remain neglected or underdeveloped.

Therefore, our agenda identifies the high-priority gaps, . . .– R&D problems of significant value to the security of the

information infrastructure that are either not funded or under-funded within the collection of private sector and government-sponsored research in the U.S., but are expected to become significant foci in the future.


National AgendaNational Agenda

Enterprise Security ManagementTrust Among Distributed Autonomous

PartiesDiscovery and Analysis of Security

Properties and VulnerabilitiesSecure System and Network Response

and RecoveryTraceback, Identification, and ForensicsWireless Security / MANETMetrics and Models


Workshop Format

InformalOpen In the time available, we hope to…

– Develop a coherent strategy for• Short term initiative(s) designed to yield

successful fruit, as well as the seeds• Long term path forward

– Discover our individual/cooperative capabilities

– Gain a historical perspective / facilities & programs

– Vision for research common ground


A Word About EH&S and Security I

Maintain a safe workplace environment complying with all procedures and ES&H. In day-to-day activities be aware of potential safety issues and provide an example of safety compliance. The assembly point, in case of alarm, is due west of this, the JICS building.

Laboratory area encompassing 330 acres, with outlying facilities and waste management storage areas utilizing another 1,125 acres. The main Laboratory area is designated as a Property Protection Area (PPA) as are outlying facilities and waste management storage areas.

Located within the main Laboratory PPA are a number of islands of security (including fourteen {14} separate and distinct Limited Areas and one Protected Area) which are formally designated and signed as security areas, for which physical protection is provided, and for which definitive access controls are applied. Because we use various hazardous materials, it is important that you are alert to all special instructions, signs, tags, and barriers. The ORNL campus, owing to its role in the Manhattan Project and other pioneering activities of the atomic age, is posted as a "Controlled Area" and includes several radiological areas. These radiological areas pose little, if any, risk to the staff and visiting public when properly observed.


A Word About EH&S and Security II

Visitor Computer Access Limits: Limited computer access is allowed for visitors. Use of ORNL computers for computer access is limited to browsing external web sites , public (non-internal) ORNL web sites and to read email at remote locations. You may access the visitor’s wireless network using your ORNL issued badge number using your own computer.

as a minimum on the day of arrival, in addition to the initial site access orientation the host should ensure the visitor(s) receives a briefing which includes the specific areas where the visitor(s) may access, those areas they should not access, the specific area in which they may park their private vehicles, the route of travel to be taken in accessing authorized facilities, emergency signals for the site, emergency egress procedures, etc.

Security Police Officers/Security Officers assigned to the Protective Force at ORNL portals may check vehicles transporting the visitor for the presence of prohibited articles. Visitor(s) will be provided a Site Access Orientation Brochure and further be briefed regarding rules of conduct and prohibited items such as weapons, explosives, drugs, drug paraphernalia, etc. Permitted hours of access of foreign national visitors and guest assignees to ORNL, the regular work day hours are designated as 6:00 a.m. to 8:00 p.m., Monday through Friday.


QuickTime™ and aTIFF (LZW) decompressor

are needed to see this picture.


Monday Morning

8:00 a.m. Coffee and pastries 8:10 a.m. Welcome April McMillin, Introduction and overview – Joe Trien 8:30 a.m. Fast Abstracts Round Robin 3-5 minutes per person as follows:

Mili, Kafura, Yoo, Che, McGregor, Schumann, Park, Arazi, Prowell, Langston, Shankar/Sheldon

9:15 a.m. Presentation by Nagi Rao (ORNL/CSMD), Infrastructure and Protocols for Dedicated Bandwidth Channels

9:45 a.m. Prof. Ali Mili (N.J. Institute of Tech./CS), An Integrated Approach to Security Management

10:30 a.m. Break 10:45 a.m. Prof. Dennis Kafura (Virginia Tech./CS), Policy Delegation and

Dynamic Policy for Authorization in Pervasive Cyber Infrastructures 11:30 a.m. Prof. Seong-Moo Yoo (Univ. of AL Huntsville/CSE), Case Based

Reasoning Approach to Intrusion Detection 12:15 a.m. Lunch at cafeteria (across the const site due East)


Monday Afternoon

1:15 a.m. Prof. Che Hao (Univ. of TX at Arlington/CSE), Detection and Containment: Algorithms and High Speed Dynamic Filtering

2:00 p.m. Prof. John McGregor (Clemson Univ./CS), Techniques for Validating the Security Quality Attributes of Infrastructure Software

2:45 p.m. 30 min Open Discussion (Concepts, Approach, Deliverables, Targeted Problem Areas)

3:15 p.m. SNS Tour (Van available)4:15 p.m. Return to JICS building4:30 p.m. Professor Arazi (Univ. of Kentucky/CS), Wireless

Sensor Networks Security5:15 p.m. Return to Hotel


Monday Evening

6:00 p.m. Van picks everyone up from the Hampton lobby at Cedar Bluff

6:30 p.m. Reservation at Calhoun’s on the River, Lenoir City

Dinner and Open Issues Discussion8:00 p.m. Dr. Sheldon (CSED/ CSIIR), Wrap-up of Day 1

and Agenda for Day 2


Tuesday Morning

8:00 a.m. Coffee and pastries 8:15 a.m. Dr. R. Abercrombie and R. Walker (CSED/ CSIIR), DoD/DHS

Infrastructure Applications 8:45 a.m. Dr. Johann Schumann (NASA/Ames), Design Tools for Reliable

Secure Communication Software 9:30 a.m. Prof. Jung-Min Park (Virginia Tech./ECE), Defending Against

Denial-of-Service Attacks in Wired and Wireless Networks 10:15 a.m. Break 10:30 a.m. Arjun Shankar (ORNL/CSED), Fusing Intrusion Data for Pro-

Active Containment 11:00 a.m. Prof. Stacy Prowell (Univ. of TN/CS and SEI), Automated

Program Behavior Analysis 11:30 p.m. Prof. Mike Langston (Univ. of TN/CS), Trusted Computing

Amidst Untrustworthy Intermediaries 12:00 p.m. Open Discussion Agenda by Joe Trien


Tuesday Afternoon

12:15 p.m. 3 Hour Working Lunch (catered) – Open Discussion

– Develop research topics for the summer program

– Research topic areas to include:

• Concepts, approach, and deliverables

• Targeted problem areas and time table

– Identify research strategies for sustained funding3:15 p.m. Closing remarks3:30 p.m. National Transportation Research Center (NTRC)

Tour (Van available)4:00 p.m. Return to Visitor Center for Departure


Weeks and Months Ahead

Based on the group consensus, lets decide how to proceed with our research thrusts…

WELCOME

Documents

Transcript of WELCOME