Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.

Slides:



Advertisements
Similar presentations
Protection of Information Assets I. Joko Dewanto 1.
Advertisements

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #26 Emerging Technologies.
Information Security Policies and Standards
1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Trust, Privacy, and Security Moderator: Bharat Bhargava 1 Coordinators: Bharat Bhargava 1, Csilla Farkas 2, and Leszek Lilien 1 1 Purdue University and.
Using Digital Credentials On The World-Wide Web M. Winslett.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
COTS Based System Security Economics - A Stakeholder/Value Centric Approach Related tool demo session: COTS Based System Security Test-bed (Tiramisu) Tuesday.
PRIVACY, TRUST, and SECURITY Bharat Bhargava (moderator)
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.
Information Systems Controls for System Reliability -Information Security-
LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.
Computer Science and Engineering 1 Service-Oriented Architecture Security 2.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
Dependability in FP 6 Brian Randell Pisa Workshop, November 2002.
Data and Applications Security Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security August.
Secure Sensor Data/Information Management and Mining Bhavani Thuraisingham The University of Texas at Dallas October 2005.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Dr. Bhavani Thuraisingham August 2006 Building Trustworthy Semantic Webs Unit #1: Introduction to The Semantic Web.
FIDIS & PRIME Project Views SecurIST Inaugural Workshop Brussels, Kai Rannenberg Goethe University Frankfurt
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
CyberInfrastructure for Network Analysis Importance of, contributions by network analysis Transformation of NA Support needed for NA.
Scott Charney Cybercrime and Risk Management PwC.
12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure.
Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Biometrics and Other Emerging Technologies in Applications.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security and Digital Forensics.
Computer Science and Engineering 1 Mobile Computing and Security.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Erik Jonsson School of Engineering and Computer Science The University of Texas at Dallas Cyber Security Research on Engineering Solutions Dr. Bhavani.
IS3220 Information Technology Infrastructure Security
Big Data Analytics Are we at risk? Dr. Csilla Farkas Director Center for Information Assurance Engineering (CIAE) Department of Computer Science and Engineering.
Information Management System Ali Saeed Khan 29 th April, 2016.
Computer Security Introduction
Data and Applications Security
Data and Applications Security Developments and Directions
CSCE 548 Secure Software Development Use Cases Misuse Cases
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security
Adaptable safety and security in v2x systems
I have many checklists: how do I get started with cyber security?
NAAS 2.0 Features and Enhancements
IS4680 Security Auditing for Compliance
Data and Applications Security Developments and Directions
Computer Security Introduction
AT2AI-4 Fourth International Symposium "From Agent Theory to Agent Implementation" An Ontological Approach to Harmonising Security Models for Open Services.
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Web Information Systems Engineering (WISE)
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Formalization of Trust, Fraud, and Vulnerability Analysis
Data and Applications Security
Albeado - Enabling Smart Energy
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Data and Applications Security
Presentation transcript:

Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University

Major Research Directions 1.Terminology and Formalization of Security, Privacy, and Trust for Data and Applications 2.Metrics for Trust, Privacy, Risk, Threats 3.New Challenges in Open, Pervasive, and Heterogeneous Environments 4.Testbeds, Experiments, Benchmarks, and Assessment 5.Legal and Social Issues, and Forensics

1. Terminology and Formalization of Security, Privacy, and Trust for Data and Applications Ontologies for Security, Privacy, and Trust Ontologies for Security, Privacy, and Trust Evidence, Credentials, Behavior Evidence, Credentials, Behavior Personal Privacy vs. Organizational Confidentiality Personal Privacy vs. Organizational Confidentiality Representations and Specifications Representations and Specifications Policies Policies Conditions Conditions Enforcement Enforcement

2. Metrics for Trust, Privacy, Risk, Threats Quantitative metrics like those in fault tolerance Quantitative metrics like those in fault tolerance Vulnerability analysis and threat evaluation Vulnerability analysis and threat evaluation Metrics for trust negotiation and privacy-for- trust trade Metrics for trust negotiation and privacy-for- trust trade Risk management Risk management Economic analysis and tradeoffs and impact on community and society Economic analysis and tradeoffs and impact on community and society

3. New Challenges in Open, Pervasive, and Heterogeneous Environ’s Foundations and common understanding Foundations and common understanding Representation, visualization Representation, visualization Uniform framework for multiple organizational and multiple administrative domains Uniform framework for multiple organizational and multiple administrative domains Conflict resolution and negotiation Conflict resolution and negotiation Data integration Data integration Aggregation and inference Aggregation and inference Data access and dissemination, and Web services Data access and dissemination, and Web services Apoptosis (clean self-destruction) and evaporation Apoptosis (clean self-destruction) and evaporation Data protection techniques: distortion, summarization, encryption and key management, integrity validation Data protection techniques: distortion, summarization, encryption and key management, integrity validation Limitations, incl. low power, small devices in mobile Limitations, incl. low power, small devices in mobile

4. Testbeds, Experiments, Benchmarks, and Assessment Security, attack, fraud benchmarks and scenarios Security, attack, fraud benchmarks and scenarios Help from community Help from community Example: IDS, attack benchmarks/scenarios Example: IDS, attack benchmarks/scenarios Tools for building benchmarks Tools for building benchmarks Testbeds Testbeds Who builds it for public access? Who builds it for public access? Simulation models like ns2 Simulation models like ns2 Validation models like TREC (info retrieval) Validation models like TREC (info retrieval) Forming repositories of data sets and software Forming repositories of data sets and software

5. Legal and Social Issues, and Forensics Forensic data management (not only for cybercrimes) Forensic data management (not only for cybercrimes) Authorization models for data capture, storing and processing Authorization models for data capture, storing and processing Legal evaluation of cyberattacks Legal evaluation of cyberattacks Collaboration with legal/social scinces experts Collaboration with legal/social scinces experts Legal ontologies Legal ontologies Legal domains (incl. jurisdiction) and interoperation Legal domains (incl. jurisdiction) and interoperation E.g., what is “trespassing” in cyberspace? E.g., what is “trespassing” in cyberspace? Lawful responses and legal argumentation Lawful responses and legal argumentation “Self-defense” analogies “Self-defense” analogies

Research Synergies Reliability Reliability Economics Economics Semantic Web Semantic Web Social Sciences and Law Social Sciences and Law …

Inference for Prevention, Detection and Reaction, Tolerance [???] Inference for Prevention, Detection and Reaction, Tolerance [???] Models of the Extended Environment [for Inference???] Models of the Extended Environment [for Inference???] Inference Paths Inference Paths Optimization of Paths Based on Constraints Optimization of Paths Based on Constraints

OLD: 2. Data and Application Metrics Metrics for Security, Privacy, Trust, Quality, … Metrics for Security, Privacy, Trust, Quality, … Vulnerability and Threat Measures Vulnerability and Threat Measures Loss Measures Loss Measures Risk Measures Risk Measures Uniform Measures Across Heterogeneous Domains Uniform Measures Across Heterogeneous Domains

3. Risk Analysis and Mitigation Economic Issues Economic Issues Modeling, Incentives, … Modeling, Incentives, …