CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Research Challenges in Assured Information Sharing

Vipin Swarup - MITRE

Jan 17, 2007

Size: 220.8MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube


Assured information sharing has been a "grand challenge" problem of
information security for several decades. Currently, there is broad
consensus that the state-of-practice of information sharing is
inadequate. One primary problem is that people on the field (e.g.,
soldiers, firefighters) have mission-critical need for sensitive
information but are often among the least trusted principals in their
organizations and hence do not receive the information. Another
problem is that data producers claim ownership of the data they
produce and place sharing constraints on that data despite the
competing interests of multiple parties over that data. In this talk,
we highlight these and other problems and discuss a wide range of
technical solutions that are needed. We elaborate on the need to
balance the risks of sharing data with the risks of not sharing data
and present several proposed approaches for doing so. We also
describe how obligation policies play an important role in addressing
some information sharing issues.

About the Speaker

Vipin Swarup is a Principal Scientist in the Information Security
Division at The MITRE Corporation. He received a B.Tech. degree in
Computer Science and Engineering from IIT Bombay, and M.S. and
Ph.D. degrees in Computer Science from the University of Illinois at
Urbana-Champaign. His doctoral work was in the area of type theory
and dealt with adding assignments to applicative programming
languages. In 1991, he developed techniques to formally verify
virtual machines, and he applied those techniques to an interpreter
for the Pre-Scheme programming language. In 1993, he created a
high-assurance domain-specific programming language system called Felt
for security guard filters -- Felt has been used to express and
enforce cross-domain message filtering policies in commercial security
guard products. In 1996, he co-authored a widely cited paper on
mobile agent security. In 2003, he was a co-founder of the ACM
Workshop on Security of Ad Hoc and Sensor Networks.

Dr. Swarup has been the principal investigator of numerous research
projects in information security, including projects on mobile agent
security, security guards, intrusion detection, trust management,
location-based security, and web services security. He has also
participated in several other research projects including program
verification, fingerprinting relational data, topological
vulnerability analysis, network security risk management, security
patch management, data sharing agreements, sharing models for
neuroimagery, insider threat detection, etc. He currently leads a
MITRE IR&D project that is investigating techniques to enhance
cross-boundary information sharing.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.