Title: ORNL
1WELCOME
1st Annual Visiting Professor Collaborative
Research Program (VPCRP) Workshop March 14 15,
2005 Oak Ridge National Laboratory Joseph P.
Trien Group Leader Cyber Security Information
Infrastructure Research (CSIIR) Interim
Director Information Operations Center (IOC)
2ORNL Knowledge Management Focus
3ORNL has many Knowledge Management Strategic
Research Thrusts
- Modeling and Simulation
- Parallel Discrete Event Simulations
- Inverse simulations
- Dynamic prediction simulations
- Distributed control
- Information Systems
- Data systems architecture
- Distributed data management
- Dynamic data management
- Sensor data management
- Information Discovery
- Dynamic text analysis
- Knowledge extraction sciences
- Dynamic Information Retrieval
- Information/Knowledge Fusion
- Geospatial Sciences
- Population dynamics
- Community modeling
- Commodity tracking
- Information Operations
- Steganography
- Quantum Cryptography
- Insider Threat Detection Mitigation
- Distributed Authentication and Trust
- Automated Code Verification Validation
- Information Assurance
- 3-D Situation Awareness
- Decision Sciences
- Man/Machine Interfaces
- Behavioral Sciences
- Cognitive Inference
4Strategic Thrust Cyber Security
- Cyber Security
- Cyber Attack Detection and Machine Speed Response
- Zero-Day Attack Detection
- Multi-Level and Distributed Ad-Hoc Trust
- Large-scale Cyber Situation Awareness, Warnings,
Response - Leverage existing commercial distributed
framework technologies - Integrate LDRD initiatives
- Insider Threat Detection
- Protection of data (secure, trusted, protected
information sharing) - Prevent ex-filtration and corruption of stored
data - Stand-off brain scan authentication and
identification - Large-Scale Cyber Security Network Test Bed
- Expand existing network lab into recognize single
location to perform world-class large-scale test,
evaluation, and implementation protocols - Vulnerability Assessments
- Automated Software Code Verification Validation
tool and certification center
5Strategic Thrust Infrastructure
- Infrastructure
- Large Scale Network Modeling and Simulation
- CADENCE/OPNET supercomputer initiative
- Commercial Vehicle Integrated Safety and Security
Enforcement System - Integrated information collection, transmission,
processing, dissemination architecture protocol - Sensor Net Network Systems and Network Security
Architecture Research
6Visiting Professor Collaborative Research Program
(VPCRP) 1st Annual Workshop
- Common Goal
- Develop our near term research goals aimed at
finding/building a tangible doable foundation
that can help expand our collective capabilities
and broaden our opportunities for future
collaborative (i.e., summer research visitations
and beyond) RD success in Cyber Security and
Information Infrastructure.
7Focus Insider Threats
- Develop outside-of-the-box concepts for near-term
capabilities in identifying, defending against,
and countering an insider who attempts to abuse
his or her computer privileges. - The potential for damage from insider threats are
potentially catastrophic. - Defined as the potential damage to the interests
of an organization, a company, or a corporation,
done by a person regarded as loyally working for
or on behalf of the organization, company, or
corporation. - The insider threat focus is limited to threats
posed to devices connected to a network. This
can be simply inadvertent violation of security
policy or overt attempt at defeating the security
systems from within the network.
8Focus Life Cycle Threats
- There is not a means for automated testing of
large software, both static and mobile code, to
detect, identify malicious code, sleeper codes,
and exploitable vulnerabilities and to determine
and understand the potential impact on the
life-cycle of the codes. - Current testing approaches are largely manual
rather than automated
9Focus Distributed Ad Hoc Trust/ Multi-Level Trust
- A mobile ad hoc network (MANET) is a network
formed in a spontaneous manner without any
central administration or with few connections to
other fixed networks (i.e., an autonomous system
of mobile nodes). - The absence of the pre-existing knowledge between
the nodes and no trusted central server make
traditional trust establishment mechanisms and
assumptions inappropriate. The communication
among nodes is prone to security attacks and
nodes can be easily compromised. - Attacks such as wormhole and DoS can compromise
routes through spoofing ARP or IP packets
(passively/actively). Threshold cryptography is
an example of one solution but suffers in cases
of bandwidth constraints and energy conservation
so an efficient implementation of the scheme is
critical. - A multi-level trust model is needed, in which a
device's capabilities in the network are
determined by the level of trust assigned to them
and the trust level is determined by the
certificates issued by their peers.
10Workshop Goals
- Establish and Foster Environment for
Collaborative Research and Development between
CSIIR and Academia. - Develop 3 4 research topics relevant to the
Focus Areas for the summer program - Research topics to include
- Concepts must support and/or complement the focus
areas - Targeted problem/focus areas clearly articulated
- Approach must be innovative - leading to
breakthrough - Deliverables must be tangible
- Milestones
- Summer Research Program
- One to three research proposals will be funded
this summer - Research will be performed jointly at ORNL
11Lets Begin
1st Annual Visiting Professor Collaborative
Research Program (VPCRP) Workshop March 14 15,
2005 Oak Ridge National Laboratory Frederick T.
Sheldon, Ph.D. Software Engineering for Secure
and Dependable Systems Lab http//www.csm.ornl.gov
/sheldon http//www.ioc.ornl.gov
12CSIIR Landscape I
- Information infrastructure consists of
technologies and capabilities for gathering,
handling, and sharing information accessible to,
or commonly depended upon by, multiple
organizations, within a single enterprise, a
critical infrastructure sector (e.g.,
banking/finance), the U.S. Government, the nation
as a whole, or transnationally. - Information infrastructure includes
well-engineered systems as well as poorly
configured systems in businesses and homes.
13CSIIR Landscape II
- United States Private, academic, and public
sectors invest significantly in cyber security. - The commercial sector primarily performs cyber
security research as an investment in future
products and services. - Public sector also funds RD in cyber security,
the majority of this activity focuses on the
specific missions of the government agency
funding the work. - Thus, broad areas of cyber security remain
neglected or underdeveloped. - Therefore, our agenda identifies the
high-priority gaps, . . . - RD problems of significant value to the security
of the information infrastructure that are either
not funded or under-funded within the collection
of private sector and government-sponsored
research in the U.S., but are expected to become
significant foci in the future.
14National Agenda
- Enterprise Security Management
- Trust Among Distributed Autonomous Parties
- Discovery and Analysis of Security Properties and
Vulnerabilities - Secure System and Network Response and Recovery
- Traceback, Identification, and Forensics
- Wireless Security / MANET
- Metrics and Models
15Workshop Format
- Informal
- Open
- In the time available, we hope to
- Develop a coherent strategy for
- Short term initiative(s) designed to yield
successful fruit, as well as the seeds - Long term path forward
- Discover our individual/cooperative capabilities
- Gain a historical perspective / facilities
programs - Vision for research common ground
16A Word About EHS and Security I
- Maintain a safe workplace environment complying
with all procedures and ESH. In day-to-day
activities be aware of potential safety issues
and provide an example of safety compliance. The
assembly point, in case of alarm, is due west of
this, the JICS building. - Laboratory area encompassing 330 acres, with
outlying facilities and waste management storage
areas utilizing another 1,125 acres. The main
Laboratory area is designated as a Property
Protection Area (PPA) as are outlying facilities
and waste management storage areas. - Located within the main Laboratory PPA are a
number of islands of security (including fourteen
14 separate and distinct Limited Areas and one
Protected Area) which are formally designated and
signed as security areas, for which physical
protection is provided, and for which definitive
access controls are applied. Because we use
various hazardous materials, it is important that
you are alert to all special instructions, signs,
tags, and barriers. The ORNL campus, owing to its
role in the Manhattan Project and other
pioneering activities of the atomic age, is
posted as a "Controlled Area" and includes
several radiological areas. These radiological
areas pose little, if any, risk to the staff and
visiting public when properly observed.
17A Word About EHS and Security II
- Visitor Computer Access Limits Limited computer
access is allowed for visitors. Use of ORNL
computers for computer access is limited to
browsing external web sites , public
(non-internal) ORNL web sites and to read email
at remote locations. You may access the visitors
wireless network using your ORNL issued badge
number using your own computer. - as a minimum on the day of arrival, in addition
to the initial site access orientation the host
should ensure the visitor(s) receives a briefing
which includes the specific areas where the
visitor(s) may access, those areas they should
not access, the specific area in which they may
park their private vehicles, the route of travel
to be taken in accessing authorized facilities,
emergency signals for the site, emergency egress
procedures, etc. - Security Police Officers/Security Officers
assigned to the Protective Force at ORNL portals
may check vehicles transporting the visitor for
the presence of prohibited articles. Visitor(s)
will be provided a Site Access Orientation
Brochure and further be briefed regarding rules
of conduct and prohibited items such as weapons,
explosives, drugs, drug paraphernalia, etc.
Permitted hours of access of foreign national
visitors and guest assignees to ORNL, the regular
work day hours are designated as 600 a.m. to
800 p.m., Monday through Friday.
18(No Transcript)
19(No Transcript)
20(No Transcript)
21Monday Morning
- 800 a.m. Coffee and pastries
- 810 a.m. Welcome April McMillin, Introduction
and overview Joe Trien - 830 a.m. Fast Abstracts Round Robin 3-5 minutes
per person as follows - Mili, Kafura, Yoo, Che, McGregor, Schumann,
Park, Arazi, Prowell, Langston, Shankar/Sheldon - 915 a.m. Presentation by Nagi Rao (ORNL/CSMD),
Infrastructure and Protocols for Dedicated
Bandwidth Channels - 945 a.m. Prof. Ali Mili (N.J. Institute of
Tech./CS), An Integrated Approach to Security
Management - 1030 a.m. Break
- 1045 a.m. Prof. Dennis Kafura (Virginia
Tech./CS), Policy Delegation and Dynamic Policy
for Authorization in Pervasive Cyber
Infrastructures - 1130 a.m. Prof. Seong-Moo Yoo (Univ. of AL
Huntsville/CSE), Case Based Reasoning Approach
to Intrusion Detection - 1215 a.m. Lunch at cafeteria (across the const
site due East)
22Monday Afternoon
- 115 a.m. Prof. Che Hao (Univ. of TX at
Arlington/CSE), Detection and Containment
Algorithms and High Speed Dynamic Filtering - 200 p.m. Prof. John McGregor (Clemson Univ./CS),
Techniques for Validating the Security Quality
Attributes of Infrastructure Software - 245 p.m. 30 min Open Discussion (Concepts,
Approach, Deliverables, Targeted Problem
Areas) - 315 p.m. SNS Tour (Van available)
- 415 p.m. Return to JICS building
- 430 p.m. Professor Arazi (Univ. of Kentucky/CS),
Wireless Sensor Networks Security - 515 p.m. Return to Hotel
23Monday Evening
- 600 p.m. Van picks everyone up from the Hampton
lobby at Cedar Bluff - 630 p.m. Reservation at Calhouns on the River,
Lenoir City - Dinner and Open Issues Discussion
- 800 p.m. Dr. Sheldon (CSED/ CSIIR), Wrap-up of
Day 1 and Agenda for Day 2
24Tuesday Morning
- 800 a.m. Coffee and pastries
- 815 a.m. Dr. R. Abercrombie and R. Walker (CSED/
CSIIR), DoD/DHS Infrastructure Applications - 845 a.m. Dr. Johann Schumann (NASA/Ames), Design
Tools for Reliable Secure Communication
Software - 930 a.m. Prof. Jung-Min Park (Virginia
Tech./ECE), Defending Against Denial-of-Service
Attacks in Wired and Wireless Networks - 1015 a.m. Break
- 1030 a.m. Arjun Shankar (ORNL/CSED), Fusing
Intrusion Data for Pro- Active Containment - 1100 a.m. Prof. Stacy Prowell (Univ. of TN/CS
and SEI), Automated Program Behavior Analysis - 1130 p.m. Prof. Mike Langston (Univ. of TN/CS),
Trusted Computing Amidst Untrustworthy
Intermediaries - 1200 p.m. Open Discussion Agenda by Joe Trien
25Tuesday Afternoon
- 1215 p.m. 3 Hour Working Lunch (catered) Open
Discussion - Develop research topics for the summer program
- Research topic areas to include
- Concepts, approach, and deliverables
- Targeted problem areas and time table
- Identify research strategies for sustained
funding - 315 p.m. Closing remarks
- 330 p.m. National Transportation Research Center
(NTRC) Tour (Van available) - 400 p.m. Return to Visitor Center for Departure
26Weeks and Months Ahead
- Based on the group consensus, lets decide how to
proceed with our research thrusts