Presentation is loading. Please wait.

Presentation is loading. Please wait.

Csilla Farkas Department of Computer Science and Engineering University of South Carolina

Published byDamian Shepherd Modified over 8 years ago

Similar presentations

Presentation on theme: "Csilla Farkas Department of Computer Science and Engineering University of South Carolina"— Presentation transcript:

1 Csilla Farkas Department of Computer Science and Engineering University of South Carolina farkas@cec.sc.edu

2 Who is Impacted by Cyber Attacks? Source: http://www.cagle.com/2010/05/internet-privacy /http://www.cagle.com/2010/05/internet-privacy /

3 What is Cyber Security? Highly Technical People, processes, and technology Legislation and Regulation Risk management

4 Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human and some automated usage – Interactive Web pages – Web Services (WSDL, SOAP, SAML) – Semantic Web (RDF, OWL, RuleML, Web databases) – XML technology (data exchange, data representation) Future: Semantic Web Services

5 ARE THE EXISTING SECURITY MECHANISMS SUFFICIENT TO PROVIDE DATA AND APPLICATION SECURITY OF THE NEXT GENERATION WEB?

6 Limitation of Research Syntax-based No association protection Limited handling of updates No data or application semantics No inference control

7 Secure XML Views - Example UC S John Smith UC 111-2222 S Jim Dale UC TS S Harry Green UC 333-4444 S Joe White UC MT78 TS medicalFiles countyRec patient name John Smith milBaseRec physician Jim Dale physician Joe White name Harry Green milTag MT78 patient phone 111-2222 phone 333-4444 View over UC data

8 Secure XML Views - Example cont. John Smith Jim Dale Harry Green Joe White medicalFiles countyRec patient name John Smith milBaseRec physician Jim Dale physician Joe White name Harry Green patient View over UC data

9 Secure XML Views - Example cont. medicalFiles countyRec patient name John Smith milBaseRec physician Jim Dale physician Joe White name Harry Green patient View over UC data John Smith Jim Dale Harry Green Joe White

10 Secure XML Views - Example cont. UC S John Smith UC Jim Dale UC TS S Harry Green UC Joe White UC medicalFiles countyRec patient name John Smith milBaseRec physician Jim Dale physician Joe White name Harry Green patient View over UC data

11 Secure XML Views - Example cont. medicalFiles name John Smith physician Jim Dale physician Joe White name Harry Green View over UC data John Smith Jim Dale Harry Green Joe White

12 Secure XML Views - Solution Multi-Plane DTD Graph (MPG) Minimal Semantic Conflict Graph (association preservation) Cover story Transformation rules

13 TopSecret Secret Unclassified Multi-Plane DTD Graph D,medicalFiles D, countyRecD, milBaseRec D, patientD, milTag D, nameD, phone UC S S S TS D, physician MPG = DTD graph over multiple security planes

14 Transformation - Example namephone physician MSCG MPG TS UC S Security Space Secret

15 Transformation - Example MPG TS S UC SP name physician MSCG

16 Transformation - Example MPG TS S UC  SP MSCG

17 Transformation - Example MPG TS S UC SP medicalFiles emergencyRec name physician Data Structure

18 The Inference Problem General Purpose Database: Non-confidential data + Metadata  Undesired Inferences Semantic Web: Non-confidential data + Metadata (data and application semantics) + Computational Power + Connectivity  Undesired Inferences

19 Association Graph Association similarity measure – Distance of each node from the association root – Difference of the distance of the nodes from the association root – Complexity of the sub-trees originating at nodes Example: Air show address fort XML document: Association Graph: address fort Public Public, AC

20 Correlated Inference Object[]. waterSource :: Object basin :: waterSource place :: Object district :: place address :: place base :: Object fort :: base address fort Public Water source base Confidential district basin Public ? Concept Generalization: weighted concepts, concept abstraction level, range of allowed abstractions

21 21 Correlated Inference (cont.) address fort Public district basin Public Object[]. waterSource :: Object basin :: waterSource place :: Object district :: place address :: place base :: Object fort :: base place base Water Source Water source Base Place Water source base Confidential

22 Inference Removal Relational databases: limit access to data Web inferences – Cannot redesign public data outside of protection domain – Cannot modify/refuse answer to already published web page Protection Options – Release misleading information – Remove information – Control access to metadata

23 Big Data Analytics: Are there new questions? Technologies Big Data characteristics Big Data characteristics – Volume – Variety – Velocity – live database, fast growth

24 Past: The Inference Problem Organizational Data Confidential Attacker Public Access Control X Ontology Data Integration and Inferences Web Data

25 Present: Big Data Inferences Private ? Ontology Data Integration and Inferences Web Data Secure ?

26 Future: Research Challenges Security for raw data Security for raw data – Flexible access control – Data removal Security for metadata Security for metadata – Protection need of novel, new concept – Metadata guided attacks Cross-context attacks Cross-context attacks – Correlate data across multiple contexts SemanticWebTechnologies

27 Need for Visualization Context 1 Context 3 Context 2

28 Questions?

29 National Center of Academic Excellence in Information Assurance Education National Training Standards, Knowledge Units

30 OUTREACH EDUCATION RESEARCH CIAE Mission

31 OUTREACH EDUCATION IA courses IA specialization Applied Computing Graduate IA Certificate RESEARCH K-12 Cyber Security Education Higher Educational Institutes Industry Partnership

32 OUTREACH EDUCATION RESEARCH External funding Peer-reviewed publications Ph.D. graduates CIAE Mission

Download ppt "Csilla Farkas Department of Computer Science and Engineering University of South Carolina"

Similar presentations

Dr. Leo Obrst MITRE Information Semantics Information Discovery & Understanding Command & Control Center February 6, 2014February 6, 2014February 6, 2014.

Dr. Leo Obrst MITRE Information Semantics Information Discovery & Understanding Command & Control Center February 6, 2014February 6, 2014February 6, 2014.
27 January 2005 1 Semantically Coordinated E-Market Semantic Web Term Project Prepared by Melike Şah 27 January 2005.

27 January Semantically Coordinated E-Market Semantic Web Term Project Prepared by Melike Şah 27 January 2005.
Gleaning Resource Descriptions from Dialects of Languages (GRDDL) W3C Team Submission 16 May 2005 Dominique Hazaël-Massieux, Dan Connolly Summarized by.

Gleaning Resource Descriptions from Dialects of Languages (GRDDL) W3C Team Submission 16 May 2005 Dominique Hazaël-Massieux, Dan Connolly Summarized by.
Provenance in Open Distributed Information Systems Syed Imran Jami PhD Candidate FAST-NU.

Provenance in Open Distributed Information Systems Syed Imran Jami PhD Candidate FAST-NU.
Computer Science and Engineering 1 What these organizations have in common? American Education Services, PA United States Marine Corps / Penn State University.

Computer Science and Engineering 1 What these organizations have in common? American Education Services, PA United States Marine Corps / Penn State University.
Research to Reality William Ribarsky Remco Chang University of North Carolina at Charlotte.

Research to Reality William Ribarsky Remco Chang University of North Carolina at Charlotte.
MS DB Proposal Scott Canaan B. Thomas Golisano College of Computing & Information Sciences.

MS DB Proposal Scott Canaan B. Thomas Golisano College of Computing & Information Sciences.
The MetaDater Model and the formation of a GRID for the support of social research John Kallas Greek Social Data Bank National Center for Social Research.

The MetaDater Model and the formation of a GRID for the support of social research John Kallas Greek Social Data Bank National Center for Social Research.
DATA INTEGRATION SOLUTION FOR PAPER INDUSTRY Industrial Ontologies Group University of Jyväskylä Motivating scenario ! Customer Site (maintenance support)

DATA INTEGRATION SOLUTION FOR PAPER INDUSTRY Industrial Ontologies Group University of Jyväskylä Motivating scenario ! Customer Site (maintenance support)
Semantic Web Technologies Lecture # 2 Faculty of Computer Science, IBA.

Semantic Web Technologies Lecture # 2 Faculty of Computer Science, IBA.
LÊ QU Ố C HUY ID: QLU13069 1. OUTLINE  What is data mining ?  Major issues in data mining 2.

LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
EGovernance Metadata Model for India Dr. A.R.D. Prasad Documentation Research & Training Centre Indian Statistical Institute, Bangalore.

EGovernance Metadata Model for India Dr. A.R.D. Prasad Documentation Research & Training Centre Indian Statistical Institute, Bangalore.
Some Thoughts to Consider 6 What is the difference between Artificial Intelligence and Computer Science? What is the difference between Artificial Intelligence.

Some Thoughts to Consider 6 What is the difference between Artificial Intelligence and Computer Science? What is the difference between Artificial Intelligence.
SC32 WG2 Metadata Standards Tutorial Metadata Registries and Big Data WG2 N1945 June 9, 2014 Beijing, China.

SC32 WG2 Metadata Standards Tutorial Metadata Registries and Big Data WG2 N1945 June 9, 2014 Beijing, China.
Computer Science and Engineering 1 XML, RDF, Workflow Security.

Computer Science and Engineering 1 XML, RDF, Workflow Security.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
CSCE 548 Secure Software Development Web Application Security.

CSCE 548 Secure Software Development Web Application Security.
U.S. Department of the Interior U.S. Geological Survey Next Generation Data Integration Challenges National Workshop on Large Landscape Conservation Sean.

U.S. Department of the Interior U.S. Geological Survey Next Generation Data Integration Challenges National Workshop on Large Landscape Conservation Sean.
Computer Science and Engineering 1 Cyber Security University of South Carolina Columbia Center for Information Assurance Engineering (CIAE)

Computer Science and Engineering 1 Cyber Security University of South Carolina Columbia Center for Information Assurance Engineering (CIAE)
CSCE 727 Information Warfare

CSCE 727 Information Warfare

Similar presentations

Ads by Google