Research Opportunities at the

1
Research Opportunities at the Institute for Cyber
Security (ICS) Ravi Sandhu Executive Director
and Endowed Professor www.ics.utsa.edu www.profsan
dhu.com
1
2
About ICS
We are a startup Founded June 2007 by
multi-million start-up funding from State of
Texas, conditional on recruiting Prof. Ravi
Sandhu to lead ICS
ICS
We are different World-class research with
commercialization
ICS Labs World-class sponsored research on all
aspects of cyber security in collaboration with
leading academic, industry and government
partners
ICS Incubator Develops innovative security
products and companies by bringing in novel and
commercially viable ideas and prototypes,
incubating and developing these and spinning out
companies
ICS CIAS Conducts dark screen exercises and
training at the city and county level to improve
our nations capability to withstand coordinated
cyber attacks
ICS Labs is off to a great start 1.7M (UTSA
portion) in new funding won in 2008 in
partnership with Purdue, UIUC, UMBC, UNCC,
Michigan, UTD, Penn St., ASU, Georgia Tech
2
3
About Ravi Sandhu

• BTech, MTech Electrical Engineering, IIT Bombay,
  IIT Delhi
• MS, PhD Computer Science, Rutgers Univ., New
  Jersey
• Assistant Prof of Computer Science, Ohio State U
  (6 yrs)
• Associate/Full Prof of Information Security,
  George Mason U (18 yrs)
• Full Prof Endowed Chair of Cyber Security, UTSA
  (2007 onwards)
• Founding EIC ACM TISSEC worlds leading security
  journal
• Founder ACM CCS worlds leading security
  conference
• Founder ACM SACMAT another leading security
  conference
• Major author of NIST/ANSI Standard on Role-Based
  Access Control
• Creator architect of MS and PhD programs in
  Cyber Security at GMU
• Co-Founder Chief Scientist, TriCipher Silicon
  Valley startup
• One of the worlds most cited authors in cyber
  security research
• 10,000 Google Scholar hits, with two superhits
  (3200 and 1900 hits)
• 175 papers with 50 co-authors, 14 PhD graduates

4
The Computer Science Research Triangle
Models e.g., 7-layer OSI nw stack, OO Programming
A good PhD dissertation should involve all 3
elements but contributions will typically
emphasize one of these
ICS Forte
Theory e.g., P ? NP, Automata
Implementation e.g., Virtualization, Peer-to-peer
5
Cyber Security Goals
USAGE purpose
USAGE
INTEGRITY modification
AVAILABILITY access
CONFIDENTIALITY disclosure
5
6
ICS Forte Security Models and Analysis

• Models
• RBAC Role-Based Access Control,1992-
• UCON Usage Control, 2002-
• PEI Policy-Enforcement-Implementation, 2000-

• IT Technologies
• Web 2.0
• Virtualization
• Software as a Service (SaaS)
• Web services
• Trusted computing
• Semantic web

• Applications
• Enterprise security
• Identity management
• Information sharing
• Stream-processing
• Social networking

• Attack Technologies
• Botnets
• Phishing
• Buffer overflow
• Cross scripting
• Sniffers

7
RBAC96 Model (1992-)
The most successful authorization model so far
ROLE HIERARCHIES
USER-ROLE ASSIGNMENT
PERMISSIONS-ROLE ASSIGNMENT
ROLES
USERS
PERMISSIONS
SESSIONS
CONSTRAINTS
8
Usage Control UCON Model (2002-)
New kid on the block Receiving good traction

• unified model integrating
• authorization
• obligation
• conditions
• and incorporating
• continuity of decisions
• mutability of attributes

9
PEI Models (2004-)
No competing framework so far
10
Current Funded Projects

• Managing the Assured Information Sharing Life
  Cycle (AISL)Sponsor Air Force Office of
  Scientific Research, MURI, 2008-2013Partners
  UMBC, Michigan, UIUC, Purdue, UTD
• 9/11 caused us to move from a "need to know"
  mindset to a "need to share" posture. What does
  this really mean? What are the implications? How
  can we share safely? How do we share but
  protect?
• Securing Dynamic Online Social Networks Sponsor
  National Science Foundation, 2008-2012 Partners
  Penn. State Univ., ASU, UNC-Charlotte
• Content, often including private sensitive data,
  is flowing into social networks at a very high
  rate. How do we enable privacy and security
  without impacting the velocity of data transfer
  and convenience?
• A Framework for Combating Stealthy
  BotnetsSponsor Air Force Office of Scientific
  Research, MURI, 2008-2013Partners Georgia Tech.
• Botnets are the most dangerous, widespread and
  insidious attack vehicles on the Internet.
  Future botnets are anticipated to use stealth
  techniques such as encryption and aggregation to
  avoid exposure, easily defeating current
  detection techniques. What do we do to contain
  this threat?
• Secure Knowledge Management Models and
  Mechanisms Sponsor National Science Foundation,
  2007-2009
• How do we combine cryptographic techniques and
  access control techniques to effectively protect
  information and knowledge?

11
Current Un-Funded Projects

• Write your own ticket

11
12
Group-Based Information Sharing
Information Sharing Metaphors Secure virtual
room in cyberspace Subscription service
Idealized policy Formalized using temporal logic
Pragmatic policy Approximation to ideal,
formalized using temporal logic
Detailed protocols
Working system
12
13
Conclusion

• The need for cyber security will only grow
• Unless humans suddenly transform into angels
• Unless cyber innovations stop delivering
  productivity gains
• The best we can offer is to stay ahead of the
  attackers
• Attackers are often more innovative and more
  incented than defenders
• Every cyber technology innovation creates a new
  attack-defend cycle
• No final solution
• UTSA has a world class research operation in
  cyber security
• Take security courses
• Join our team
• Come talk to me drop me an email and I will make
  time
• We have multiple openings
• Come join us on Nov 18th to celebrate our
  Founders Day
• 400-530pm Distinguished lecture by Prof.
  Eugene Spafford of Purdue
• 530-700pm Wine and cheese reception
• See www.ics.utsa.edu