Cyber Security: Research, Results, and Opportunities - PowerPoint PPT Presentation
1 / 29
Title:
Cyber Security: Research, Results, and Opportunities
Description:
Research mostly over the last 3-4 years. Some of IIT's Cyber Security Research ... Just-In-Time Click-Through Agreements: Informed, Unambiguous Consent ... – PowerPoint PPT presentation
Number of Views:36
Avg rating:3.0/5.0
Title: Cyber Security: Research, Results, and Opportunities
1
Cyber Security Research, Results, and
Opportunities
- Larry Korba
- Information Security Group
- Institute for Information Technology
- Larry.Korba_at_nrc-cnrc.gc.ca
MITACS Cybersecurity Workshop, Nov 29-30, 2004
2
Agenda
- Caveats
- IIT
- Information Security Group
- Projects
- Research Results Opportunities
- Conclusions
3
Caveats
- Opportunities Focus
- Research mostly over the last 3-4 years
- Some of IITs Cyber Security Research
- Information Security Group (Mostly)
- PST Team
4
IIT Cybersecurity
E-Business Focus
IIT Atlantic 61
Information Security 7
PST Team
Interactive Information 11
IIT Gatineau 15
IIT Ottawa
Integrated Reasoning 15
High Performance Computing 6
Interactive Language Technologies
Computational Video 10
Software Engineering 12
Visual Information Technologies 21
5
Information Security Group Background
Short History
- IITs Research Startup in Security and Privacy
- 2001 1 Researcher2004 (February) 6
Researchers, 2 GW2004 4 Researchers, 1 CS, 4
GW, 2 Students - Security Privacy Enhancing Technologies for
Distributed Systems
Security and Privacy without Complexity
6
ISG Projects
- Privacy Incorporated Software Agent (2001-2004)
- EU 5th Framework (4.3 Million EU, 6 Countries)
- Develop Privacy Enhancing Technologies for
Agent-Based E-Commerce - Taiwan-NRC Collaborations (2001-2004)
- Privacy and Security for
- E-Learning
- E-Manufacturing
- SME Involvement
- Security Privacy for On-line Gambling
- Other Government Departments
7
Research Cyber Security
- Trustable HCI
- Network-Based Privacy
- Scalability of Distributed Security Applications
- Critical Infrastructure Interdependencies
- Managing Rights
- Privacy Testing Profiles
- Agent-Based Security Intelligence
8
Network Confidentiality (PISA)
- Analysis of well known network anonymization
approaches - 10 different attacks
- Agent-Based Network Confidentiality Prototype
implemented - Research into self-managed network
confidentiality
9
Network ConfidentialityImplementation
- JADE Environment
- Two Agent Types
- Onion Routing Agent
- Onion Monitor Agent
- Self-Managed System
10
Topology Diagram
Agent 2
Agent 1
OMA
Platform Messaging Channel
ONA
11
Opportunity Ad Hoc Network Privacy
- For Wireless Short-Range Communication
- Secure Routing and Message Delivery
- Non-source based Routing.
12
Opportunities
- Secure Protocol Research
- Improve insecure protocols NetBIOS, NFS, NIS,
etc.
13
HCI and PRIVACY PROTECTION
From Privacy Legislation to Interface Design
Building Trust Reducing Risk
HCI Requirements for Legislative Compliance and
Usable Design
Just-In-Time Click-Through Agreements Informed,
Unambiguous Consent
14
Opportunities
- Context-Based Interaction
- User Interface, Visualization Techniques
integrate - User culture, preferences, temperament
- Time/Space/Other Dependencies
- Recovery Techniques
- Targets
- Help quickly identify problems
- Help make appropriate decisions dealing with
Cyber Security Events - Applications in other domains
15
Scalability of Privacy Security Technologies
(PISA)
- For Security aspects Privacy Enhancing
Technologies - Agent-based (JADE)
- Measurement
- Modeling
- Simulation
16
Critical Infrastructure Interdependencies
- New research focus in PST Team (IIT)
- Multidisciplinary approach
- From Scenarios, to Multidimensional Models, and
Training Simulations - Agent-Based Approach
From Rinaldi et al.
17
Opportunities
- Modeling of Security Systems
- Threat Analysis
- Development
- Testing
- Discover System holes
18
Privacy Management
- Adapt DRM Architecture to provide functions
required by Data Directive - Provides Privacy Rights Management
- Started with Privacy Principle Analysis
19
Entity Relationships
20
DRM Adapted for PRM
21
PRM-Style Privacy Management
- Includes the ability to negotiate privacy
policies - Service Provisioning
- Automated/Semi-Automated Policy
Negotiation/Setting
22
Opportunities
- Policy-based security policy negotiation
- Secure Software Engineering
- Modeling Tools
- Code Analysis/Inspection Tools
- Automated Testing
23
Privacy Testing Profiles
- Players Information Privacy Commission of
Ontario, EDS, Cyberrun, others. - From CSA Fair Information Practices Develop a
threat model and testing methodology for any
privacy technology - Extend Common Criteria
- Target Privacy Assessment lt 50K
24
Opportunities
- Privacy testing technologies
- Database or application leaks of personal data
- Threat model-based
- Privacy Monitoring Technologies/Services
- Similar to security monitoring technologies
25
Agent-Based Security IntelligenceSocial Network
Analysis
- Distributed Computer Activity Monitoring
- Automated Social Network Analysis
- Determine Inappropriate Behaviour
26
Opportunities
- Threat Discovery
- Graph-based relational learning
- Link Mining
- Multi-Relational Data mining
- Behavioural Modeling
- Privacy-Preserving Data Mining
- Cryptographic Techniques
- Secure distributed logs/databases
27
Summary Opportunities
- Secure Software Engineering Technologies
- Privacy Technologies
- Privacy-Preserving Data Mining
- Active Data Control
- Privacy Testing/Monitoring/Enforcement
- Automated Security Management
- Modeling approaches
- Non-linear, multi-dimensional approaches
- Applied to Security Systems
- Securing Weak Communication Protocols
- Contextual Data/Knowledge Visualization
- Help make effective decisions
- More Secure Protocols
28
Thank You
http//www.iit-iti.nrc-cnrc.gc.ca
- Contact Larry Korba
- Group Leader, Information Security
- Institute for Information Technology
- Larry.Korba_at_nrc-cnrc.gc.ca
29
Network Confidentiality
Recommended
CrystalGraphics Presentations
