1 Cyber Security A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 15, 2016

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Advertisements

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
The Future: Evolution of the Technology Ravi Sandhu Chief Scientist TriCipher, Inc. Los Gatos, California Executive Director and Chaired Professor Institute.
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director February © Ravi Sandhu.
1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,
1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11
1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Future of Access Control: Attributes, Automation, Adaptation
Attribute-Based Access Control Models and Beyond
1 What is the Game in Cyber Security? Ravi Sandhu Executive Director and Endowed Professor February 2011
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Privacy and Access Control: How are These Two Concepts Related? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT Panel June 3, 2015
1 Cyber Security Grand Challenges and Prognosis Prof. Ravi Sandhu Executive Director and Endowed Chair
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 The Challenge of Data and Application Security and Privacy (DASPY) Ravi Sandhu Executive Director and Endowed Professor March 23, 2011
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Challenges of Cyber Security Education at the Graduate Level Ravi Sandhu Executive Director and Endowed Professor Nov. 9, 2012
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Virtualization Prof. Ravi Sandhu Executive Director and Endowed Chair February 7, © Ravi Sandhu World-Leading.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 The Quest for Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 8, © Ravi Sandhu.
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Views of Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair March 25, © Ravi Sandhu.
1 Understanding Which New Threats Operators Can Expect To Face Within The Next Two To Five Years To Improve The On- Going Management Of Security Systems.
1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SecurIT 2012 August 17,
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
1 Secure Cloud Computing: A Research Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair Texas Fresh Air Big Data and Data Analytics Conference.
INSTITUTE FOR CYBER SECURITY 1 Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security.
Past, Present and Future
Security and Privacy in the Networked World
Introduction to Cyber Security
Introduction and Basic Concepts
Executive Director and Endowed Chair
The Future of Access Control: Attributes, Automation and Adaptation
Cyber Security Research: Applied and Basic Combined*
Challenge-Response Authentication
Security and Privacy in the Age of the Internet of Things:
Intersection of Data, Policy and Privacy
Authentication and Authorization Federation
Cyber Security and Privacy: An Optimist’s Perspective
Big Data and Privacy Panel Prof. Ravi Sandhu
Executive Director and Endowed Chair
Cyber Security Trends and Challenges
World-Leading Research with Real-World Impact!
Challenge-Response Authentication
Application-Centric Security
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
World-Leading Research with Real-World Impact!
Access Control Evolution and Prospects
Presentation transcript:

1 Cyber Security A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 15, © Ravi Sandhu World-Leading Research with Real-World Impact! CS 6393 Lecture 1

 Cyberspace will become orders of magnitude more complex and confused very quickly  Cyber and physical distinction will disappear  Threats will go beyond money to physical harm and danger to life and body  Overall this is a very positive development and will enrich human society  It will be messy but need not be chaotic!  Cyber security research and practice are loosing ground © Ravi Sandhu 2 World-Leading Research with Real-World Impact! Prognosis

© Ravi Sandhu 3 World-Leading Research with Real-World Impact! Security Objectives INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure

© Ravi Sandhu 4 World-Leading Research with Real-World Impact! Security Objectives INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose

© Ravi Sandhu 5 World-Leading Research with Real-World Impact! Security Objectives INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose USAGE

© Ravi Sandhu 6 World-Leading Research with Real-World Impact! Security Objectives Single Enterprise owns all the information employs all the users Multiple Interacting Parties no one owns all the information no one can unilaterally impose policy on all the users More than 2 decades of encryption versus privacy debate

 Computer security  Information security =  Computer security + Communications security  Information assurance  Mission assurance  Includes cyber physical © Ravi Sandhu 7 World-Leading Research with Real-World Impact! Cyber Security Scope

 What is fundamental to cyber security?  Where are the boundaries of a cyber system?  What are the goals of cyber security? © Ravi Sandhu 8 World-Leading Research with Real-World Impact! Fundamental Challenge

 Enable system designers and operators to say: This system is secure © Ravi Sandhu 9 World-Leading Research with Real-World Impact! Cyber Security Goal

 Enable system designers and operators to say: This system is secure  There is an infinite supply of attacks © Ravi Sandhu 10 World-Leading Research with Real-World Impact! Cyber Security Goal Not attainable

 Enable system designers and operators to say: This system is secure enough © Ravi Sandhu 11 World-Leading Research with Real-World Impact! Cyber Security Goal Many successful examples

 The ATM (Automatic Teller Machine) system is  secure enough  global in scope  Not attainable via current cyber security science, engineering, doctrine  not studied as a success story  Similar paradoxes apply to  on-line banking  e-commerce payments © Ravi Sandhu 12 World-Leading Research with Real-World Impact! The ATM Paradox

 US President’s nuclear football  Secret formula for Coca-Cola © Ravi Sandhu 13 World-Leading Research with Real-World Impact! High Assurance Cyber Security

 Enable system designers and operators to say: This system is secure enough  In an innovative ecosystem the innovation drive will ensure that the bar for enough will be fairly low © Ravi Sandhu 14 World-Leading Research with Real-World Impact! Cyber Security Goal

Productivity-Security  Cyber Security is all about tradeoffs © Ravi Sandhu 15 World-Leading Research with Real-World Impact! ProductivitySecurity Let’s build it Cash out the benefits Next generation can secure it Let’s not build it Let’s bake in super-security to make it unusable/unaffordable Let’s sell unproven solutions There is a middle ground We don’t know how to predictably find it

 Develop a scientific discipline  to predictably find the sweet spots for different application and mission contexts  to predictably find, incentivize and deploy microsec that leads to desirable macrosec outcomes  that can be meaningfully taught in Universities at all levels: BS, MS, PhD  Prognosis  we shall succeed (we have no choice)  but we need to change to succeed © Ravi Sandhu 16 World-Leading Research with Real-World Impact! Grand Challenges

 Computer scientists could never have designed the web because they would have tried to make it work.  But the Web does “work.”  What does it mean for the Web to “work”?  Security geeks could never have designed the ATM network because they would have tried to make it secure.  But the ATM network is “secure.”  What does it mean for the ATM network to be “secure”? © Ravi Sandhu 17 World-Leading Research with Real-World Impact! Butler Lampson Paraphrased (I think)

18 Bellovin’s Slides digression © Ravi Sandhu World-Leading Research with Real-World Impact!

© Ravi Sandhu 19 World-Leading Research with Real-World Impact! PEI Models Idealized Enforceable (Approximate) Codeable

 Trojan horse/malware  Covert channels/side channels  Inference  Analog hole  Assured enforcement  Privilege escalation  Policy comprehension and analysis  Predicting value and future usage of data  ….. © Ravi Sandhu 20 World-Leading Research with Real-World Impact! Limits on Security

21 Reference Material digression © Ravi Sandhu World-Leading Research with Real-World Impact!