2. MS
I
2
Outline
Security at Purdue, COAST/CERIAS
Resources, Sponsors
Ongoing Research Projects
Proposed QoS Research
3. MS
I
3
Information Security At Purdue
Information Security started in 1979
Many courses offered (grad, undergrad)
COAST (1992-97)
CERIAS (1998)
• University-wide
• Multidisciplinary
4. MS
I
4
Center Resources
32 Sun Workstations
2 Sun Enterprise Servers
9 MacOS Platforms
FORE ATM cloud
• 40 host adapters
• 2 BX200
• 4 FORErunners
3 486/586 PCs w/Win 95
4 Pentium Pro BSDI/Linux
12 Pentium II WinNT
5 HP Printers
2 Tektronix Color Printers
3 Cisco Routers
• 7507 Enterprise router
3 Sunscreen firewalls
2 PrivateNet firewalls
1 Firewall-1 firewall
2 Pentium laptops
Assorted other dedicated
hardware & software
10. MS
I
10
Security QoS
Security services
• E.g., audit, intrusion detection, …
Many levels of service
• Multiple ``alarm levels’’ in an ID system
• Multiple levels of audit
Costly in terms of network & storage
resources
• Low (high) security levels cause small (large)
footprints
• Impact on system usability/availability
– E.g., firewall blocks UDP packets
Security requirements differ across the
network
11. MS
I
11
Research Issues in Security QoS
How does user …
• … specify security QoS ?
• … negotiate security QoS ?
What granularity (host ? subnet ? )
• Varies with security service considered
Connections with DB QoS and network QoS
• Compete for same resources
• Benefit from same techniques
… and many more in the following examples
• Intrusion detection
• Audit trail service
• Profiling service
• Secure multimedia document service
13. MS
I
13
Intrusion Detection Service (2)
More research questions
• How to handle levels of security that vary across a
network
• The interface between security-level regions
– Where ``low’’ meets ``high’’
• What network QoS requirements should the
AAFID agents make ?
– Different types of agents
• What network QoS requirements should AAFID
monitors make ?
• What DB QoS requirements should the AAFID
entities make on the audit trail DB ?
14. MS
I
14
QoS Tradeoffs
Footprint on network vs. level of security
• Economic model
• Cost-benefit analyses
• Characterize ``best’’ operating points
Similar tradeoff for which security
services to provide
• Same research issues as above
Functionality vs. security
15. MS
I
15
Audit Service
Gives ability to know ``what happened’’
Various levels of audit
• From ``Store all events’’ to ``store nothing’’
• Quality of audit required affects resources, hence system
usability and availability
Requirements can vary
• From application to application
• From host to host
• From subnet to subnet
DB techniques for audit data
• Audit data is massive (compression issues)
• Special nature of data and how it is used (``ephemeral
records’’)
• Special queries (searching for attack patterns)
16. MS
I
16
User Profiling Service
Profile of user
• For active email (IBM Almaden), active DB
• For statistical ID (IDES, NIDES and related systems)
Levels of quality (of profile)
• Extensive and accurate implies a higher expense
Quality requirements are highly variable
• E.g., active DB can do with lower quality profile than MD
system
Profiling technology
• Similar to statistical approach to intrusion detection
– Notion of ``normal’’ user (or network, or DB) behavior
– Difficult! (Curse of dimensionality, dependence, …)
• User profile is itself stored in special DB
– How fast should profile evolve? (Drawbacks to both extremes)
17. MS
I
17
Other Security Services
Scanning
• Related to ID but intense & limited in time (ID is
continuous)
Multimedia document services
• Timestamping, tamper-resistance, watermarking,
…
Cryptographic protocol support
PKI
… etc
Each service has its own QoS requirements/tradeoffs
18. MS
I
18
Other Contributions
CERIAS Outreach
• Technology transfer to sponsors
• Workshops and Conferences
• Continuing Ed offerings
CERIAS K-12
• Full-time coordinator
• Working with State Education Dept.
CERIAS Archive Delivery
• Full-time Webmaster
• Major archive & dissemination