Browse
Assessable Identity and Privacy Protection
↓Society’s demand for electronic access to information,goods, and services is growing. People and businesses are putting more information online, including details about people’s finances, health, and daily habits. Easy access to information online makes it critical to verify the identity of those accessing the information in order to protect the privacy and integrity of that information, as well as the systems holding it. In addition, the privacy of the individual’s identity itself must be protected. Common and acceptable processes, standards,and technologies are needed for identity management and privacy protection. Digital identities that are poorly managed or protected may lead to overexposure of personal information and identity theft. A common and secure framework for identity management will not only mitigate these risks, it will make new services possible. Secure electronic access to medical records and infrastructure can speed recovery efforts after disasters like Hurricane Katrina. Businesses will be able to fully embrace the benefits of e-commerce when customers know their private online details will be strongly protected. Doctors will be able to offer their patients better healthcare by taking advantage of information technology while protecting their patients’ sensitive records.
PROJECT OVERVIEW
The Assessable Identity and Privacy Protection Research Project, supported by the Institute for Information Infrastructure Protection (I3P), brings together some leading research institutions to develop an analytical framework for identity and privacy protection focused on the finance and healthcare communities and to develop a set of identity and privacy protection capabilities that meet the needs of those communities.
Assessing Risk of Insider Threats to Information Systems
↓Even as tools and technologies are being improved to protect critical national infrastructures against external attack, malicious insiders, intent on damaging an organization or turning a profit, remain a pervasive and challenging problem. In an insider attack, the attacker uses legitimate rights and privileges for inappropriate reasons. Such attacks are difficult to detect and defend against: insiders exist at all levels of an organization; broad internet connectivity enables anyone to be a potential “insider”; technologies enforcing useful access rights either do not exist or are difficult to use;and insiders often do only small, hard-to-detect amounts of damage at a time.
PROJECT OVERVIEW
The Human Behavior, Insider Threat, and Awareness research project, supported by the Institute for Information Infrastructure Protection (I3P),brings together cross-disciplinary researchers at leading national facilities to develop a scalable infrastructure for detecting, monitoring, and preventing insider attacks with due regard for the ethical, legal, and economic needs of users and organizations. Much of the science for understanding insider threats is still immature, with results difficult to measure. This research project will provide a foundation both for understanding insider threats and for developing methods to protect critical infrastructures against insider attacks:
- Early prototypes of new approaches will be available for demonstration and use.
- New insights into enterprise bestpractice will inform training programs that might reshape the ways that employees think about their actions.
- Industry and government stakeholders will have a role in making project solutions useful in their real-world settings.
Assessment and Enhancement of Awareness Training and Security
Assured Software Composition for Real-time Systems
↓This projects investigates fundamental issues involved in the construction of scalable, reconfigurable, real-time embedded systems. The work focuses on application of object-oriented technologies and, in particular, the Real-time Specification for Java (RTSJ) to the domain of mission critical embedded software systems. The specific outcomes of this projects are: (A) Configurable Real-Time Java Framework: The technical foundation for the project is a new framework for real-time Java execution environments called Ovm. The Ovm framework allows domain experts to configure a real-time virtual machines to the operational requirements of a particular mission, e.g. tune footprint or predictability characteristics. (B) Automatic Configuration of Component Families: Automatic techniques for adapting part of an embedded system in response to changes in its environment, such as, hotswapping bug fixes are studied. Behavior adaption is based on a combination of plugging and reflective object techniques. (C) Integrated Testing and Verification: Software composition requires strong assurance about the behavior of individual components and the system as a whole. This project includes development of compliance tests for real-time embedded systems wrt functional and non-functional aspects. These results will be validated by synthetic benchmarks and representative applications built on the NASA Mission Data System (MDS) testbed running Real-time Java.
Automated Trust Negotiation in Open Systems
↓Automated trust negotiation (ATN) is a new approach to access control and authentication for the open, flexible systems formed by sets of organizations that must dynamically form coalitions and work together to respond to unforeseen needs and opportunities. ATN enables open computing by assigning an access control policy to each resource that is to be made accessible to “outsiders”; an attempt to access the resource triggers a trust negotiation, consisting of the iterative, bilateral disclosure of digital credentials and related information.
This project will show that ATN is a practical solution to the access control and authentication problems of open computing systems, by resolving the most critical remaining theoretical and systems issues for the deployment of trust negotiation facilities. Specific areas that the project will address include access control policy languages for ATN, light-weight policy evaluation engines, improved ATN protocols and strategies compatible with the new languages, provable privacy and autonomy guarantees for negotiating parties, and a next-generation version of the TrustBuilder ATN prototype, demonstrating the deployment of ATN in a modular, reusable, and highly scalable implementation. These enhancements will be explored in the context of health care applications and additional scenarios supplied by the project partners.
C4ISR Testbed Support for Muscatatuck Urban Warfare
Collaborative Attacks In Wireless Networks
Community Based Cyber Security Project
Compiler-Enabled Adaptive Security Monitoring on Networked Embedded Systems
↓Hardware technologies have made steady progress in miniaturization of sensors and computing/communication devices, which has driven a trend towards pervasive computing, which is a way to let computing devices directly interact with the physical world to monitor the natural environment, to provide building safety, and so on. In order to make pervasive computing a reality, it is critical to secure the underlying networked embedded systems, because these systems may collect important environment data upon which time-sensitive decisions are dependent.
Unfortunately, many of networked embedded systems, e.g. wireless and wired sensor networks, RFID infrastructure, wireless mesh networks, have components or links that are openly exposed to potential adversaries and hence are under constant security threats such as node capture, denial of service, and intrusion, among others. To make the matters worse, many networked embedded systems have much more constrained resources such as storage, bandwidth, computing power and energy than computers used in non-embedded applications, e.g. desktop machines and servers. Sophisticated computer security schemes developed over the last few decades are often infeasible on networked embedded systems, at least not in their original forms.
The research team of this project develops a multi-grade monitoring scheme, supported by a new programming interface, in which low-cost monitoring activities are deployed in normal mode of operation of the systems to detect suspicious symptoms which are possibly, although not necessarily, caused by security threats. This effort will lead to much more effective, yet affordable, security monitoring and defense on networked embedded systems.
Composing Large-Scale Synthetic Environments through Self-Assembly of Heterogeneous Simulations
↓Modeling complex real world problems in the national and homeland security domains require multi-disciplinary thinking and utilize multiple analytical approaches to represent massive numbers of entities, their behaviors, and the emergent interactions among them. As such, the traditional approach to building comprehensive, requirements-driven simulations does not work for such problems. This project uses a Society-based Approach to Integration using a ?shared but self-managed? paradigm, wherein, autonomous members collaborate in a society while sharing only a part of their knowledge. Component simulations self-assemble into realistic synthetic environments. The self-assembly of simulations is achieved through a domain-specific ontology, simulation specifications, and semantic matching between diverse members. New members join an existing society or an existing member modify its interaction needs without requiring the society to reconfigure. Using knowledge discovery, each member determines what aspects of entities in the society to interact with. In this way, a society is automatically configured into a synthetic environment. Broader impacts of this project include: creation and deployment of large scale synthetic environments by bridging new and existing models and simulations from diverse disciplines; leverage knowledge generated by the wider DDDAS community in creating complex synthetic environments at scales and diversity much greater than the state-of-the-art; facilitate rapid integration across diverse systems and paradigms, such as, discrete event simulations with agent based simulations, in a semantically consistent manner; and develop open source technology that will benefit the community at large with broader application to simulation based engineering, education, and decision analytics.
