1. Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #2 Information Security August 24, 2005

2. Outline l Operating Systems Security l Network Security l Designing and Evaluating Systems l Web Security l Other Security Technologies l Data and Applications Security

3. Operating System Security l Access Control - Subjects are Processes and Objects are Files - Subjects have Read/Write Access to Objects - E.g., Process P1 has read acces to File F1 and write access to File F2 l Capabilities - Processes must presses certain Capabilities / Certificates to access certain files to execute certain programs - E.g., Process P1 must have capability C to read file F

4. Mandatory Security l Bell and La Padula Security Policy - Subjects have clearance levels, Objects have sensitivity levels; clearance and sensitivity levels are also called security levels - Unclassified < Confidential < Secret < TopSecret - Compartments are also possible - Compartments and Security levels form a partially ordered lattice l Security Properties - Simple Security Property: Subject has READ access to an object of the subject’s security level dominates that of the objects - Star (*) Property: Subject has WRITE access to an object if the subject’s security level is dominated by that of the objects\

5. Covert Channel Example l Trojan horse at a higher level covertly passes data to a Trojan horse at a lower level l Example: - File Lock/Unlock problem - Processes at Secret and Unclassified levels collude with one another - When the Secret process lock a file and the Unclassified process finds the file locked, a 1 bit is passed covertly - When the Secret process unlocks the file and the Unclassified process finds it unlocked, a 1 bit is passed covertly - Over time the bits could contain sensitive data

6. Network Security l Security across all network layers - E.g., Data Link, Transport, Session, Presentation, Application l Network protocol security - Ver5ification and validation of network protocols l Intrusion detection and prevention - Applying data mining techniques l Encryption and Cryptography l Access control and trust policies l Other Measures - Prevention from denial of service, Secure routing, - - -

7. Steps to Designing a Secure System l Requirements, Informal Policy and model l Formal security policy and model l Security architecture - Identify security critical components; these components must be trusted l Design of the system l Verification and Validation

8. Product Evaluation l Orange Book - Trusted Computer Systems Evaluation Criteria l Classes C1, C2, B1, B2, B3, A1 and beyond - C1 is the lowest level and A1 the highest level of assurance - Formal methods are needed for A1 systems l Interpretations of the Orange book for Networks (Trusted Network Interpretation) and Databases (Trusted Database Interpretation) l Several companion documents - Auditing, Inference and Aggregation, etc. l Many products are now evaluated using the federal Criteria

9. Security Threats to Web/E-commerce

10. Approaches and Solutions l End-to-end security - Need to secure the clients, servers, networks, operating systems, transactions, data, and programming languages - The various systems when put together have to be secure l Composable properties for security l Access control rules, enforce security policies, auditing, intrusion detection l Verification and validation l Security solutions proposed by W3C and OMG l Java Security l Firewalls l Digital signatures and Message Digests, Cryptography

11. E-Commerce Transactions l E-commerce functions are carried out as transactions - Banking and trading on the internet - Each data transaction could contain many tasks l Database transactions may be built on top of the data transaction service - Database transactions are needed for multiuser access to web databases - Need to enforce concurrency control and recovery techniques

12. Types of Transaction Systems l Stored Account Payment - e.g., Credit and debit card transactions - Electronic payment systems - Examples: First Virtual, CyberCash, Secure Electronic Transaction l Stored Value Payment - Uses bearer certificates - Modeled after hard cash l Goal is to replace hard cash with e-cash - Examples: E-cash, Cybercoin, Smart cards

13. What is E-Cash? l Electronic Cash is stored in a hardware token l Token may be loaded with money - Digital cash from the bank l Buyer can make payments to seller’s token (offline) l Buyer can pay to seller’s bank (online) l Both cases agree upon protocols l Both parties may use some sort of cryptographic key mechanism to improve security

14. Other Security Technologies l Data and Applications Security l Middleware Security l Insider Threat Analysis l Risk Management l Trust and Economics l Biometrics

15. Developments in Data and Applications Security: 1975 - Present l Access Control for Systems R and Ingres (mid 1970s) l Multilevel secure database systems (1980 – present) - Relational database systems: research prototypes and products; Distributed database systems: research prototypes and some operational systems; Object data systems; Inference problem and deductive database system; Transactions l Recent developments in Secure Data Management (1996 – Present) - Secure data warehousing, Role-based access control (RBAC); E- commerce; XML security and Secure Semantic Web; Data mining for intrusion detection and national security; Privacy; Dependable data management; Secure knowledge management and collaboration

16. Developments in Data and Applications Security: Multilevel Secure Databases - I l Air Force Summer Study in 1982 l Early systems based on Integrity Lock approach l Systems in the mid to late 1980s, early 90s - E.g., Seaview by SRI, Lock Data Views by Honeywell, ASD and ASD Views by TRW - Prototypes and commercial products - Trusted Database Interpretation and Evaluation of Commercial Products l Secure Distributed Databases (late 80s to mid 90s) - Architectures; Algorithms and Prototype for distributed query processing; Simulation of distributed transaction management and concurrency control algorithms; Secure federated data management

17. Developments in Data and Applications Security: Multilevel Secure Databases - II l Inference Problem (mid 80s to mid 90s) - Unsolvability of the inference problem; Security constraint processing during query, update and database design operations; Semantic models and conceptual structures l Secure Object Databases and Systems (late 80s to mid 90s) - Secure object models; Distributed object systems security; Object modeling for designing secure applications; Secure multimedia data management l Secure Transactions (1990s) - Single Level/ Multilevel Transactions; Secure recovery and commit protocols

18. Some Directions and Challenges for Data and Applications Security - I l Secure semantic web - Single/multiple security models? - Different application domains l Secure Information Integration - How do you securely integrate numerous and heterogeneous data sources on the web and otherwise l Secure Sensor Information Management - Fusing and managing data/information from distributed and autonomous sensors l Secure Dependable Information Management - Integrating Security, Real-time Processing and Fault Tolerance l Data Sharing vs. Privacy - Federated database architectures?

19. Some Directions and Challenges for Data and Applications Security - II l Data mining and knowledge discovery for intrusion detection - Need realistic models; real-time data mining l Secure knowledge management - Protect the assets and intellectual rights of an organization l Information assurance, Infrastructure protection, Access Control - Insider cyber-threat analysis, Protecting national databases, Role-based access control for emerging applications l Security for emerging applications - Geospatial, Biomedical, E-Commerce, etc. l Other Directions - Trust and Economics, Trust Management/Negotiation, Secure Peer-to-peer computing,

20. Layered Architecture for Dependable Semantic Web 0 Some Challenges: Security and Privacy cut across all layers; Integration of Services; Composability XML, XML Schemas Rules/Query Logic, Proof and Trust SECURITYSECURITY Other Services RDF, Ontologies URI, UNICODE PRIVACYPRIVACY 0 Adapted from Tim Berners Lee’s description of the Semantic Web

21. Secure Sensor Information Management: Directions for Research l Individual sensors may be compromised and attacked; need techniques for detecting, managing and recovering from such attacks l Aggregated sensor data may be sensitive; need secure storage sites for aggregated data; variation of the inference and aggregation problem? l Security has to be incorporated into sensor database management - Policies, models, architectures, queries, etc. l Evaluate costs for incorporating security especially when the sensor data has to be fused, aggregated and perhaps mined in real-time l Need secure dependable information management for sensor data

22. Secure Dependable Information Management l Dependable information management includes - secure information management - fault tolerant information - High integrity and high assurance computing - Real-time computing l Conflicts between different features - Security, Integrity, Fault Tolerance, Real-time Processing - E.g., A process may miss real-time deadlines when access control checks are made - Trade-offs between real-time processing and security - Need flexible security policies; real-time processing may be critical during a mission while security may be critical during non-operational times

23. Secure Dependable Information Management Example: Next Generation AWACS Technology provided by the project Hardware Display Processor & Refresh Channels Consoles (14) Navigation Sensors Data Links Data Analysis Programming Group (DAPG) Future App Future App Future App Multi-Sensor Tracks Sensor Detections MSI App Data Mgmt. Data Xchg. Infrastructure Services Security being considered after the system has been designed and prototypes implemented Challenge: Integrating real-time processing, security and fault tolerance Real-time Operating System

24. Research Directions for Privacy l Why this interest now on privacy? - Data Mining for National Security - Data Mining is a threat to privacy - Balance between data sharing/mining and privacy l Privacy Preserving Data Mining l Inference Problem as a Privacy Problem l Data Sharing Across Coalitions

25. Data Mining to Handle Security Problems l Data mining tools could be used to examine audit data and flag abnormal behavior l Much recent work in Intrusion detection - e.g., Neural networks to detect abnormal patterns l Tools are being examined to determine abnormal patterns for national security - Classification techniques, Link analysis l Fraud detection - Credit cards, calling cards, identity theft etc.

26. What can we do?: Privacy Preserving Data Mining l Prevent useful results from mining - limit data access to ensure low confidence and support - Extra data (“cover stories”) to give “false” results with Providing only samples of data can lower confidence in mining results; l Idea: If adversary is unable to learn a good classifier from the data, then adversary will be unable to learn good - rules, predictive functions l Approach: Only make a sample of data available - Limits ability to learn good classifier l Several recent research efforts have been reported

27. Inference Problem as a Privacy Problem: Privacy Constraint Processing User Interface Manager Constraint Manager Privacy Constraints Query Processor: Constraints during query and release operations Update Processor: Constraints during update operation Database Design Tool Constraints during database design operation Database DBMS

28. Secure Data Sharing Across Coalitions Export Data/Policy Component Data/Policy for Agency A Data/Policy for Coalition Export Data/Policy Component Data/Policy for Agency C Component Data/Policy for Agency B Export Data/Policy