Browse

Architectural Support for Fault Management

Principal Investigator(s): Ramana Kompella

Assessable Identity and Privacy Protection

Principal Investigator(s): Elisa Bertino; Chris Clifton

Society’s demand for electronic access to information,goods, and services is growing. People and businesses are putting more information online, including details about people’s finances, health, and daily habits. Easy access to information online makes it critical to verify the identity of those accessing the information in order to protect the privacy and integrity of that information, as well as the systems holding it. In addition, the privacy of the individual’s identity itself must be protected. Common and acceptable processes, standards,and technologies are needed for identity management and privacy protection. Digital identities that are poorly managed or protected may lead to overexposure of personal information and identity theft. A common and secure framework for identity management will not only mitigate these risks, it will make new services possible. Secure electronic access to medical records and infrastructure can speed recovery efforts after disasters like Hurricane Katrina. Businesses will be able to fully embrace the benefits of e-commerce when customers know their private online details will be strongly protected. Doctors will be able to offer their patients better healthcare by taking advantage of information technology while protecting their patients’ sensitive records.

PROJECT OVERVIEW

The Assessable Identity and Privacy Protection Research Project, supported by the Institute for Information Infrastructure Protection (I3P), brings together some leading research institutions to develop an analytical framework for identity and privacy protection focused on the finance and healthcare communities and to develop a set of identity and privacy protection capabilities that meet the needs of those communities.

Assessing Risk of Insider Threats to Information Systems

Principal Investigator(s): Fariborz Farahmand

Even as tools and technologies are being improved to protect critical national infrastructures against external attack, malicious insiders, intent on damaging an organization or turning a profit, remain a pervasive and challenging problem. In an insider attack, the attacker uses legitimate rights and privileges for inappropriate reasons. Such attacks are difficult to detect and defend against: insiders exist at all levels of an organization; broad internet connectivity enables anyone to be a potential “insider”; technologies enforcing useful access rights either do not exist or are difficult to use;and insiders often do only small, hard-to-detect amounts of damage at a time.

PROJECT OVERVIEW

The Human Behavior, Insider Threat, and Awareness research project, supported by the Institute for Information Infrastructure Protection (I3P),brings together cross-disciplinary researchers at leading national facilities to develop a scalable infrastructure for detecting, monitoring, and preventing insider attacks with due regard for the ethical, legal, and economic needs of users and organizations. Much of the science for understanding insider threats is still immature, with results difficult to measure. This research project will provide a foundation both for understanding insider threats and for developing methods to protect critical infrastructures against insider attacks:

  • Early prototypes of new approaches will be available for demonstration and use.
  • New insights into enterprise bestpractice will inform training programs that might reshape the ways that employees think about their actions.
  • Industry and government stakeholders will have a role in making project solutions useful in their real-world settings.

Assessing the Relationship between Hacking and Various Personality Traits

Principal Investigator(s): Marc Rogers

Surveys indicate that there is an increasing risk of computer intrusion, computer crime and attacks on personal and business information. Computer criminality is a serious problem that affects individuals, businesses, and our nation’s security. The current study has four specific aims. First, we explore whether deviant computer behavior is part of a larger syndrome of deviance. Much research has shown that non-computer-related delinquent/criminal activities, substance use, and early/risky sexual behavior are typically seen in the same individuals and can be considered part of a larger syndrome of deviance. Second, we examine whether the personality profiles of those committing deviant computer behaviors are similar to the profiles obtained from those who engage in more general deviance. Several meta-analyses have demonstrated that interpersonal antagonism (i.e., lack of empathy, oppositionality, grandiosity, and selfishness) and problems with impulse control are the most consistent personality correlates of a variety of antisocial and deviant behavior. Our third aim is to examine a potentially unique correlate of deviant computer behavior—Asperger’s syndrome. Within the past decade, questions are emerging regarding the possibility of there being a link between computer criminality and a disorder known as Asperger syndrome. Finally, our fourth objective is to further validate certain psychometric instruments for use with the “hacker” sub-culture. This project is currently in the preliminary stages of data collection.

Assessment and Enhancement of Awareness Training and Security

Principal Investigator(s): Shimon Nof

Assessment of Indiana Dept. of Corrections Image Capture Process

Principal Investigator(s): Stephen Elliott; Shimon Modi; Eric Kukula

It has become apparent that data sharing capabilities across state departments and law enforcement agencies is an issue, especially in terms of tracking, monitoring, and identifying persons of interest. There is a need to assess the image capture process, as well as sharing capabilities, and to incorporate commercially available facial recognition technology to reduce the errors in identifying persons of interest. The objective of this project is to evaluate legacy face images, assess and standardize the image capture process across Indiana Dept. of Corrections (DOC) agencies, integrate facial recognition to link face databases, and integrate mobile devices in law enforcement vehicles for face recognition. This research will lead to improvements in the efficiency and quality of the face image capture process in DOC facilities and BMV branches and facilitate image sharing capabilities across State agencies.

Assurable Configuration of Security Policies in Enterprise Networks

Principal Investigator(s): Sanjay Rao

The design and configuration of enterprise networks is one of the hardest challenges that operators face today. A key challenge in doing so is the need to reconfigure network devices to ensure high-level operator goals are correctly realized. The high-level objectives (such as performance and security goals) that operators have for their networks are embedded in hundreds of low-level device configurations. Reconfiguring network devices is challenging given the huge semantic gap between these high-levelobjectives, and low-level configurations. Errors in changing configurations have been known to result in outages, business service disruptions, violations of Service Level Agreements~(SLA) and cyber-attacks~\cite{mahajan:02,kerravala02,Alloy}. In our research, we are looking at principled approaches for the systematic design and configuration of enterprise networks. We believe our research will minimize errors, and enable operators to ensure their networks continue to meet desired high-level security objectives. An important problem that we are currently tackling is that of ensuring correctness of security policies when migrating enterprise data centers to cloud computing models.

Assured Software Composition for Real-time Systems

Principal Investigator(s): Jan Vitek

This projects investigates fundamental issues involved in the construction of scalable, reconfigurable, real-time embedded systems. The work focuses on application of object-oriented technologies and, in particular, the Real-time Specification for Java (RTSJ) to the domain of mission critical embedded software systems. The specific outcomes of this projects are: (A) Configurable Real-Time Java Framework: The technical foundation for the project is a new framework for real-time Java execution environments called Ovm. The Ovm framework allows domain experts to configure a real-time virtual machines to the operational requirements of a particular mission, e.g. tune footprint or predictability characteristics. (B) Automatic Configuration of Component Families: Automatic techniques for adapting part of an embedded system in response to changes in its environment, such as, hotswapping bug fixes are studied. Behavior adaption is based on a combination of plugging and reflective object techniques. (C) Integrated Testing and Verification: Software composition requires strong assurance about the behavior of individual components and the system as a whole. This project includes development of compliance tests for real-time embedded systems wrt functional and non-functional aspects. These results will be validated by synthetic benchmarks and representative applications built on the NASA Mission Data System (MDS) testbed running Real-time Java.

Automated Intrusion Response for Distributed Applications

Principal Investigator(s): Saurabh Bagchi; Eugene Spafford

Distributed systems comprising multiple services interacting among themselves to provide end-user functions are becoming an increasingly important platform. Many of the platforms, such as distributed e-commerce systems, have huge financial stakes involved in them. This has long led to interest in securing distributed systems through detection of intrusions and of late, through automated responses to intrusions. The rudimentary response mechanisms often bundled with anti-virus or intrusion detection system (IDS) products overwhelmingly consider only immediate local responses that are directly suggested by the detected symptom. For example, anti-virus software can restrict access to virus infected files. For distributed systems with exponentially growing number of interaction effects among multiple components, pre-configuring these static pairs of detector alarm and response is laborious and can be shown to have inferior runtime performance due to the dynamic workload on the system and the changing nature of attacks.

Our model for the target attack is an external multi-stage attack which first compromises the services that have external interfaces and subsequently compromises internal services. We have developed a system called ADEPTS to reason about the global optimality of a chosen set of responses in a distributed system of interacting services. The optimality criterion takes into account the impact of a deployed response on the services in the system and the impact of not deploying a response which could result in further spread of the attack. This framework is probabilistic since the future spread of the attack and the effectiveness of a response are unknowns and can only be estimated. The optimality of a response set is a global or system-wide property and thus optimizing the response choice on each compromised service individually as seen in prior work may not be sufficient. The reason behind this is that there exist dependencies between responses available at the different services. For example, blocking all traffic from a specific subnet at the ingress point will make it redundant to impose restrictions at an internal service on traffic from a host within the subnet. Also the effectiveness of a response depends on the time to deploy the response, which may be impacted by the presence or absence of other responses.

We prove that solving the optimal response determination problem is NP-hard. This is fundamentally because of the dependencies that exist between responses and between services in a distributed system. To solve the approximate problem, we use genetic algorithm (GA) based search through the universe of possible responses. As multiple attack instances of an attack type or its variants are seen, ADEPTS updates the effectiveness of the deployed responses and the quality of the chromosome pool used to initiate the GA-based search. Thus, ADEPTS adapts to provide better responses as history builds up in the system. ADEPTS can respond to attack variants through an approximate graph matching algorithm and population of chromosomes from the approximate match.

In more recent work, we have developed ADEPTS to respond to zero-day attacks, i.e., attacks whose signatures are not even approximately known to the system. ADEPTS conceptualizes the steps behind the zero-day attacks, i.e., identifies the concept behind each attack step rather than the mechanism of the step (which is likely unknown for a zero-day attack). Through this, it can find similarities between the zero-day attack and previously seen attacks and then apply the learning to identify optimal responses for the previously seen attacks in order to select optimal responses for the zero-day attack as well.

Automated Trust Negotiation in Open Systems

Principal Investigator(s): Ninghui Li; Kent Seamons (BYU)

Automated trust negotiation (ATN) is a new approach to access control and authentication for the open, flexible systems formed by sets of organizations that must dynamically form coalitions and work together to respond to unforeseen needs and opportunities. ATN enables open computing by assigning an access control policy to each resource that is to be made accessible to “outsiders”; an attempt to access the resource triggers a trust negotiation, consisting of the iterative, bilateral disclosure of digital credentials and related information.

This project will show that ATN is a practical solution to the access control and authentication problems of open computing systems, by resolving the most critical remaining theoretical and systems issues for the deployment of trust negotiation facilities. Specific areas that the project will address include access control policy languages for ATN, light-weight policy evaluation engines, improved ATN protocols and strategies compatible with the new languages, provable privacy and autonomy guarantees for negotiating parties, and a next-generation version of the TrustBuilder ATN prototype, demonstrating the deployment of ATN in a modular, reusable, and highly scalable implementation. These enhancements will be explored in the context of health care applications and additional scenarios supplied by the project partners.