Presentation is loading. Please wait.

Presentation is loading. Please wait.

INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.

Published bySamuel Woods Modified over 9 years ago

Similar presentations

Presentation on theme: "INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security."— Presentation transcript:

1 INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security (ICS) University of Texas at San Antonio August 2009 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu ICS: World-leading research with real-world impact

2 INSTITUTE FOR CYBER SECURITY Institute for Cyber Security Founded June 2007: still in start-up mode World leading security modeling and analysis research  Role-Based Access Control (RBAC) Model: Commercially dominant model today  Usage Control (UCON) Model: Attribute-Based Access Control on Steroids  PEI Framework: Policy (what), Enforcement (how), Implementation (how exactly)  Group-Centric Information Sharing: Sharing metaphor of meeting room  Security for Social Networks  Botnet Analysis, Detection and Mitigation  Multilevel Secure Architectures  Secure Cloud Computing World-leading research infrastructure  FlexCloud  FlexFarm © Ravi Sandhu2 ICS: World-leading research with real-world impact

3 INSTITUTE FOR CYBER SECURITY Cyber Security Objectives 3 INTEGRITY authenticity AVAILABILITY access CONFIDENTIALITY disclosure © Ravi Sandhu ICS: World-leading research with real-world impact

4 INSTITUTE FOR CYBER SECURITY Cyber Security Objectives 4 INTEGRITY authenticity AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose © Ravi Sandhu ICS: World-leading research with real-world impact

5 INSTITUTE FOR CYBER SECURITY Cyber Security Objectives 5 INTEGRITY authenticity AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose USAGE © Ravi Sandhu ICS: World-leading research with real-world impact

6 INSTITUTE FOR CYBER SECURITY Cyber Security: Major Trends 6© Ravi Sandhu ICS: World-leading research with real-world impact Major driver is the Internet which itself is in continuous transition Attackers: Morphed from A nuisance to Highly organized criminal ecosystem motivated by money Stealthy infiltrators, spies and saboteurs driven by nation states and terrorists Defenders: Morphed from Closed Enterprise-Centric era to Open Application-Centric/Technology-Centric era Dinosaurs: Mired in old-think Industry: mired in FUD (fear, uncertainty, doubt) Academia: mired in fairy tales

7 INSTITUTE FOR CYBER SECURITY Internet Architecture 7© Ravi Sandhu ICS: World-leading research with real-world impact Layer 2 Layer 1 Ethernet WiFi Cable-modem Wide-area network …… Layer 4 Layer 3 Transport: TCP, UDP Routing: IP Layer 5+IM email web social nw VOIP collaboration twitter ……

8 INSTITUTE FOR CYBER SECURITY Internet Architecture 8© Ravi Sandhu ICS: World-leading research with real-world impact Layer 2 Layer 1 Ethernet WiFi Cable-modem Wide-area network …… Layer 4 Layer 3 Transport: TCP, UDP Routing: IP Layer 5+IM email web social nw VOIP collaboration twitter …… INNOVATIONINNOVATION

9 INSTITUTE FOR CYBER SECURITY Internet Architecture 9© Ravi Sandhu ICS: World-leading research with real-world impact Layer 2 Layer 1 Ethernet WiFi Cable-modem Wide-area network …… Layer 4 Layer 3 Transport: TCP, UDP Routing: IP Layer 5+IM email web social nw VOIP collaboration twitter …… Security Infrastructure Centric Firewalls, Encryption INNOVATIONINNOVATION

10 INSTITUTE FOR CYBER SECURITY Internet Architecture 10© Ravi Sandhu ICS: World-leading research with real-world impact Layer 2 Layer 1 Ethernet WiFi Cable-modem Wide-area network …… Layer 4 Layer 3 Transport: TCP, UDP Routing: IP Layer 5+IM email web social nw VOIP collaboration twitter …… Security Infrastructure Centric Firewalls, Encryption Security Application Centric INNOVATIONINNOVATION

11 INSTITUTE FOR CYBER SECURITY Policy (What) Group-Centric Information Sharing Metaphor: Secure Meeting Room Operational aspects  What is authorized by join, add, etc.? Administrative aspects  Who authorizes join, add, etc.? Multiple groups  Inter-group relationship Group Can user u read object o? join leave add remove Users Objects © Ravi Sandhu11 ICS: World-leading research with real-world impact

12 INSTITUTE FOR CYBER SECURITY g-SIS Enforcement (How?) CC GA Group Subjects TRM … 1. Read Objects 5.1 Request Refresh 5.2 Update Attributes 3.1 Subject Leave (s) 4.1 Object Remove (o) 3.2 Set Leave-TS (s) 4.2 Add o to ORL CC: Control Center GA: Group Administrator Subject Attributes: {id, Join-TS, Leave- TS, ORL, gKey} ORL: Object Revocation List gKey: Group Key Object Attributes: {id, Add- TS} Refresh Time (RT): TRM contacts CC to update attributes © Ravi Sandhu12 Practical reality 1. Trusted servers 2. Approximation ICS: World-leading research with real-world impact

13 INSTITUTE FOR CYBER SECURITY Implementation (How Exactly?) Detailed protocol and algorithm specifications © Ravi Sandhu13 ICS: World-leading research with real-world impact

14 INSTITUTE FOR CYBER SECURITY Conclusion PAST, PRESENT Cyber security is a young and immature field The attackers are more innovative than defenders Defenders are mired in FUD and fairy tales FUTURE Cyber security will become a scientific discpline Cyber security will be application and technology centric Cyber security will never be “solved” © Ravi Sandhu14 ICS: World-leading research with real-world impact

Download ppt "INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security."

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: What You Need to Know Prof. Ravi Sandhu Executive Director and Chief Scientist Institute for Cyber Security.

INSTITUTE FOR CYBER SECURITY 1 Cyber Security: What You Need to Know Prof. Ravi Sandhu Executive Director and Chief Scientist Institute for Cyber Security.
Institute for Cyber Security (ICS) Prof. Ravi Sandhu Executive Director and Lutcher Brown Endowed Chair 210 458 6081.

Institute for Cyber Security (ICS) Prof. Ravi Sandhu Executive Director and Lutcher Brown Endowed Chair
1 Speculations on the Future of Cyber Security in 2025 Prof. Ravi Sandhu Executive Director and Chief Scientist Institute for Cyber Security University.

1 Speculations on the Future of Cyber Security in 2025 Prof. Ravi Sandhu Executive Director and Chief Scientist Institute for Cyber Security University.
1 Speculations on the Future of Cyber Security in 2025 Prof. Ravi Sandhu Executive Director January 2010

1 Speculations on the Future of Cyber Security in 2025 Prof. Ravi Sandhu Executive Director January 2010
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.

INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
Stale-Safe Security Properties for Secure Information Sharing Ram Krishnan (GMU) Jianwei Niu (UT San Antonio) Ravi Sandhu (UT San Antonio) William Winsborough.

Stale-Safe Security Properties for Secure Information Sharing Ram Krishnan (GMU) Jianwei Niu (UT San Antonio) Ravi Sandhu (UT San Antonio) William Winsborough.
Institute for Cyber Security

Institute for Cyber Security
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, 2013 © Ravi Sandhu World-Leading Research.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.

1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013

1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,

1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,
1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11

1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Future of Access Control: Attributes, Automation, Adaptation

Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.

1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.

Similar presentations

Ads by Google