Initial Information and Advisory Meeting

1

• Initial Information and Advisory Meeting
• Tuesday, February 26, 2002
• 1000 A.M. 1200 noon
• University of Illinois South Research Park
• SAIC Conference Room

2
Purpose of Meeting

• Introduce CARIS to the information security
  community
• Get input on ways for CARIS to meet its goals
• Determine interest in ongoing partnerships
• Discuss nature of partnerships
• Network among Illinois leaders in information
  security

3
Agenda

• 1000 Introductions
• Roy H. Campbell
• 1010 CARIS Mission and Vision
• Peter M. Siegel
• 1020 CARIS Structure and Directions
• Roy H. Campbell
• 1035 Break
• 1050 Partner Program
• Paul A. McNabb
• 1100 Questions and Input
• Paul A. McNabb
• 1150 Meeting Summary
• Paul A. McNabb

4
Agenda

• 1000 Introductions
• Roy H. Campbell
• 1010 CARIS Mission and Vision
• Peter M. Siegel
• 1020 CARIS Structure and Directions
• Roy H. Campbell
• 1035 Break
• 1050 Partner Program
• Paul A. McNabb
• 1100 Questions and Input
• Paul A. McNabb
• 1150 Meeting Summary
• Paul A. McNabb

5
Agenda

• 1000 Introductions
• Roy H. Campbell
• 1010 CARIS Mission and Vision
• Peter M. Siegel
• 1020 CARIS Structure and Directions
• Roy H. Campbell
• 1035 Break
• 1050 Partner Program
• Paul A. McNabb
• 1100 Questions and Input
• Paul A. McNabb
• 1150 Meeting Summary
• Paul A. McNabb

6
CARIS Mission and Goals

• World leadership in information assurance
• research and development
• multidisciplinary education
• university and community awareness
• public policy influence
• In infrastructure and information system security
• Mutual benefit to multiple constituencies

7
Corporate Benefits
Industry Partnerships

• Joint projects that increase funding
  opportunities
• University research that transfers to marketable
  products
• Training and education possibilities for staff
• Improved infrastructure for more secure business
  transactions
• Influence on the direction of research in the
  field
• Early access to know-how and other benefits
• Forum for public policy input

8
Government Benefits

• More ways to meet goals of funding organizations
• e.g., NSF, NIST
• Improved infrastructure for more secure
  transactions
• Specific federal, state, and local needs
• e.g., security of Internet data offered via local
  cable
• Improved awareness and security for community
• Synergies with federal and state homeland
  security mandates
• Informed input on legislation and other issues

9
University Benefits
Real-world problems, effective solutions

• Contribute to solution of critical, real-world
  problems
• Significantly advance the state of knowledge in
  information security
• Increased project and funding opportunities
• Provide value to the State of Illinois through
  industry-academic partnerships
• Forum for public policy input

10
Joint Projects Many Benefits
Funding Sources
U of I
Joint Projects
real-world technology transfer
Superior Products
better security
Business Industry
Public
11
Other CARIS Benefits
CARIS
better policies
protection of resources
Funding Sources
increased corporate expertise, stronger
infrastructure,
Public
Business Industry
12
U of I Expertise
Computer Science Related Programs

• Computer Science
• One of top 5 programs in the country
• 40 faculty, 1,100 undergraduate students, 400
  graduate students
• One
• Beckman Institute for Advanced Science and
  Technology
• National Center for Supercomputing Applications
  (NCSA)

One of 22 NSA Centers of AcademicExcellence in
Information Assurance Education
13
Argus Products

• 9 years in existence
• Staff of 50 in Illinois, 85 world-wide
• 42 resellers in 20 countries
• PitBull operating system-level security
• Unbroken in eWeeks OpenHack III
• ITSEC certification to F-B1/E3
• Successful SPOCK user validation (NASA, NSA,
  DoD)

14
Argus Involvement

• On Chicago Cybersecurity Roundtable
• On ASP Industry Consortium Security Subcommittee
• Washington Representatives Focused on US
  Government
• Procurement Activities
• Announcements
• Programs

15
Argus Clients

• More than 100 organizations, including
• Chase Manhattan Bank
• Federal intelligence agencies
• U.S. Army
• ABN Amro Bank
• Chicago Stock Exchange
• Singapore CERT
• Japanese Space Agency
• Credit Suisse

16
Agenda

• 1000 Introductions
• Roy H. Campbell
• 1010 CARIS Mission and Vision
• Peter M. Siegel
• 1020 CARIS Structure and Directions
• Roy H. Campbell
• 1035 Break
• 1050 Partner Program
• Paul A. McNabb
• 1100 Questions and Input
• Paul A. McNabb
• 1150 Meeting Summary
• Paul A. McNabb

17
CARIS Structure
CARIS Steering committee (initial) Roy Campbell,
U of I Paul McNabb, Argus Peter Siegel, U of I
Terry Greene, Argus

• CARIS
• Director Roy Campbell
• Deputy Director Paul McNabb
• Secretary Anda Ohlsson
• Associate Director, Public Policy Terry Greene
• Associate Director, Community Outreach
• Associate Director, Academic Programs
  
• Associate Director, Research
• Program and Development Manager Roland Garton

18
CARIS and Other Groups
CARIS Steering committee
External Advisory Board
CARISFaculty

• CARIS

Business Partners
Government Agencies
Other Institutions
19
Initial Technical Directions

• Computer system security, especially operating
  system security
• Modeling and evaluation of security technologies
• Business models associated with security
  technology deployment
• Legal issues and best practices
• Privacy and open system security
• Wireless communication and smart card
  technologies
• Mobile devices and security
• Others as they arise

20
Projects at other Institutions

• CERIAS (Purdue)
• Behavior Based Artificial Agents for Information
  Security
• Critical Social, Legal and Ethical Issues in
  Information Use and Abuse in Health
• Detecting Denial of Service Attacks
• Integrating Human-Usability Metrics into
  Information Security Models
• Online Security Communication about Credit Card
  Usage
• Protection of Educational Data in Large Scale
  Databases and Internet Environments
• Multicommodity Private Bidding Auctions
• Static and Dynamic Security in Web Data
  Management

21
Projects at other Institutions

• George Mason
• Integrity and Secrecy
• Security and the World Wide Web
• Survivability and Information Warfare
• Temporal Databases
• Stanford
• Intrusion tolerance via threshhold cryptography
• Electronic wallets
• Assurance for mobile code
• Secure public Internet access handler
• Security has become a BIG research area.

22
Proposals Submitted to Date

• CARIS proposals to date total over 50 million
• Proposed areas include
• Security in large-scale, multi-access
  environments
• Comprehensive security integrating multiple
  technologies
• Privacy model of computing
• Security across multi-machine architectures
• Friendly user-interfaces for viewing and
  manipulating security policy

23
Funding Possibilities DoD

• US Army Research Office (400 million budget)
• US Army Research Laboratory (670 million budget)
• Defense Advanced Research Project Agency(1.96
  billion budget)
• Air Force Research Laboratory (500 million
  budget)
• Naval Research laboratory
• Others
• US Army Communications Electronics Command
• US Air Force Communications Command

24
Other Funding Possibilities

• National Security Agency (NSA)
• National Science Foundation (NSF)
• National Academy of Sciences
• National Institute of Standards Technology
  (NIST)
• Central Intelligence Agency (CIA)
• Department of Education (DoE)
• Industrial Affiliate Program
• State of Illinois
• Targeted corporate research programs
• Many others

25
Current Legislation

• H.R. 1259 Computer Security Enhancement Act of
  2001
• Requires NIST to provide assistance to federal
  agencies in the protection of computer networks,
  promote federal compliance with computer
  information security and privacy guidelines, and
  assist federal response efforts to unauthorized
  access to federal systems.
• H.R. 2435 Cyber Security Information Act
• Prohibits the disclosure of cyber security
  information (e.g., misuse of or unauthorized
  Internet access) that is voluntarily provided to
  a federal entity.

26
Current Legislation (cont)

• H.R. 3316 Computer Security Enhancement and
  Research Act of 2001
• Requires NIST to support research institutions,
  provide support for research fellowships, and
  contract with the National Research Council for a
  comprehensive review of such program during its
  fifth year.
• H.R. 3394 Cyber Security Research and
  Development Act
• Authorizes appropriations to NSF and NIST to
  establish new programs and increase funding for
  certain current programs for computer and network
  security research and development and research
  fellowships.

27
Agenda

• 1000 Introductions
• Roy H. Campbell
• 1010 CARIS Mission and Vision
• Peter M. Siegel
• 1020 CARIS Structure and Directions
• Roy H. Campbell
• 1035 Break
• 1050 Partner Program
• Paul A. McNabb
• 1100 Questions and Input
• Paul A. McNabb
• 1150 Meeting Summary
• Paul A. McNabb

28
Agenda

• 1000 Introductions
• Roy H. Campbell
• 1010 CARIS Mission and Vision
• Peter M. Siegel
• 1020 CARIS Structure and Directions
• Roy H. Campbell
• 1035 Break
• 1050 Partner Program
• Paul A. McNabb
• 1100 Questions and Input
• Paul A. McNabb
• 1150 Meeting Summary
• Paul A. McNabb

29
Founding Partner Program

• Now being formed
• Being designed to meet needs of all involved
• Your input requested
• First-year program
• Formalize relationships for mutual benefit
• Corporate benefits
• Government benefits
• University benefits
• To become annual partner program

30
Proposed Partner Levels

• All Partners
• Joint project with CARIS encouraged
• Access to CARIS administrators and faculty
• Networking opportunities with CARIS faculty and
  partners
• Select CARIS publications
• Recognition in CARIS documentation, web page
• Level 3 Project Partner (0 - 4,999)
• In-kind support or joint project expected
• CARIS newsletters and bulletins

31
Proposed Partner Levels (cont)

• Level 2 Affiliate Partner (5,000 - 29,000)
• All Project Partner benefits
• Advance CARIS publications and research
• Invitation to visit CARIS and present at
  colloquia
• Level 1 Associate Partner (30,000 or more)
• All Affiliate Partner benefits
• CARIS event planning
• Assured seat on external advisory board

32
Intellectual Property Rights

• U of I now more interested than ever in working
  with companies
• Rights to be negotiated on case-by-case basis
• No up-front sine qua none requirements

33
Agenda

• 1000 Introductions
• Roy H. Campbell
• 1010 CARIS Mission and Vision
• Peter M. Siegel
• 1020 CARIS Structure and Directions
• Roy H. Campbell
• 1035 Break
• 1050 Partner Program
• Paul A. McNabb
• 1100 Questions and Input
• Paul A. McNabb
• 1150 Meeting Summary
• Paul A. McNabb

34
Agenda

• 1000 Introductions
• Roy H. Campbell
• 1010 CARIS Mission and Vision
• Peter M. Siegel
• 1020 CARIS Structure and Directions
• Roy H. Campbell
• 1035 Break
• 1050 Partner Program
• Paul A. McNabb
• 1100 Questions and Input
• Paul A. McNabb
• 1150 Meeting Summary
• Paul A. McNabb

35
Contact Information
CARISAttn Roy Campbell 1304 W. Springfield
Avenue 3315 Digital Computer Lab, MC-258 Urbana,
IL  61801   voice (217) 265-5225 fax (217)
244-6869 www.caris.uiuc.edu
36
Contact Information
Argus Systems Group, Inc. 1809 Woodfield
Drive Savoy, IL 61874   voice (217) 355-6308
fax (217) 355-1433 www.argus-systems.com
37
Contact Information

• Roy Campbell, Director
• rhc_at_cs.uiuc.edu
• use CARIS address
• Paul McNabb, Deputy Director
• mcnabb_at_argus-systems.com
• use Argus address
• Anda Ohlsson, Secretary
• ohlsson_at_cs.uiuc.edu
• use CARIS address