1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Dependable Data Management April 15, 2011

2. Outline of the Unit l Secure Dependable Data Management l Secure Real-time Data Management l Secure Sensor Information Management l Reference - Jungin Kim, Bhavani M. Thuraisingham: Dependable and Secure TMO Scheme. ISORC 2006: 133-140 Jungin KimISORC 2006 - Jungin Kim, Bhavani M. Thuraisingham: Design of Secure CAMIN Application System Based on Dependable and Secure TMO and RT-UCON. ISORC 2007: 146-155 Jungin KimISORC 2007 - Vana Kalogeraki, Dimitrios Gunopulos, Ravi S. Sandhu, Bhavani M. Thuraisingham: QoS Aware Dependable Distributed Stream Processing. ISORC 2008: 69-75 Vana KalogerakiDimitrios GunopulosRavi S. SandhuISORC 2008

3. Secure Dependable Information Management: What is it? l Features of Secure Dependable Information Management - secure information management - fault tolerant information Management - High integrity and high assurance computing - Real-time computing - Trust management - Data Quality - Data Provenance

4. Secure Dependable Information Management: Integration l Integration of the different Features - Quality of Service - Need end-to-end dependability? - Dependable OS, Dependable data management, Dependable middleware, Dependable networks

5. Secure Dependable Information Management: Integration

6. Secure Dependable Information Management: Conflict Resolution l Conflicts between different features - Security, Integrity, Fault Tolerance, Real-time Processing - E.g., A process may miss real-time deadlines when access control checks are made - Trade-offs between real-time processing and security l What are the problems? - Access control checks vs real-time constraints - Covert channels (Secret process could be a high priority process and an Unclassified process could be a low priority process) - Time critical process could be malicious l Need Flexible policies - Real-time processing may be critical during a mission while security may be critical during non-operational times

7. Secure Dependable Information Management Example: Next Generation AWACS Technology provided by the project Hardware Display Processor & Refresh Channels Consoles (14) Navigation Sensors Data Links Data Analysis Programming Group (DAPG) Future App Future App Future App Multi-Sensor Tracks Sensor Detections MSI App Data Mgmt. Data Xchg. Infrastructure Services Security being considered after the system has been designed and prototypes implemented Challenge: Integrating real-time processing, security and fault tolerance Real-time Operating System

8. Secure Dependable Information Management: Integration

9. Secure Dependable Information Management: Directions for Research l Challenge: How does a system ensure integrity, security, fault tolerant processing, and still meet timing constraints? - Develop flexible security policies; when is it more important to ensure real-time processing and ensure security? - Security models and architectures for the policies; Examine real- time algorithms – e.g.,query and transaction processing - Research for databases as well as for applications; what assumptions do we need to make about operating systems, networks and middleware? l Data may be emanating from sensors and other devices at multiple locations - Data may pertain to individuals (e.g. video information, images, surveillance information, etc.) - Data may be mined to extract useful information - Privacy Preserving Surveillance

10. Real-time Information Management l Real-time Operating Systems - E.g., Lynx OS l Real-time Data Management - Transactions must meet timing constraints - E.g., RT-Zip (product developed in the early 1990s) l Real-time Middleware - E.g., RT-ORB (www.omg.org) l Real-time networks - Real-time message passing l Need end-to-end real-time processing capability

11. Real-time Data Management

12. Real-time Data Management Management: Data Model l Data models such as relational and object models have time parameters l Data has timestamp as to when it was last updated l Data must be kept current and updated to meet timing constraints - E.g., Data cannot be more than 1 day old l Data processing algorithms (e.g., methods in an object model) must meet timing constraints - E.g., queries and transactions have to complete within a certain time

13. Real-time Data Management : Query l Queries have to meet timing constraints l Certain queries may be more important than the others - E.g. queries with short timing constraints l Queries are processed in such a way that all queries must meet the deadlines as much as possible l What happens if the deadlines are not met?

14. Real-time Data Management : Transactions l Transactions have to meet timing constraints l Transactions are assigned priorities depending on their deadlines - Those with shorter deadlines may be given higher priorities l Transactions with higher priorities are given resources such as locks’ l If transactions T1 has priority 8 and Transactions T2 has priority 5 and if both are competing for locks at these same time, T1 is given the lock l If T1 is waiting for a lock that T2 has, then should T2 be aborted and the lock given to T1?

15. Conflict between Security and Real-time Processing l Suppose transaction T1 has priority 8 and Transactions T2 has priority 5 l Assume that T2 is Unclassified and T1 is Secret l If T1 is waiting for a lock that T2 has, then one possibility is to abort T2 and give the lock to T1 l However T2 is Unclassified. Therefore actions of a Secret transaction have interfered with those of an unclassified transaction – potential for covert challenges l Should the system ensure that deadlines are met or should the system ensure security? l Access control checks also take time. Therefore in case of emergency should these checks be ignored? l Malicious code may tamper with the real-time constraints

16. Aspects of Data Quality Annotations: Use annotations to specify data quality Parameters; Develop an algebra for data quality Data Mining: Data mining to improve data quality; Need good quality data to carry out useful data mining Components of Aspects of Data Quality Semantic web and data quality: Data quality for the layers: XML, RDF, Ontologies, Interoperability, Query/Rules Security and data quality: Tradeoffs between ensuring data quality and confidentiality; Quality of service management techniques

17. Data Provenance l Keep track of where the data has come from and who has handled the data - Data source and how the data has arrived to the current positions - From A to B to C to D etc. l Use annotations for data provenance: document data - Can you trust the data source? - Has misinformation been given and if so at which point? - Has data been misused?

18. Applications l Protecting Critical Infrastructures - Power lines and Grids - Telecommunications - Food and water supplies - Reservoirs - Gas supplies - National Information Infrastructures l Protecting Information for the War fighters and Missions - Getting the right and secure information at the right time

19. Secure Sensor Information Management l Sensor network consists of a collection of autonomous and interconnected sensors that continuously sense and store information about some local phenomena - May be employed in battle fields, seismic zones, pavements l Data streams emanate from sensors; for geospatial applications these data streams could contain continuous data of maps, images, etc. Data has to be fused and aggregated l Continuous queries are posed, responses analyzed possibly in real- time, some streams discarded while rest may be stored l Recent developments in sensor information management include sensor database systems, sensor data mining, distributed data management, layered architectures for sensor nets, storage methods, data fusion and aggregation l Secure sensor data/information management has received very little attention; need a research agenda

20. Some Attacks on Sensors and Issues l Some attacks - Access control violations, Denial of service attacks, Sensor protocol attacks, Hardware attacks l Sensors are often places in enemy territory and are prone to various types of attacks including terrorist physical attacks l Sensors also have limited memory and resources and therefore attacks could cause many problems with little backup procedures l Wireless sensors are a special types of sensors embedded into PDAs and other devices - Many issues and challenges similar for sensors and wireless sensors - Need to carry out a comparison of the security issues involved

21. Secure Sensor Communication

22. Secure Sensor Data Manager: An Architecture

23. Secure Sensor Data Fusion: Inference Control

24. Secure Sensor Information Management: Directions for Research l Individual sensors may be compromised and attacked; need techniques for detecting, managing and recovering from such attacks l Aggregated sensor data may be sensitive; need secure storage sites for aggregated data; variation of the inference and aggregation problem? l Security has to be incorporated into sensor database management - Policies, models, architectures, queries, etc. l Evaluate costs for incorporating security especially when the sensor data has to be fused, aggregated and perhaps mined in real-time l Suspicious event detection and Privacy preserving surveillance