Information Security Research

Transcription

1 Information Security Research at the Department of Information Systems (Lehrstuhl für Wirtschaftsinformatik I) University of Regensburg, Germany Prof. Dr. Günther Pernul www-ifs.uni-r.de As of spring 2015 the chair consists of 11 full time researchers, 2 full time supporting personnel, 3 external lecturers, and 8-10 graduate students working on part time contracts. In addition, the chair is engaged in the spin-off Nexis GmbH 1, a SME active in identity and access governance, and is one of the founding members of the Bavarian cluster in IT-Security 2. This cluster is a network of competence of more than 50 firms active in IT security. In addidtion the chair is coordinating the FORSEC research alliance ( ) aiming on integrating research on the security of highly connected it-systems and performed at 4 major Bavarian Universities. Our work group s main research focus lies on application-oriented, project-based, as well as on basic research in information systems and information security. In its broadest sense, the focus can be characterized by researching the analysis, modeling, design, and reliable and secure use of state-of-theart information systems in different application areas. Most of our research is supported by external funds, provided for example by industry, federal resources or by the European Commission under its research framework programs. Currently active research topics The following paragraphs introduce the topics that our group is actively researching at the time of writing of this report. Big Data (Storage, Governance, Management) and Visual Analytics We are currently living in the age of big data which is driven by high-volume, high-variety and high-velocity data-assets that could be used to extract useful information and to derive insights. But big data not only comes with great opportunities for enhanced decision making and the realization of innovative business models, but also with manifold challenges for the efficient governance and management of this data. Thereby, one major aspect is the management of data storage with regard to varying information security requirements and costs while considering the strategic value of these data-assets. As some data are more valuable than others, e.g. when containing company secrets, or more sensitive due to a lot of personally identifiable information (PII), some storage locations might be more appropriate for storing specific data than others. Additionally, some storage locations might involve more risk than others, e.g. because of varying protection mechanisms or different geographical regions, which might be subject to disparate data protection standards and regulations. Storage of certain information can also be contractually regulated, that is data is only allowed to be stored in a specific legal sphere with suitable Summary Information Security Research, G. Pernul, Autumn

2 data protection laws. In general, data storage has a large share in IT expenses. Thus potentially valuable or sensitive data might be stored on premium storage while less valuable or sensitive data could also adequately be stored on cheaper storage. As the management of big data is both complex and costly our research in this domain is directed to solutions for the efficient management of big data storage which includes security, privacy and economical aspects. An ideal approach for tackling these issues is the use of visual analytics which aim at providing the perfect combination of humans perceptual and cognitive abilities and automated computational analyses. By using interactive visual interfaces, decision makers as well as end users are put into position to intuitively plan and accomplish data storage in big data settings. Visualizing the costs and risks of data storage locations in addition to information on data value and sensitivity puts decision makers in a position to efficiently manage big data storage. Trust Management Trust is an important mechanism for risk perception and has therefore been identified to be a key factor for the success of various electronic environments and platforms, such as online marketplaces and peerto-peer networks. Unlike traditional face-to-face transactions, electronic transactions are carried out between strangers whose trustworthiness is unknown. The quality of products, services or information provided can mostly not be verified ex ante. Thus, actors face high risks. Our research addresses soft security mechanisms to establish trust in these environments such as reputation systems and recommender systems. Typically, transaction partners are encouraged to leave feedback (numerical ratings or textual reviews) after each transaction denoting their satisfaction. Reputation systems collect all evidence, aggregate the referrals and give an overview of past behavior in a reputation profile. While a lot of research has been carried out on computation methods to make reputation systems more accurate and robust against attacks, current systems have become quite nontransparent. Thus, our research focusses on enhancing transparency of reputation systems and involve the user in the computation process by providing an interactive visual representation of seller reputation profiles. We, thereto, make use of visual analytics. Recommender systems are used to address the problem of information overload by determining those items of a platform (e.g. movies, books, news articles) that a particular user will likely be interested in. Just like reputation systems, they are also based on ratings. The main difference between these two types of systems is that the ratings in reputation systems are supposed to be insensitive to taste whereas the ratings in recommender systems are highly dependent on the preferences of the user. Our research efforts in this domain particularly focus on trust-based (or trust-enhanced) recommender systems, which utilize trust values and trust networks to overcome certain drawbacks of traditional recommender systems. For instance, recent proposals have shown to be able to mitigate the user cold start problem (i.e. providing recommendations to a user who has provided only few information about her preferences through ratings) and to facilitate the detection of manipulations. Major parts of our work are carried out within the Bavarian research association FORSEC, which focuses on security in highly connected IT systems. Our subproject, in particular, is concerned with Next Generation Online Trust. Summary Information Security Research, G. Pernul, Autumn

3 Identity and Access Management (IdM) We are primarily interested in IdM in closed environments, such as for large organizations and enterprises (in-house IdM). Basic research focuses on the analysis of the importance of IdM and role-based access controls for large corporative systems. Effectively managing user access to sensitive applications and data is one of the biggest security challenges organizations are facing today. A typical large organization manages millions of user accesses, spread across thousands of IT resources, users and privileges. Both quality of identity data and management of user roles as a central building block of IdM Infrastructures have become an important topic for most large and medium-sized companies. On the one hand organizations have to ensure high data quality of their managed digital identities while on the other hand accurately managing role and group information has become critical for securely managing enterprise operations and resources. Besides the usage of statistical analysis and neural networks for cleansing existing identity data, another concern of our research is investigating a structured process for defining proper role structure for an organization. This includes the analysis of existing role development methodologies, practical state-ofthe-art solutions, and their shortcomings. The definition of valid roles is the most challenging task before achieving the benefits of role usage. Current approaches address only parts of the role development problem. They either deal with the mapping of business functions to access privileges, neglecting the current situation within a company, or apply data mining techniques to derive permission bundles as role candidates based on existing identity information and access rights. Output of our research is a hybrid and tool-supported role development methodology ( HyDRo Hybrid Development of Roles). HyDRo integrates organizational and operational structures as well as already existing access rights in an iterative manner. Data mining technologies and other automated analysis techniques for data cleansing and the discovery of role candidates play a major role in the execution of HyDRo. The methodology itself is supported by the controle software as a role development tool. Thereby HyDRo overcomes another drawback of existing RDMs as it provides tool-support throughout the process of role definition, essentially offering organizations the chance to streamline and control the role development project during all phases. Additionally, new research concentrated on the management of roles after an initial deployment. An overall model for a structured process for these so called role model optimizations, the Role Opimization Process Model (ROPM) has been proposed and its applicability has been shown in a large scale industry project. Further research comprises quality issues in IdM in general and specifically in roles, in order to ensure a high quality IdM-infrastructure that can be managed with more ease and lower cost. Hence, for a better decision-making in role improvement, role quality metrics in role mining algorithms have been discovered, extracted and aggregated. We further argue, that traditional approaches for authorization and access control in computer systems (i.e., discretionary, mandatory, and role-based access controls) are not appropriate to address the requirements of highly flexible networked or distributed systems and that proper authorization and access control requires infrastructural support in one way or another. This support can be provided, for example, by an authentication and authorization infrastructure (AAI). Against this background, we investigate, analyze, discuss, and put into perspective some of the current technologies that can be used to build and operate AAIs. A privilege management infrastructure (PMI) is one step further and able to support a comprehensive authorization service. We are working on new approaches for privilege management by dynamically controlling the users accesses based on exchanging and evaluating general user characteristics, most notable the attribute-based access control model (ABAC). Summary Information Security Research, G. Pernul, Autumn

4 Information Security Risk Management Today, computing is ubiquitous and information systems are interconnected globally. Therefore, the efficiency of modern companies relies heavily on effective operation of information technologies. However, a more dynamic threat environment has to be faced. Targeted and unique attacks, such as Stuxnet and Aurora, are raising. There is a plethora of possible products or scientific solutions available to secure information systems. Therefore, especially when struggling with tight budgets, it is difficult to decide which security measures are necessary and which are not. Managing information security risks, i.e. knowing where information security assets are at risk (identification) and how dangerous these risks could be (estimation), helps companies to invest in a targeted way in order to secure their assets. Risk metrics today, and therefore also decisions based on theses metrics, are often based on estimations and outdated data. Scientists and even some professionals start realizing that sharing risk information is of mutual benefit. As a result, threat repositories, vulnerability databases and honey pot data are available. However, a lot of information seems not to be considered yet. Especially information to define the context of the assets at stake, such as system events, are often not taken into consideration. Therefore, our research group is searching innovative information repositories that can be considered within risk management. We focus on system events to characterize the systems' context, dependencies and states. Moreover, risks are often estimated at constant time intervals, e.g. twice a year. We are working on ways to calculate information system risks dynamically in (near) real time and to inform the persons responsible as soon as an identification of unknown risks is necessary or a risk recalculation might be required. Digital Forensics in Organizations Information security incidents are the most obvious reasons for digital forensic investigations. But, through the ever-increasing penetration of everyday life with digital devices, digital forensic investigations are also needed to solve classic crimes. Within the corporate environment, classic crimes are mostly financial crimes like money laundering, Ponzi schemes or fraud. As the support of enterprises' processes through information systems increases, an investigator gets evermore evidence out of these systems. However, the acquisition of digital evidence from the overall, highly interconnected organizational information system is often complex and cumbersome. While techniques to extract, preserve and analyze data from isolated systems, individual networks or network systems have been discussed within the digital forensics community in the last few years, digital forensic investigations in organizations have been only discussed at less extent. Our research focuses on scientifically proven guidelines and techniques to enable digital forensics within enterprise information system infrastructures as well as on measures to heighten the value of evidence gathered from information systems. With new techniques in this area we also hope to enhance information security incident response. Possible improvements are capabilities, i.e. sound evidence, to prosecute offenders and a faster recovery from incidents due to a better knowledge of damages and impacts through certain attacks. Summary Information Security Research, G. Pernul, Autumn

5 Further competencies In addition to the actively researched topics mentioned above, the chair profits from a host of precursory research results and associated competencies in the following fields. User-centric Privacy Technologies and Privacy in Social Media The rise of social media highlights the importance of enhancing the user-centric privacy and its usability. First generation Privacy-enhancing technologies (PETs) were neither easily understandable nor did they support the user in making an informed decision whether to disclose personal information or not. In addition, keeping track of personal information disclosed to service providers was impossible. Addressing these shortcomings of existing PET solutions, we developed methods for the user-friendly generation of privacy preferences for the controlled disclosure of personal user data and userunderstandable tools that inform users about transactions of personal data using a collaborative approach. A data disclosure log, which involves the recording of personal data transactions and the managing of already submitted data, was a key research result as well. Global Identity Management With a focus on the field of egovernment and especially on those systems that enable the relaying of sensitive personal data within cross-organizational public administration processes, technology drivers (political-legal frameworks (e.g. EU s Data Protection directive, EU s Services Directive, the i2010 Initiative) and newly arising technologies from other varieties of IdM have been applied to global usage scenarios. We further investigated, how already existing IdM systems are able to support global IdM in collaborative cross-border scenarios. Federated Identity Management Federated identity management (FIM), meaning the exchange of identity information across security domains as well as organizational and legal boundaries, has long been a central research topic at the chair. In contrast to identity management in global networks our efforts regarding FIM are limited to closed organization networks. Federations in this case are much more than only exchanging identity information and accessing some partner resources. Contracts and agreements between the collaboration partners must be defined, a kind of federation structure needs to be set up, necessary federation technologies need to be adopted and many more supportive actions need to be taken into account. Secure, efficient and transparent methods for handling these federations have been the main aims of our research in this area. Security Patterns Security Patterns encapsulate expert knowledge about secure systems design similar to the concept of design patterns in software engineering. Our research was focused on applying security patterns and measuring the degree of their implementation with the intent to support the construction of secure software within each phase of the software development process. Our aim was to attach appropriate metrics to security patterns and to develop a methodology to measure the improvement of security by using these patterns. Summary Information Security Research, G. Pernul, Autumn

6 Security Semantics for Business Processes, Compliance and Business Intelligence Our research in this area was committed to finding ways of expressing security semantics in business process models that are sufficiently expressive while preserving the intuitiveness of BPM for most stakeholders. Component Security Services, Semantic, Portal Interfaces The open environment built through today s usage of technologies like SOA and EBS requires strong and reliable security schemes, which still have to be adoptable and easy to deploy. Especially an ESB as an intermediary between services providers and services users opens up interesting potential and is a good place for enforcing security in any given setting. In this area, we covered topics such as distributed security infrastructures and distributed privacy-aware authentication and authorization models, mapping, re-issuing and re-certification of security credentials and trustworthy service discovery and selection. Another area of research was concerned with the implications, SOAs and especially semantic SOAs have on security in software systems. Lastly, security aspects arising from the inclusion of heterogeneous applications into holistic user portals, allowing for the interoperability of individual applications on a user interface level, have been researched as well. Summary Information Security Research, G. Pernul, Autumn

7 Current and recent funded research Bayerisches Staatsministerium für Bildung und Kultus, Wissenschaft und Kunst, EU FP , EU EFRE Structural Funds, Freistaat Bayern, High-Tech-Offensive, EU FP , DAAD: Funding for IPICS in the years EU FP , Contact: Prof. Dr. Günther Pernul Department of Information Systems, University of Regensburg Universitätsstrasse 31 D Regensburg, Germany Tel.: , Fax.: www-ifs.uni-r.de Summary Information Security Research, G. Pernul, Autumn