Research Opportunities at the Institute for Cyber SecurityPresentation Transcript
Research Opportunities at the Institute for Cyber Security (ICS) Ravi Sandhu Executive Director and Endowed Professor www.ics.utsa.edu www.profsandhu.com
About ICS ICS ICS Labs World-class sponsored research on all aspects of cyber security in collaboration with leading academic, industry and government partners ICS Incubator Develops innovative security products and companies by bringing in novel and commercially viable ideas and prototypes, incubating and developing these and spinning out companies ICS CIAS Conducts dark screen exercises and training at the city and county level to improve our nation’s capability to withstand coordinated cyber attacks We are a startup Founded June 2007 by multi-million start-up funding from State of Texas, conditional on recruiting Prof. Ravi Sandhu to lead ICS We are different World-class research with commercialization ICS Labs is off to a great start $1.7M (UTSA portion) in new funding won in 2008 in partnership with Purdue, UIUC, UMBC, UNCC, Michigan, UTD, Penn St., ASU, Georgia Tech
The Computer Science Research Triangle Theory e.g., P =? NP, Automata Implementation e.g., Virtualization, Peer-to-peer Models e.g., 7-layer OSI nw stack, OO Programming A good PhD dissertation should involve all 3 elements but contributions will typically emphasize one of these ICS Forte
RBAC96 Model (1992-) ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERS PERMISSIONS SESSIONS ROLE HIERARCHIES CONSTRAINTS The most successful authorization model so far ...
Usage Control UCON Model (2002-)
unified model integrating
continuity of decisions
mutability of attributes
New kid on the block Receiving good traction
PEI Models (2004-) No competing framework so far
Current Funded Projects
Managing the Assured Information Sharing Life Cycle (AISL) Sponsor: Air Force Office of Scientific Research, MURI, 2008-2013 Partners: UMBC, Michigan, UIUC, Purdue, UTD
9/11 caused us to move from a "need to know" mindset to a "need to share" posture. What does this really mean? What are the implications? How can we share safely? How do we “share but protect”?
Securing Dynamic Online Social Networks Sponsor: National Science Foundation, 2008-2012 Partners: Penn. State Univ., ASU, UNC-Charlotte
Content, often including private sensitive data, is flowing into social networks at a very high rate. How do we enable privacy and security without impacting the velocity of data transfer and convenience?
A Framework for Combating Stealthy Botnets Sponsor: Air Force Office of Scientific Research, MURI, 2008-2013 Partners: Georgia Tech.
Botnets are the most dangerous, widespread and insidious attack vehicles on the Internet. Future botnets are anticipated to use stealth techniques such as encryption and aggregation to avoid exposure, easily defeating current detection techniques. What do we do to contain this threat?
Secure Knowledge Management: Models and Mechanisms Sponsor: National Science Foundation, 2007-2009
How do we combine cryptographic techniques and access control techniques to effectively protect information and knowledge?
Current Un-Funded Projects
Write your own ticket
Group-Based Information Sharing Information Sharing Metaphors: Secure virtual room in cyberspace Subscription service Idealized policy: Formalized using temporal logic Pragmatic policy: Approximation to ideal, formalized using temporal logic Detailed protocols Working system