Prof Ravi Sandhu Executive Director and Endowed Chair 111111 ravisandhuutsaedu wwwprofsandhucom wwwicsutsaedu Ravi Sandhu WorldLeading Research with RealWorld Impact Institute for Cyber Security ID: 801427
Download The PPT/PDF document "1 The Data and Application Security and ..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
1
The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi SandhuExecutive Director and Endowed Chair11/11/11ravi.sandhu@utsa.eduwww.profsandhu.comwww.ics.utsa.edu
© Ravi Sandhu
World-Leading Research with Real-World Impact!
Institute for Cyber Security
Slide2The ATM (Automatic Teller Machine) network is
secure enough (but insecure) global in scope and rapidly growing But not securable by academically taught cyber security not studied as a success story missing technologies highly regarded by academia Similar “paradoxes” apply to on-line banking e-commerce etc© Ravi Sandhu
2
World-Leading Research with Real-World Impact!
The ATM “Paradox”
Slide3Cyber technologies and systems have evolvedCyber attacks and attackers have evolved Side note: all attackers are not evil Cyber security (defensive) goals have evolved Computer security Information security = Computer security + Communications security Information assurance Mission assurance© Ravi Sandhu
3
World-Leading Research with Real-World Impact!
Cyber Security Status
Slide4Cyber security research (and practice) are rapidly loosing ground evolving glacially in spite of increase in funding and many innovative research advances in spite of numerous calls for “game changing” researchGrand challenge: how to become relevant to the real world© Ravi Sandhu4World-Leading Research with Real-World Impact!
Cyber Security
Research Status
Slide5We need to do something differentRough analogies software engineering vis a vis programming data models (e.g., entity-relationship) vis a vis data structures (e,g., B trees) © Ravi Sandhu5
World-Leading Research with Real-World Impact!
Cyber Security
Research Status
Slide6Cyber Security Characteristics
Cyber Security is all about tradeoffs© Ravi Sandhu6World-Leading Research with Real-World Impact!ProductivitySecurityLet’s build itCash out the benefitsNext generation can secure itLet’s not build itLet’s bake in super-security tomake it unusable/unaffordableLet’s mandate unproven solutionsThere is a sweet spot
We don’t know how to predictably find it
Slide77
World-Leading Research with Real-World Impact!Cyber Security CharacteristicsTech-LightTech-HeavyTech-MediumHigh-tech + High-touch© Ravi Sandhu
Slide8Microsec versus MacrosecMost cyber security thinking is microsecMost big (e.g., national level) cyber security threats are macrosecRational microsec behavior can result in highly vulnerable macrosec
© Ravi Sandhu
8
World-Leading Research with Real-World Impact!
Cyber Security Characteristics
Slide9Cyber Security Characteristics
© Ravi Sandhu9World-Leading Research with Real-World Impact!realityperceptionLOWHIGHHIGH
Slide10How to justify investing in security in presence of persistent insecurity?
And, where to invest? mitigate known attacks in the wild? mitigate anticipated attacks? mitigate ultimate attacks? some combination?© Ravi Sandhu
10
World-Leading Research with Real-World Impact!
Cyber Security Characteristics
Slide11Develop a scientific disciplineto cover (at least) the previous characteristicsthat can be meaningfully taught in Universities at all levels: BS, MS, PhD Prognosiswe shall succeed (we have no choice)© Ravi Sandhu11
World-Leading Research with Real-World Impact!
Academic Challenge
Slide12Insecurity is inevitable
Death is inevitableSecurity investment is nevertheless justifiedMortals nevertheless seek medical careToo much security can be counter productiveSo can too much medical care© Ravi Sandhu
12
World-Leading Research with Real-World Impact!Driving Principles
Slide13How can we be “secure” while being “insecure”?versus How can we be “secure”?© Ravi Sandhu13World-Leading Research with Real-World Impact!
Central Question
Slide14Sometimes aiming high is very appropriate The President’s nuclear football Secret formula for Coca Cola Sometimes not ATM network On-line banking E-commerce (B2C)© Ravi Sandhu
14
World-Leading Research with Real-World Impact!
How Secure? How Insecure?
Slide15Monetary loss is easy to quantify and compensate
Security principles stop loss mechanisms audit trail (including physical video) retail loss tolerance with recourse wholesale loss avoidance Technical surprises no asymmetric cryptography no annonymity© Ravi Sandhu
15
World-Leading Research with Real-World Impact!
Why is the ATM System Secure?
Application Centric
Slide1616
World-Leading Research with Real-World Impact!Cyber Security Research© Ravi SandhuFOUNDATIONSBuilding blocks and theoryApplicationCentricTechnologyCentricAttackCentric
Slide1717
The DASPY System ChallengeSecurity and system goals(objectives/policy)Policy modelsEnforcement modelsImplementation modelsNecessarily informal
Specified using users, subjects, objects, admins, labels, roles, groups, etc. in an ideal setting.Security analysis (objectives, properties, etc.).
Approximated policy realized using system architecture with trusted servers, protocols, etc.
Enforcement level security analysis (e.g. stale information due to network latency, protocol proofs, etc.).
Technologies such as Cloud Computing, Trusted Computing, etc.
Implementation level security analysis (e.g. vulnerability analysis, penetration testing, etc.)
Software and Hardware
Concrete System
© Ravi Sandhu
World-Leading Research with Real-World Impact!
P
E
I
M
O
D
E
L
S
Slide18RBAC96 Model (P Layer)
© Ravi Sandhu18World-Leading Research with Real-World Impact!ROLESUSER-ROLEASSIGNMENTPERMISSIONS-ROLEASSIGNMENTUSERSPERMISSIONS
...
SESSIONS
ROLE HIERARCHIES
CONSTRAINTS
Slide19Server Pull Model (E Layer)
© Ravi Sandhu19World-Leading Research with Real-World Impact!ClientServerUser-roleAuthorizationServer
Slide20Client Pull Model (E Layer)
© Ravi Sandhu20World-Leading Research with Real-World Impact!ClientServerUser-roleAuthorizationServer
Slide2121
The DASPY System ChallengeSecurity and system goals(objectives/policy)Policy modelsEnforcement modelsImplementation modelsNecessarily informal
Specified using users, subjects, objects, admins, labels, roles, groups, etc. in an ideal setting.Security analysis (objectives, properties, etc.).
Approximated policy realized using system architecture with trusted servers, protocols, etc.
Enforcement level security analysis (e.g. stale information due to network latency, protocol proofs, etc.).
Technologies such as Cloud Computing, Trusted Computing, etc.
Implementation level security analysis (e.g. vulnerability analysis, penetration testing, etc.)
Software and Hardware
Concrete System
© Ravi Sandhu
World-Leading Research with Real-World Impact!
P
E
I
M
O
D
E
L
S
Slide2222
g-SIS Model (P layer)Operational aspectsGroup operation semanticsAdd, Join, Leave, Remove, etcMulticast group is one exampleObject modelRead-onlyRead-Write (no versioning vs versioning)User-subject modelRead-only Vs read-writePolicy specificationAdministrative aspectsAuthorization to create group, user join/leave, object add/remove, etc.
© Ravi Sandhu
World-Leading Research with Real-World Impact!
Users
Objects
Group
Authz (u,o,r)?
join
leave
add
remove
Slide2323
g-SIS Model (E layer)© Ravi SandhuWorld-Leading Research with Real-World Impact!Super-Distribution (SD)Micro-Distribution (MD)Scalability/PerformanceSD: Encrypt once, access where authorizedMD: Custom encrypt for each user on initial access
Assurance/Recourse
SD: Compromise one client, compromise group key
MD: Compromise of one client contained to objects on that client
Slide24How can we be “secure” while being “insecure”?versus How can we be “secure”?© Ravi Sandhu24World-Leading Research with Real-World Impact!
Conclusion