Transcript Language-based Security Dr. Kevin W. Hamlen - CSI
Cyber Security Research and Education Institute (CSI) The University of Texas at Dallas
FEARLESS
engineering
April 1, 2013
4/27/2020 1
Our History
•
NSA/DHS Center for Excellence in Cyber Security Education June 2004
•
Cyber Security Research Center (CSRC) Established October 4, 2004
•
NSA/DHS Center for Excellence in Cyber Security Research June 2008
•
Cyber Security Research and Education Center (CySREC) Established September 2010
•
Cyber Security Research and Education Institute (CSI) Established April 1, 2013 FEARLESS
engineering
Our Faculty
Founder
• Bhavani Thuraisingham, PhD, DEng (U of Wales, U of Bristol - UK) October 2004
Core Faculty
• Alvaro Cardenas, PhD (U of MD) Spring 2013 - Control Systems Security • Yvo Desmedt, PhD (U. Leuven-Belgium) Fall 2012 - Cryptography • Kevin Hamlen, PhD (Cornell) Fall 2006 - Language and Software Security • Murat Kantarcioglu, PhD (Purdue) Fall 2005 - Data Security and Privacy • Zhiqiang Lin, PhD (Purdue) Fall 2011 - Systems Security and Forensics • Yiorgos Makris, PhD (UC San Diego) Fall 2011 - Hardware Security • Kamil Sarac, PhD (UC Santa Barbara) Spring 2010 - Network Security • Latifur Khan, PhD (U of Southern CA) Spring 2005 - Data Mining for Security Several additional faculty are affiliated with the Center from ECS, SOM, EPPS, BBS, NSM. They bring expertise in: Risk Analysis, Economics of Security, Game Theory for Modelling the Adversary, and Psychology of Hackers, among others.
FEARLESS
engineering
• • • • • • • •
Our Accomplishments
NSA/DHS Center for Excellence in Education (2004) and Research (2008) $20m in Research Funding and $3m in Education funding Prestigious grants and contracts including: Multiple NSF Career, AFOSR YIP, DoD MURI Fellowships and Awards:
•
IEEE, AAAS, IACR Fellowships; IEEE and ACM Awards
•
e.g., IEEE CS Technical Achievement, IEEE SMC/Homeland Security Technical Achievement Numerous keynote addresses, top-tier journal and conference publications, open source tools and prototypes, patents Collaborative research with AFRL, Raytheon, Rockwell Known for Interdisciplinary Research PhD Student placements at IBM TJ Watson, Google Privacy, Microsoft, Amazon, Clemson U, … FEARLESS
engineering
FEARLESS
engineering
Our Sponsors
FEARLESS
engineering
Our Academic Collaborators
Project Coordinator
Ms Rhonda Walls
CSI Organization
Cyber Security Research and Education Institute (CSI)
Dr. Bhavani Thuraisingham
Executive Director Chief Scientist
Dr. Yvo Desmedt Education Center Dr. Kamil Sarac
• NSF SFS Program • DoD IASP • NSF Secure Cloud • TexSAW • Cyber Security Certificate Programs
Research Centers
Data Security/Privacy
Dr. Murat Kantarcioglu
Active Malware Defense
Dr. Kevin Hamlen
Security Analytics
Dr. Latifur Khan
Secure Cloud
Dr. Bhavani Thuraisingham Research Labs
Systems Security/ Virtualization
(Dr. Zhiqiang Lin)
Applicable Cryptopraphy
(Dr. Yvo Desmedt)
Hardware Security
(Dr. Yiorgos Makris)
Critical Infrastructure
(Dr. Alvaro Cardenas)
Network Security
(Dr. Kamil Sarac)
Cyber Operations
Dr. Han Kallberf Industry Sponsors and Collaborators
VMware Sandia Raytheon Rockwell Tektronix Sandia IBM Cisco Nokia
Affiliated Centers and Labs
Intl. Center for Decision and Risk Analysis
(Dr. Alain Bensoussan)
Center for Crime and Justice Studies
(Dr. Robert Morris)
Cognitive Neuro Science
(Dr. Daniel Krawczyk and Dr. James Bartlett)
Statistics
(Dr. Michael Baron) NSF IUCRC (Dr. Farokh Bastani) FEARLESS
engineering
Research Thrust - 1
•
Active Malware Defense
–
Sponsors: AFOSR, NSF, NASA, Sandia, ONR
– – – –
Reactively Adaptive Malware and Frankenstein Reverse Engineering for Malware Detection Android Malware Detection Novel Data/Stream Mining Techniques for
•
Malware detection
• •
Insider threat analysis Intrusion detection
– –
Host Health Management Risk Analysis for Botnets FEARLESS
engineering
Research Thrust - 2
•
Data Security and Privacy
–
Sponsors: AFOSR, NSF, NIH, ARO
– – – –
Privacy Preserving Record Linkage and Mining Adversarial Data Mining Secure Data Provenance Policy and Incentive-based Assured Information Sharing
– – –
Security and Privacy for Social Networks Inference Control Risk-aware Data Security and Privacy FEARLESS
engineering
Research Thrust - 3
• – – – –
Secure Cloud Computing
–
Sponsors: AFOSR, VMware
–
Virtual Machine Introspection and VM Space Traveler
– – –
Secure Virtualization Hybrid Cloud Security Secure Cloud Data Storage Secure Cloud Query Processing Cloud-based Assured Information Sharing Cloud-based Malware Detection Cloud Forensics FEARLESS
engineering
Research Thrust - 4
• – – – –
Systems/Language/Networks/Hardware Security
–
Sponsors: AFOSR, NSF, ARO, DARPA, CISCO
– – –
Safe Re-use Oriented Reverse Engineering Binary Code Analysis In-Line Reference Monitor Hardware Trojan Detection Network Measurements Control Systems Security Cryptographic Techniques FEARLESS
engineering
Research Thrust - 5
• – – – –
Data/Security Analytics
–
Sponsors: IARPA, Raytheon, Tektronix, Nokia, NASA, NGA, AFOSR
–
Semantic Web Data Management and Integration Geospatial Data Management and Integration Stream-based Novel Class Detection for Text Social Network Data Analytics Multimedia Data Management and Mining FEARLESS
engineering
•
Education Thrust
Sponsors: NSF, DoD
– – – – –
NSF SFS Scholarship for Service DoD IA Scholarship NSF Assured Cloud Computing Degrees and Certificates Courses Offered
•
Computer/Information Security, Network Security, Data and Applications Security, Digital Forensics, Cryptography, Data Privacy, Secure Web Services, Secure Cloud Computing, Hardware Security, CISSP Modules
•
Secure Social Networks, Data Mining for Security, Big Data Analytics, Critical Infrastructure Protection, Biometrics, Security Engineering FEARLESS
engineering
Current Proposal Efforts
• •
Research
–
Attack attribution
–
Studying hacker behavior to develop more secure information systems
–
Cyber operations Education
–
Interdisciplinary education program between ECS, SOM, EPPS, BBS
–
IGERT (Integrative Graduate Education and Research Traineeship Program
–
Cyber security in the systems engineering program FEARLESS
engineering
• • •
Intellectual Property and Technology Transfer
Tweethood – Dr. Latifur Khan
–
Patent pending technology that started with location mining on Tweets and extended to mining several demographic attributes
–
Complete system built around Tweethood
–
Presented to CIA and USAF, and CIA will introduce the technology to IN-Q-TEL VM Space Traveler – Dr. Zhiqiang Lin
– –
Patent pending technology on virtualization security VMware has expressed interest in licensing; 70K gift from VMware for further development SNOD – Stream-based Novel Class Detection
•
Patent pending technology jointly by Dr. Latifur Khan and Dr. Jiawei Han (UIUC)
• •
System being developed around SNOD IBM has expressed interest in licensing FEARLESS
engineering
• • • •
Our Outreach Examples
Numerous Press Releases and TV Appearances
–
e.g., When President Bush family emails were hacked, LA Times came to UTD for inputs
–
Articles in Economist, New Scientist, NBC News, Boston Globe Resource for Major Corporations in Cyber Security
–
One of 12 Cyber Security Research & Education Programs in the World interviewed by IBM T. J. Watson Center for a Best Practices Report
–
Courses for AFCEA PDC and numerous AF Bases and DoD Agencies Significant Impact on Cyber Operations
–
e.g., Articles in the Journal Forces Quarterly -Top Military Journal Substantial Innovations
–
IP Disclosures, Patents
–
Spin-off technologies (e.g., Integration and Mining Social Networks for Threat Evaluation, Analysis and Prediction)
– –
Other spin-offs planned (e.g., Malware detection system) Open source tools in Cyber Security and Data Analytics FEARLESS
engineering