1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Industry-Academia Research Synergy: Fantasy or Reality? Ravi Sandhu Executive Director and Endowed Professor Institute for.
Advertisements

SACMAT 2002 Panel Making Access Control More Usable Ravi Sandhu
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013
1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11
1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
Attribute-Based Access Control Models and Beyond
1 What is the Game in Cyber Security? Ravi Sandhu Executive Director and Endowed Professor February 2011
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Cyber Security Grand Challenges and Prognosis Prof. Ravi Sandhu Executive Director and Endowed Chair
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 Challenges of Cyber Security Education at the Graduate Level Ravi Sandhu Executive Director and Endowed Professor Nov. 9, 2012
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
1 Group-Centric Models for Secure Information Sharing Prof. Ravi Sandhu Executive Director and Endowed Chair March 30, 2012
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013
1 Cyber Security A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 15, 2016
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Challenges of Cyber Security Education at the Graduate Level Ravi Sandhu Executive Director and Endowed Professor July 27, 2011
1 Understanding Which New Threats Operators Can Expect To Face Within The Next Two To Five Years To Improve The On- Going Management Of Security Systems.
1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SecurIT 2012 August 17,
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
1 Secure Cloud Computing: A Research Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair Texas Fresh Air Big Data and Data Analytics Conference.
Institute for Cyber Security
What can Technologists learn from the History of the Internet?
Security and Privacy in the Networked World
An Access Control Perspective on the Science of Security
Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.
UTSA's New Center Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director of ICS and C-SPECC Professor.
Introduction to Cyber Security
Introduction and Basic Concepts
Institute for Cyber Security: Research Vision
Attribute-Based Access Control: Insights and Challenges
Cyber Security Research: Applied and Basic Combined*
On the Value of Access Control Models
Institute for Cyber Security
Institute for Cyber Security
ABAC Panel Prof. Ravi Sandhu Executive Director and Endowed Chair
Institute for Cyber Security
Attribute-Based Access Control (ABAC)
Cyber Security Research: Applied and Basic Combined*
Institute for Cyber Security: Research Vision
Security and Privacy in the Age of the Internet of Things:
Intersection of Data, Policy and Privacy
UTSA Cyber Security Ecosystem
Attribute-Based Access Control: Insights and Challenges
Cyber Security and Privacy: An Optimist’s Perspective
Identity and Access Control in the
Executive Director and Endowed Chair
Cyber Security Trends and Challenges
World-Leading Research with Real-World Impact!
Institute for Cyber Security Overview
ASCAA Principles for Next-Generation Role-Based Access Control
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
Attribute-Based Access Control (ABAC)
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
Access Control Evolution and Prospects
Presentation transcript:

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber Security University of Texas at San Antonio IIT Roorkie, Cognizance 2014 March 21, © Ravi Sandhu World-Leading Research with Real-World Impact! Institute for Cyber Security

© Ravi Sandhu 2 World-Leading Research with Real-World Impact! Cyber Security Status MicroSecurity  Not too bad  About as good as it is going to get  Criminals can only defraud so many  Big government/big business are real threats MacroSecurity  New arena for researchers  Highly asymmetric, includes offense, clandestine  Dual goals: strong offense, strong defense  Cyber should be controllable Nuclear, chemical, biological have been “controlled”

Perennial State of Cyber Security Micro-security Macro-security © Ravi Sandhu 3 World-Leading Research with Real-World Impact!

 ≈ 2010 US Department of Defense epiphanies  A new domain akin to land, sea, air and space  Have and use offensive cyber weapons  Malware penetrations in highly classified networks  Consumerization of cyberspace  Anytime, Anywhere, Anything  BYOD: Bring your own device  BYOC: Bring your own cloud  Entanglement of cyber-physical-social space  Just starting © Ravi Sandhu 4 World-Leading Research with Real-World Impact! 21 st Century Cyberspace

 Enable system designers and operators to say: This system is secure  There is an infinite supply of low-hanging attacks © Ravi Sandhu 5 World-Leading Research with Real-World Impact! Cyber Security Goal Not attainable

 Enable system designers and operators to say: This system is secure  There is an infinite supply of low-hanging attacks  Alternate goal: This system is as secure as possible More secure is always better © Ravi Sandhu 6 World-Leading Research with Real-World Impact! Cyber Security Goal Not attainable Not appropriate

 Enable system designers and operators to say: This system is secure “enough”  Mass scale, rather low assurance  ATM network, On-line banking, E-commerce  One of a kind, extremely high assurance  US President’s nuclear football © Ravi Sandhu 7 World-Leading Research with Real-World Impact! Cyber Security Goal Many successful examples

 Enable system designers and operators to say: This system is secure “enough”  Mass scale, rather low assurance  ATM network, On-line banking, E-commerce  One of a kind, extremely high assurance  US President’s nuclear football © Ravi Sandhu 8 World-Leading Research with Real-World Impact! Cyber Security Goal Many successful examples Science EngineeringBusiness

© Ravi Sandhu 9 World-Leading Research with Real-World Impact! Cyber Security Ecosystem Science EngineeringBusiness Distinguishing Characteristics of Cyber/Cyber Security  Cyberspace is an entirely man-made domain  Evolves rapidly and unpredictably  Validation primarily with respect to future systems Science explains the cause of observed phenomenon

© Ravi Sandhu 10 World-Leading Research with Real-World Impact! Cyber Security Ecosystem Science EngineeringBusiness Distinguishing Characteristics of Cyber/Cyber Security  Cyberspace is an entirely man-made domain  Evolves rapidly and unpredictably  Validation primarily with respect to future systems Science explains the cause of observed phenomenon and enables better construction of future systems

© Ravi Sandhu 11 World-Leading Research with Real-World Impact! Scientific Method: Natural Sciences Hypothesis Prediction Experimentation Prediction Confirmed Prediction Falsified Hypothesis → Law Reject Hypothesis

© Ravi Sandhu 12 World-Leading Research with Real-World Impact! Scientific Method: Natural Sciences Hypothesis Prediction Experimentation Prediction Confirmed Prediction Falsified Hypothesis → Law Reject Hypothesis Paradigms

© Ravi Sandhu 13 World-Leading Research with Real-World Impact! Heliocentric versus Geocentric

© Ravi Sandhu 14 World-Leading Research with Real-World Impact! Epicycles

© Ravi Sandhu 15 World-Leading Research with Real-World Impact! Circles versus Ellipses

© Ravi Sandhu 16 World-Leading Research with Real-World Impact! Scientific Method: Cyber Sciences Hypothesis Prediction Experimentation Prediction Confirmed Prediction Falsified Hypothesis → Law Reject Hypothesis Science explains the cause of observed phenomenon and enables better construction of future systems Paradigms

© Ravi Sandhu 17 World-Leading Research with Real-World Impact! Science Quadrants Fundamental Understanding LH H L Utility EdisonPasteur Bohrjunk Donald Stokes, 1997 Pasteur’s Quadrant: Basic Science and Technological Innovation

© Ravi Sandhu 18 World-Leading Research with Real-World Impact! Cyber Science Quadrants Fundamental Understanding LH H L Jobs Cerf-Kahn Turingjunk Utility

© Ravi Sandhu 19 World-Leading Research with Real-World Impact! Cyber Security Quadrants Fundamental Understanding LH H L ?? junk Utility

20 World-Leading Research with Real-World Impact! Access Control Decomposition © Ravi Sandhu Policy Specification Policy Enforcement Policy Administration

21 World-Leading Research with Real-World Impact! Access Control Decomposition © Ravi Sandhu Policy Specification Policy Reality Policy Enforcement Policy Administration

© Ravi Sandhu 22 World-Leading Research with Real-World Impact! Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ????

© Ravi Sandhu 23 World-Leading Research with Real-World Impact! Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? RBAC can be configured to do MAC or DAC

© Ravi Sandhu 24 World-Leading Research with Real-World Impact! Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Fixed Policy Flexible Policy

© Ravi Sandhu 25 World-Leading Research with Real-World Impact! Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Human Driven Automated Adaptive

© Ravi Sandhu 26 World-Leading Research with Real-World Impact! Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Messy or Chaotic?

Perennial State of Cyber Security Micro-security Macro-security © Ravi Sandhu 27 World-Leading Research with Real-World Impact!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.