IT Security Lab Research Support

1
IT Security Lab Research Support

• Randy Marchany
• VA Tech IT Security Lab

2
Mission Statement

• Test computer hardware and software for security
  vulnerabilities under the direction of the
  Information Technology Security Office. It will
  actively design, develop and implement computer
  and network security training materials, classes
  (in-person and online) to University technical
  and general users. It will act as a testing
  facility for cooperative research project between
  the Information Technology Security office and
  academic researchers. It will also provide
  testing services to external entities according
  to a fee schedule.

3
Goals Objectives

• Educational, Cybersecurity Research and Outreach
  programs
• Design, develop and provide technical training
  materials and courses to Virginia Tech system and
  network administrators.
• Design, develop and provide general user security
  awareness training materials under the direction
  of the IT Security Office.
• Provide academic and instructional support for
  graduate level computer and network security
  courses.
• Provide a Teaching and Research Facility for the
  NSA Center for Academic Excellence in
  Cybersecurity multi-disciplinary unit.
• Security Testing and Certification
• Review the security design issues for IT
  applications in a pre-audit capacity.
• Serve in partnership with the Center for Internet
  Security (CIS) as the testing site for
  certification of compliance of vendor security
  software with the CIS benchmarks.
• Computer Incident Response Team  (CIRT)
  Initiatives
• Define Incident Response guidelines and
  procedures
• Professional Society, training conference
  participation

4
Grants Received

• PWC - 60K to create virtual corporate net for
  use in senior level IT Audit class
• 2 year support for 1.5 GRA
• for 2 servers, VMWARE software
• Dr. Sam Hicks (ACCT), RCM as co-PI
• SANS Institute 70K to create test and question
  database for Secure Code Certification class
• Jobs for 4 grad students
• Dr. J. Park (ECE), RCM as co-PI

5
Equipment

• Linux Dell Servers
• OSX Apple Xserve
• Windows 2000 - Dell
• Windows XP - Dell
• Solaris Sun
• VMWARE Servers
• Cisco Switch

6
Academic Support

• Lab provides full classroom support for ECE 4560
  Computer Network Security Fundamentals
• Taught every Spring Semester
• 250 students have taken the class since 1999
• Graduate and senior level ECE/CS students
• Class taught at NOVA and main campus via TV
• Class taught statewide via College of Engineering
  CGEP
• Richmond, Danville, South Boston, Lynchburg,
  Dahlgren, NOVA, Tidewater
• Hands-on exercises
• Learning how to use attack/defense tools
• Analyzing attacks in real-time
• Team based

7
Research Support

• Facilities available for PHD, Masters research in
  cybersecurity
• Electrical Computer Engineering (ECE)
• Computer Science (CS)
• Business
• Masters of Information Technology (MIT)

8
Research Support

• PHD
• Taxonomy of Computer Attacks, 1999, ECE
• Battery Based Intrusion Detection, 2005, ECE
• Thwarting Network Stealth Worms through
  Biological Epidemiology and Natural Immune
  Systems, 2006, ECE
• A Framework for Deriving Verification and
  Validation Strategies to Assess Software
  Security, 2006, CS
• Battery-Sensing Intrusion Protection System,
  2007, ECE
• Denial-of-Sleep Vulnerabilities and Defenses in
  Wireless Sensor Network MAC Protocols, 2008, ECE

9
Research Support Completed Degrees

• PhD
• Wireless Sensor Networks, 2006, ECE
• Visualization Tool for Determining Network
  Attacks, 2006, CS
• Network based Visualization, 2007, ECE

10
Research Support Completed Degrees

• Masters
• Using Plant Epidemiological Methods to Track
  Computer Network Worms, 2004, CS
• pTCP A Client Puzzle Protocol for Defending
  against Resource-Exhaustion Denial-of-Service
  Attacks, 2005, ECE
• E-Commerce Security, 2003, MIT/Business
• Acceptable Computer Use Policies at United
  States Colleges and Universities, 2002, MA, GMU

11
Research Support

• Lab provides work space and systems for graduate
  student research
• Student pipeline has been established
• Students from ECE Computer Security class learn
  of Labs resources and apply to use the
  facilities for their research
• Word of mouth advertisement
• Lab grad students employ undergrads to help in
  research
• These students usually stay in the lab for more
  projects
• Lab Director is a member of the graduate
  students committee
• Student research papers submitted for publication

12
Research Support

• Student Pipeline Example
• Phd student used 5 undergraduates to help with
  his research for spring 2005
• One student hired to work in the lab during the
  summer
• Same grad student used 5 more undergraduate for
  summer session work
• 1 student became lab GRA, 3 others stayed as grad
  students and are employing other undergrads

13
NSA Center for Academic Excellence in
Cybersecurity Research

• VT named an NSA CAE in Fall 2004
• This designation allows VT to apply for
  cybersecurity research grants
• Multidisciplinary curriculum
• ECE, CS, BUS, MIT
• IT Security Lab is the designated Teaching
  Hospital/Lab for the CAE.
• http//research.cs.vt.edu/infosec

14
Teaching Hospital

• Lab can be configured to allow students to
  observe, treat and immunize systems in a real
  world setting
• Students working on real problems in a live
  environment
• Designed to allow cybersecurity experiments to be
  run in a controlled environment
• Lab uses VMWARE to set up virtual systems and
  networks.
• Virtual corporate network, systems used for
  Business IT Audit Class (PWC grant, Dr. Hicks)

15
(No Transcript)
16
Summary

• Lab has been operating as a teaching and research
  facility since its creation
• Multidisciplinary in approach and participation
• Lab Director teaches ECE 4560
• Business teaches IT Audit class using lab
• Future involvement in MIT degree courses

17
Publications

• 1. Using Battery Constraints within Mobile Hosts
  to Improve Network SecurityJacoby, G.A.
  Marchany, R. Davis, N.J., IVSecurity Privacy
  Magazine, IEEEVolume 4,  Issue 5,  Sept.-Oct.
  2006 Page(s)40 - 49 Digital Object Identifier
  10.1109/MSP.2006.139 AbstractPlus Full Text
  PDF(1707 KB)    IEEE JNL Rights and Permissions
  
• 2. Battery-Sensing Intrusion Protection for
  Wireless Handheld Computers Using a Dynamic
  Threshold Calculation Algorithm for Attack
  DetectionBuennemeyer, T.K. Munshi, F.
  Marchany, R.C. Tront, J.G.System Sciences,
  2007. HICSS 2007. 40th Annual Hawaii
  International Conference onJan. 2007
  Page(s)163b - 163b Digital Object Identifier
  10.1109/HICSS.2007.103
• AbstractPlus Full Text PDF(408 KB)    IEEE
  CNF Rights and Permissions
• 3. Internet Security Intrusion Detection and
  Prevention in Mobile SystemsTront, J.G.
  Marchany, R.C.System Sciences, 2007. HICSS
  2007. 40th Annual Hawaii International Conference
  onJan. 2007 Page(s)162 - 162 Digital Object
  Identifier 10.1109/HICSS.2007.287
• AbstractPlus Full Text PDF(121 KB)    IEEE
  CNF Rights and Permissions
• 4. Polling the smart battery for efficiency
  Lifetime optimization in battery-sensing
  intrusion protection systemsBuennemeyer, T.K.
  Nelson, T.M. Marchany, R.C. Tront,
  J.G.SoutheastCon, 2007. IEEEMarch 2007
  Page(s)740 - 745 Digital Object Identifier
  10.1109/SECON.2007.342999
• AbstractPlus Full Text PDF(299 KB)    IEEE
  CNF Rights and Permissions
• 5. Effects of Denial of Sleep Attacks on Wireless
  Sensor Network MAC ProtocolsRaymond, D.
  Marchany, R. Brownfield, M. Midkiff, S.2006
  IEEE Information Assurance WorkshopJune 21-23
  Page(s)297 - 304
• AbstractPlus Full Text PDF(304 KB)    IEEE
  CNF Rights and Permissions

18
Publications

• 6. Battery-Sensing Intrusion Protection
  SystemBuennemeyer, T.K. Jacoby, G.A. Chiang,
  W.G. Marchany, R.C. Tront, J.G.2006 IEEE
  Information Assurance WorkshopJune 21-23
  Page(s)176 - 183 AbstractPlus Full Text
  PDF(822 KB)    IEEE CNF Rights and Permissions
  
• 7. Internet security intrusion detection
  preventionTront, J.G. Marchany, R.C.System
  Sciences, 2004. Proceedings of the 37th Annual
  Hawaii International Conference on5-8 Jan. 2004
  Page(s)1 pp. Digital Object Identifier
  10.1109/HICSS.2004.1265449
• AbstractPlus Full Text PDF(163 KB)    IEEE
  CNF Rights and Permissions
• 8. Chained puzzles a novel framework for
  IP-layer client puzzlesMcNevin, T.J. Jung-Min
  Park Marchany, R.Wireless Networks,
  Communications and Mobile Computing, 2005
  International Conference onVolume 1,  13-16 June
  2005 Page(s)298 - 303 vol.1 Digital Object
  Identifier 10.1109/WIRLES.2005.1549426
• AbstractPlus Full Text PDF(1952 KB)    IEEE
  CNF Rights and Permissions
• 9. Reflections on operating in hostile
  environmentsBazaz, A. Arthur, J.D. Marchany,
  R.System Sciences, 2004. Proceedings of the
  37th Annual Hawaii International Conference
  on5-8 Jan. 2004 Page(s)10 pp. Digital Object
  Identifier 10.1109/HICSS.2004.1265454
• AbstractPlus Full Text PDF(258 KB)    IEEE
  CNF Rights and Permissions
• 10. Battery-based intrusion detection a first
  line of defenseJacoby, G.A. Marchany, R.
  Davis, N.J., IVInformation Assurance Workshop,
  2004. Proceedings from the Fifth Annual IEEE
  SMC10-11 June 2004 Page(s)272 - 279 Digital
  Object Identifier 10.1109/IAW.2004.1437827
• AbstractPlus Full Text PDF(1247 KB)    IEEE
  CNF Rights and Permissions

19
Publications

• 11. CANDI a system for classifying the security
  risks in appliancesTront, J.G. Marchany,
  R.C.System Sciences, 2003. Proceedings of the
  36th Annual Hawaii International Conference
  on6-9 Jan 2003 Page(s)5 pp. Digital Object
  Identifier 10.1109/HICSS.2003.1174461
  AbstractPlus Full Text PDF(1012 KB)    IEEE
  CNF Rights and Permissions
• 12. Introduction to internet securityTront,
  J.G. Marchany, R.C.System Sciences, 2003.
  Proceedings of the 36th Annual Hawaii
  International Conference on6-9 Jan 2003
  Page(s)203 - 203 Digital Object Identifier
  10.1109/HICSS.2003.1174460
• AbstractPlus Full Text PDF(226 KB)    IEEE
  CNF Rights and Permissions
• 13. E-commerce security issuesMarchany, R.C.
  Tront, J.G.System Sciences, 2002. HICSS.
  Proceedings of the 35th Annual Hawaii
  International Conference on7-10 Jan 2002
  Page(s)2500 - 2508
• AbstractPlus Full Text PDF(464 KB)    IEEE
  CNF Rights and Permissions
• 14. Introduction to the internet security
  minitrackMarchany, R.C. Tront, J.G.System
  Sciences, 2002. HICSS. Proceedings of the 35th
  Annual Hawaii International Conference on7-10
  Jan 2002 Page(s)2491 - 2491
• AbstractPlus Full Text PDF(225 KB)    IEEE
  CNF Rights and Permissions

20
Publications

• 1. Battery-Sensing Intrusion Protection for
  Wireless Handheld Computers Using a Dynamic
  Threshold Calculation Algorithm for Attack
  DetectionBuennemeyer, T.K. Munshi, F.
  Marchany, R.C. Tront, J.G.System Sciences,
  2007. HICSS 2007. 40th Annual Hawaii
  International Conference onJan. 2007
  Page(s)163b - 163b Digital Object Identifier
  10.1109/HICSS.2007.103 Abstract Full Text
  PDF(408 KB)    IEEE CNF Rights and Permissions
  
• 2. Internet Security Intrusion Detection and
  Prevention in Mobile SystemsTront, J.G.
  Marchany, R.C.System Sciences, 2007. HICSS
  2007. 40th Annual Hawaii International Conference
  onJan. 2007 Page(s)162 - 162 Digital Object
  Identifier 10.1109/HICSS.2007.287
• Abstract Full Text PDF(121 KB)    IEEE CNF
  Rights and Permissions
• 3. Polling the smart battery for efficiency
  Lifetime optimization in battery-sensing
  intrusion protection systemsBuennemeyer, T.K.
  Nelson, T.M. Marchany, R.C. Tront,
  J.G.SoutheastCon, 2007. IEEEMarch 2007
  Page(s)740 - 745 Digital Object Identifier
  10.1109/SECON.2007.342999
• Abstract Full Text PDF(299 KB)    IEEE CNF
  Rights and Permissions
• 4. Battery-Sensing Intrusion Protection
  SystemBuennemeyer, T.K. Jacoby, G.A. Chiang,
  W.G. Marchany, R.C. Tront, J.G.2006 IEEE
  Information Assurance WorkshopJune 21-23
  Page(s)176 - 183
• Abstract Full Text PDF(822 KB)    IEEE CNF
  Rights and Permissions
• 5. Internet security intrusion detection
  preventionTront, J.G. Marchany, R.C.System
  Sciences, 2004. Proceedings of the 37th Annual
  Hawaii International Conference on5-8 Jan. 2004
  Page(s)1 pp. Digital Object Identifier
  10.1109/HICSS.2004.1265449
• Abstract Full Text PDF(163 KB)    IEEE CNF
  Rights and Permissions

21
Publications

• CANDI a system for classifying the security
  risks in appliancesTront, J.G. Marchany,
  R.C.System Sciences, 2003. Proceedings of the
  36th Annual Hawaii International Conference
  on6-9 Jan 2003 Page(s)5 pp. Digital Object
  Identifier 10.1109/HICSS.2003.1174461 Abstract
  Full Text PDF(1012 KB)    IEEE CNF Rights and
  Permissions
• 7. Introduction to internet securityTront, J.G.
  Marchany, R.C.System Sciences, 2003.
  Proceedings of the 36th Annual Hawaii
  International Conference on6-9 Jan 2003
  Page(s)203 - 203 Digital Object Identifier
  10.1109/HICSS.2003.1174460
• Abstract Full Text PDF(226 KB)    IEEE CNF
  Rights and Permissions
• 8. E-commerce security issuesMarchany, R.C.
  Tront, J.G.System Sciences, 2002. HICSS.
  Proceedings of the 35th Annual Hawaii
  International Conference on7-10 Jan 2002
  Page(s)2500 - 2508
• Abstract Full Text PDF(464 KB)    IEEE CNF
  Rights and Permissions
• 9. Introduction to the internet security
  minitrackMarchany, R.C. Tront, J.G.System
  Sciences, 2002. HICSS. Proceedings of the 35th
  Annual Hawaii International Conference on7-10
  Jan 2002 Page(s)2491 - 2491
• Abstract Full Text PDF(225 KB)    IEEE CNF
  Rights and Permissions

22
Publications

• 1. Cross-layer wireless sensor network radio
  power managementBrownfield, M.I. Fayez, A.S.
  Nelson, T.M. Davis, N., IVWireless
  Communications and Networking Conference, 2006.
  WCNC 2006. IEEEVolume 2,  3-6 April 2006
  Page(s)1160 - 1165 AbstractPlus Full Text
  PDF(298 KB)    IEEE CNF Rights and Permissions
  
• 2. Wireless sensor network energy-adaptive mac
  protocolBrownfield, M.I. Mehrjoo, K. Fayez,
  A.S. Davis, N.J., IVConsumer Communications
  and Networking Conference, 2006. CCNC 2006. 2006
  3rd IEEEVolume 2,  8-10 Jan. 2006 Page(s)778 -
  782
• AbstractPlus Full Text PDF(374 KB)    IEEE
  CNF Rights and Permissions
• 3. Symbiotic highway sensor networkBrownfield,
  M.I. Davis, N.J.Vehicular Technology
  Conference, 2005. VTC-2005-Fall. 2005 IEEE
  62ndVolume 4,  25-28 Sept., 2005 Page(s)2701 -
  2705 Digital Object Identifier
  10.1109/VETECF.2005.1559039
• AbstractPlus Full Text PDF(281 KB)    IEEE
  CNF Rights and Permissions

23
Publications

• 1. Cross-layer wireless sensor network radio
  power managementBrownfield, M.I. Fayez, A.S.
  Nelson, T.M. Davis, N., IVWireless
  Communications and Networking Conference, 2006.
  WCNC 2006. IEEEVolume 2,  3-6 April 2006
  Page(s)1160 - 1165 AbstractPlus Full Text
  PDF(298 KB)    IEEE CNF Rights and Permissions
  
• 2. Effects of Denial of Sleep Attacks on Wireless
  Sensor Network MAC ProtocolsRaymond, D.
  Marchany, R. Brownfield, M. Midkiff, S.2006
  IEEE Information Assurance WorkshopJune 21-23
  Page(s)297 - 304
• AbstractPlus Full Text PDF(304 KB)    IEEE
  CNF Rights and Permissions
• 3. Wireless sensor network energy-adaptive mac
  protocolBrownfield, M.I. Mehrjoo, K. Fayez,
  A.S. Davis, N.J., IVConsumer Communications
  and Networking Conference, 2006. CCNC 2006. 2006
  3rd IEEEVolume 2,  8-10 Jan. 2006 Page(s)778 -
  782
• AbstractPlus Full Text PDF(374 KB)    IEEE
  CNF Rights and Permissions
• 4. Symbiotic highway sensor networkBrownfield,
  M.I. Davis, N.J.Vehicular Technology
  Conference, 2005. VTC-2005-Fall. 2005 IEEE
  62ndVolume 4,  25-28 Sept., 2005 Page(s)2701 -
  2705 Digital Object Identifier
  10.1109/VETECF.2005.1559039
• AbstractPlus Full Text PDF(281 KB)    IEEE
  CNF Rights and Permissions
• 5. Wireless sensor network denial of sleep
  attackBrownfield, M. Yatharth Gupta Davis,
  N.Systems, Man and Cybernetics (SMC)
  Information Assurance Workshop, 2005. Proceedings
  from the Sixth Annual IEEE15-17 June 2005
  Page(s)356 - 364 Digital Object Identifier
  10.1109/IAW.2005.1495974
• AbstractPlus Full Text PDF(529 KB)    IEEE
  CNF Rights and Permissions

24
Graduate History

• Dan Lough, Grant Jacoby, Mike Brownfield, Kris
  Hall, Tim Buennemeyer, Anil Bazaz (PhD)
• Tim McNevin, Rishi Pande, Theresa Nelson, Lee
  Clagett, Mike Stchur (Masters)
• Mike Gora (UG)
• John Paul Dunning (wage)
• Aaron Kroll (intern)