The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Vipin Swarup - MITRE

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Research Challenges in Assured Information Sharing

Jan 17, 2007

Download: Video Icon MP4 Video Size: 220.8MB  
Watch on Youtube Watch on YouTube

Abstract

Assured information sharing has been a "grand challenge" problem of
information security for several decades. Currently, there is broad
consensus that the state-of-practice of information sharing is
inadequate. One primary problem is that people on the field (e.g.,
soldiers, firefighters) have mission-critical need for sensitive
information but are often among the least trusted principals in their
organizations and hence do not receive the information. Another
problem is that data producers claim ownership of the data they
produce and place sharing constraints on that data despite the
competing interests of multiple parties over that data. In this talk,
we highlight these and other problems and discuss a wide range of
technical solutions that are needed. We elaborate on the need to
balance the risks of sharing data with the risks of not sharing data
and present several proposed approaches for doing so. We also
describe how obligation policies play an important role in addressing
some information sharing issues.

About the Speaker



Vipin Swarup is a Principal Scientist in the Information Security
Division at The MITRE Corporation. He received a B.Tech. degree in
Computer Science and Engineering from IIT Bombay, and M.S. and
Ph.D. degrees in Computer Science from the University of Illinois at
Urbana-Champaign. His doctoral work was in the area of type theory
and dealt with adding assignments to applicative programming
languages. In 1991, he developed techniques to formally verify
virtual machines, and he applied those techniques to an interpreter
for the Pre-Scheme programming language. In 1993, he created a
high-assurance domain-specific programming language system called Felt
for security guard filters -- Felt has been used to express and
enforce cross-domain message filtering policies in commercial security
guard products. In 1996, he co-authored a widely cited paper on
mobile agent security. In 2003, he was a co-founder of the ACM
Workshop on Security of Ad Hoc and Sensor Networks.

Dr. Swarup has been the principal investigator of numerous research
projects in information security, including projects on mobile agent
security, security guards, intrusion detection, trust management,
location-based security, and web services security. He has also
participated in several other research projects including program
verification, fingerprinting relational data, topological
vulnerability analysis, network security risk management, security
patch management, data sharing agreements, sharing models for
neuroimagery, insider threat detection, etc. He currently leads a
MITRE IR&D project that is investigating techniques to enhance
cross-boundary information sharing.


Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!