Title: Cyber Security Research at the University of Texas at Dallas
1Cyber Security Research at the University of
Texas at Dallas
- Dr. Bhavani Thuraisingham
- The University of Texas at Dallas
- bhavani.thuraisingham_at_utdallas.edu
- April 23, 2007
2About the Cyber Security Research Center
- NSA/DHS Center for Excellence in Information
Assurance Education (2004, 2007) - Over 20 Faculty in Jonsson School conducting
research in Cyber Security - Collaborating with researchers in the School of
Management on Risk analysis and Game theory
applications - Beginning collaboration with UT Southwestern
medical Center - Joint projects and proposals with leading
researchers - Part of UTDs CyberSecuirty and Emergency
Preparedness Institute - Executive Director Prof. Douglas Harris
3Cyber Security Research Areas at UTD
- Network Security
- Secure wireless and sensor networks
- Systems and Language Security
- Embedded systems security, Buffer overflow
defense - Data and Applications Security
- Information sharing, Geospatial data management,
Surveillance, Secure web services, Privacy,
Dependable information management, Intrusion
detection - Security Theory and Protocols
- Secure group communication
- Security Engineering
- Secure component-based software
- Cross Cutting Themes
- Vulnerability analysis, Access control
4Our Model RD, Technology Transfer
Standardization and Commercialization
- Basic Research (6-1 Type)
- Funding agencies such as NSF, AFOSR, etc. Publish
our research in top journals (ACM and IEEE
Transactions) - Applied Research
- Some federal funding (e.g., from government
programs) and Commercial Corporations (e.g.,
Raytheon) Our current collaboration with
AFRL-ARL - Technology Transfer / Development
- Work with corporations such as Raytheon to
showcase our research to sponsors (e.g., GEOINT)
and transfer research to operational programs
such as DCGS - Standardization
- Our collaborations with OGC and standardization
of our research (e.g., GRDF) - Commercialization
- Patents, Work with VCs, Corporations, SBIR, STTR
for commercialization of our tools (e.g., our
work on data mining tools)
5Technical and Professional Accomplishments
- Publications of research in top journals and
conferences, books - IEEE Transactions, ACM Transactions, 8 books
published and 2 books in preparation including
one on UTD research (Data Mining Applications,
Awad, Khan and Thuraisingham) - Member of Editorial Boards/Editor in Chief
- Journal of Computer Security, ACM Transactions
on Information and Systems Security, IEEE
Transactions on Dependable and Secure Computing,
IEEE Transactions on Knowledge and Data
Engineering, Computer Standards and Interfaces -
- - - Advisory Boards / Memberships/Other
- Purdue University CS Department, Invitations to
write articles in Encyclopedia Britannica on data
mining, Keynote addresses, Talks at DFW NAFTA and
Chamber of Commerce, Commercialization
discussions of data mining tools for security - Awards and Fellowships
- IEEE Fellow, AAAS Fellow, BCS Fellow, IEEE
Technical Achievement Award, IEEE Senior Members
6Data and Applications SecurityResearch at UTD
- Core Group
- Prof. Bhavai Thuraisingham (Professor Director,
Cyber Security Research Center) - Prof. Latifur Khan (Director, Data Mining
Laboratory) - Prof. Murat Kantarcioglu (Joined Fall 2005, PhD.
Purdue U.) - Prof. Kevin Hamlen (Peer to Peer systems
Security, Joined 2006 from Cornell U.) - Prof. I-Ling Yen (Director, Web Services Lab)
- Prof. Prabhakaran (Director, Motion Capture Lab)
- Students and Funding
- Over 20 PhD Students, 40 MS students (combined)
- Research grants Air Force Office of Scientific
Research (2), Raytheon Corporation (2), Nokia
Corporation, National Science Foundation (2),
AFRL-ARL Collaboration, TX State
7Assured Information Sharing
Data/Policy for Coalition
Publish
Publish
Data/Policy
Data/Policy
Publish
Data/Policy
Component
Component
Data/Policy for
Data/Policy for
Agency A
Agency C
- Friendly partners
- Semi-honest partners
- Untrustworthy partners
Component
Research funded by two grants from AFOSR
Data/Policy for
Agency B
8Secure Semantic Web
- Machine Understandable Web Pages
- What are we doing CPT Policy enforcement
(Confidentiality, Privacy, Trust)
TRUST
CONFIDENTILAITY
P R I V A C Y
Logic, Proof and Trust
Rules/Query
RDF, Ontologies
XML, XML Schemas
URI, UNICODE
9Secure Geospatial Data Management
Semantic Metadata Extraction Decision Centric
Fusion Geospatial data interoperability through
web services Geospatial data mining Geospatial
semantic web
Data Source A
Tools for Analysts
Data Source B
SECURITY/ QUALITY
Data Source C
Research Supported by Raytheon on pne grant
working on robust prototypes on second grant
10Framework for Geospatial Data Security
11Suspicious Event Detection Surveillance
- Defined an event representation measure based on
low-level features - Defined normal and suspicious behavior and
classify events in unlabeled video sequences
appropriately - Tool to determine whether events are suspicious
or not - Privacy preserving surveillance
12Surveillance and Privacy
Raw video surveillance data
Face Detection and Face Derecognizing system
Suspicious people found
Faces of trusted people derecognized to preserve
privacy
Suspicious events found
Comprehensive security report listing suspicious
events and people detected
Suspicious Event Detection System
Manual Inspection of video data
Report of security personnel
13Social Networks
- Individuals engaged in suspicious or undesirable
behavior rarely act alone - We can infer than those associated with a person
positively identified as suspicious have a high
probability of being either - Accomplices (participants in suspicious activity)
- Witnesses (observers of suspicious activity)
- Making these assumptions, we create a context of
association between users of a communication
network
14Privacy Preserving Data Mining
- Prevent useful results from mining
- Introduce cover stories to give false results
- Only make a sample of data available so that an
adversary is unable to come up with useful rules
and predictive functions - Randomization and Perturbation
- Introduce random values into the data and/or
results - Challenge is to introduce random values without
significantly affecting the data mining results - Give range of values for results instead of exact
values - Secure Multi-party Computation
- Each party knows its own inputs encryption
techniques used to compute final results -
15Data Mining for Intrusion Detection / Worm
Detection
Training Data
Classification
Hierarchical Clustering (DGSOT)
Testing
SVM Class Training
DGSOT Dynamically growing self organizing
tree SVM Support Vector Machine
Testing Data
16Example Projects
- Assured Information Sharing
- Secure Semantic Web Technologies
- Social Networks and game playing
- Privacy Preserving Data Mining
- Geospatial Data Management
- Secure Geospatial semantic web
- Geospatial data mining
- Surveillance
- Suspicious Event Detention
- Privacy preserving Surveillance
- Automatic Face Detection, RFID technologies
- Cross Cutting Themes
- Data Mining for Security Applications (e.g.,
Intrusion detection, Mining Arabic Documents)
Dependable Information Management
17Other Research in Cyber SecuritySingle Packet IP
Traceback (Prof. Kamil Sarac)
- Goal trace an IP packet back to its source
- Usage of IP traceback
- Internet forensic analysis
- Denial-of-service attack defense
- Design issues for practical IP traceback
- Reducing overhead on routers
- Supporting incremental and partial deployment
- Traceback speed and efficiency
18Protecting Computer Security via
Hardware/Software Prof. Edwin Sha
- Hardware/Software Defender
- A complete protection from buffer overflow
attacks. - An efficient checking mechanism for a system
integrator. - Compiler is easy to handle.
- Hardware and timing overhead are little.
The most widely exploited vulnerabilities are
buffer overflow related, causing billion dollars
of damage. Almost all effective worms use this
vulnerability to attack. Eg. Internet Worm, Code
Red, MS Blaster, Sasser worm, etc.
Design new instructions and hardware to avoid
buffer overflow vulnerabilities. Stack Smashing
Attack Protection - Two methods proposed
Hardware Boundary Check New Secure Function
Call instructions Scall and Sret. Function
Pointer Attack Protection New secure instruction
for jumping function pointer SJMP
For the most common stack smashing attacks,
HSDefender provides a complete protection. For
the function pointer attack, it makes an hacker
extremely hard to change a function pointer
leading to his hostile code. With little time
overhead (0.098), it can be applied to critical
real-time systems.
19Buffer Overflow Attacks Prof. Gupta
- Buffer Overflow Attacks (B.O.A) A majority of
attacks for which advisories are issued are based
on B.O.A. - Other forms of attacks, such as distributed
denial of service attacks, sometimes rely on
B.O.A. - B.O.A. exploit the memory organization of the
traditional activation stack model to overwrite
the return address stored on the stack. - This memory organization can be slightly changed
so as to prevent buffer overflows overwriting
return addresses. - Our system automatically transforms code binaries
in accordance to this modified memory
organization, thereby preventing most common
forms of buffer overflow attacks. - Our tool (under development) can be used on
third-party software and off-the-shelf products,
and does not require access to source code.
20Information Assurance Education (Prof. Gupta)
- Current Courses
- Introduction to Computer and Network Security
Prof. Sha - Cryptography Profs. Sudborough, Murat
- Data and Applications Security Prof. Bhavani
Thuraisingham - Biometrics Prof. Bhavani
- Privacy Prof. Murat Kantarcioglu
- Secure Language, Prof. Kevin Hamlen
- Digital Forensics Prof. Bhavani Thuraisingham
- Trustworthy semantic web Prof. Bhavani
- NSA/DHS Center for Information Assurance
Education (2004, 2007) - Courses at AFCEA and AF Bases
- Knowledge Management, Data Mining for
Counter-terrorism, Data Security, preparing a
course on SOA and NCES with Prof. Alex Levis -
GMU and Prof. Hal Sorenson - UCSD)
21Security Analysis and Information Assurance
Laboratory
SAIAL Laboratory (Security Analysis and
Information Assurance Laboratory)
Attenuation levels of radiated signals as tested
to MIL-STD-285 Magnetic Mode
60 dB at 10KHz to 100KHz at 100dB
Electric Mode 100 dB
from 1 KHz to 1 GHz Plane Ware and
Microwave 100 dB from 1 GHz to 10 GHz
Mainframes 2 PCs 54 Work Stations
6 Laptops 5 Servers 7 Switches
4 Routers 10 PDAs 15 Access Points 8 Network
Analyzer 1 Protocol Analyzer 1 Development
Software Hardware
22Directions and Plans
- Take Advantage of SAIAL Lab
- Opportunity for Information Operations portion of
the AFOSR project - Increase focus areas
- Major focus the past 2 years has been on Data
Security - Expand the focus utilizing our strengths and
state/federal interests - Digital forensics is becoming an important area
- Interdisciplinary research and multiple domains
- Healthcare, Telecom, etc.
- Collaboration
- Integrate programs across the schools at UTD
- Increase collaboration with our partners
- Our major goal is to establish a Center Scale
Project