Cyber Security Research: A Personal Perspective



Similar documents
The Future of Access Control: Attributes, Automation and Adaptation

The Future of Cyber Security

The Science, Engineering, and Business of Cyber Security

The Science, Engineering, and Business of Cyber Security

Security Models: Past, Present and Future

The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It?

Cyber Security: What You Need to Know

Cyber Security: Past, Present and Future

Lake at IPEN location

DRAFT (February 7, 2000) Bert Garza. Faculty and Office for Computing and Information Science: Administrative and Management Structure


How to Successfully Conduct Price Negotiations in Business Markets

Cybersecurity Definitions and Academic Landscape

The Protection Mission a constant endeavor

DEBIT/ATM CARD APPLICATION

Cyber Innovation and Research Consortium

Measuring Software Security

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

Objectives: To develop the coaching and leadership skills necessary to drive sales performance in the branch

Establishment of a Bylaw 55 Unit in Applied Mathematics at UC Merced

The Customer Value Proposition

NRC Cyber Security Policy &

Graduate Student Orientation

CSM-ACE 2014 Cyber Threat Intelligence Driven Environments

BANK B-I-N-G-O. service charge. credit card. pen. line nickel interest cash bank. ATM dollar check signature. debit card.

DEPARTMENTAL PLAN FOR ASSESSMENT OF STUDENT LEARNING

Capacity Building in Cyber Security Literacy: An Inter-disciplinary Approach

Dr. Starnes E. Walker Founding Director, Cybersecurity Initiative (302)

Computer Science at James Madison University

This focus on common themes has led to IFNA s motto of understanding through GLOBAL DIVERSITY, COOPERATION AND COLLABORATION.

Faculty of Organizational Sciences

Biomedical Engineering (MS)

The University of Toledo College of Medicine and Life Sciences Faculty Tracks for Academic Rank and Criteria for Promotion

Graduate Program Review of EE and CS

PC/E Monitoring ProView. Efficient IT service management for self-service networks

CRITERIA FOR ACCREDITING COMPUTING PROGRAMS

ASSESSMENT REPORT: SOCIAL WORK DEGREE PROGRAM

Mission Statement. Program Overview. PhD Program in Microbiology & Immunology (MIM)

WEEPAY V2 INTEGRATION DOCUMENT (BASIC INTEGRATION)

I n t r o d u c t i o n

Can PCI DSS Compliance Be Achieved in a Cloud Environment?

Subject: Critical Infrastructure Identification, Prioritization, and Protection

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

Use advanced techniques for summary and visualization of complex data for exploratory analysis and presentation.

U.S. National Cybersecurity

Ensuring Great Customer Experience for ecommerce

William J. Perry International Security Fellowship

ASSESSMENT PLAN: M.S. in Computer Science

New Account Application - Fill out the account application and bring it with your Driver s License to Grand Bank s office at 204 Westover Drive.

Notice of Change in Terms for your Deposit Accounts. Redding Bank of Commerce Deposit Accounts Account Terms and Conditions

CYBERSECURITY CERTIFICATION PROGRAMS

Research Topics in the National Cyber Security Research Agenda

The Massachusetts Open Cloud (MOC)

Ph.D. in Bioinformatics and Computational Biology Degree Requirements

Biochemistry, Molecular Biology, Entomology, and Plant Pathology

Introduction to Web Science

CRITERIA FOR ACCREDITING COMPUTING PROGRAMS

Associate College and Associate Department Approval process

Web-based Online Accounting System - Case Study of Cache Furniture

Computational Science and Informatics (Data Science) Programs at GMU

How To Become A Cybersecurity Consultant

ADVANCED PERSISTENT THREATS & ZERO DAY ATTACKS

The Berkeley AMPLab - Collaborative Big Data Research

Online (Internet) Banking Agreement and Disclosure

Thank you for your very kind introduction.

The College of Engineering and Applied Science

Cybersecurity: What CFO s Need to Know

Sarah A. Rajala Ernest W. & Mary Ann Deavenport, Jr. Chair and Dean Bagley College of Engineering Mississippi State University Mississippi State, MS

Certificate Program in Applied Big Data Analytics in Dubai. A Collaborative Program offered by INSOFE and Synergy-BI

Security on Embedded Systems

How To Teach B.S. In Biomedical Engineering At The University Of South Carolina

Cyber Security Education: My Personal Thoughts. Bharat Doshi

Information Schools: Traditions Growing, Morphing and Expanding. David Fenske

CSM. Biomedical Physics Program

Transcription:

CS 6393 Lecture 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu www.profsandhu.com Ravi Sandhu 1

Prognosis Cyberspace will become orders of magnitude more complex and confused very quickly Overall this is a very positive development and will enrich human society It will be messy but need not be chaotic! Cyber security research and practice are loosing ground Ravi Sandhu 2

Security Objectives INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure Ravi Sandhu 3

Security Objectives USAGE purpose INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure Ravi Sandhu 4

Security Objectives USAGE purpose INTEGRITY modification USAGE AVAILABILITY access CONFIDENTIALITY disclosure Ravi Sandhu 5

Security Objectives Single Enterprise owns all the information employs all the users Multiple Interacting Parties no one owns all the information no one can unilaterally impose policy on all the users Ravi Sandhu 6

Cyber Security Scope Computer security Information security = Computer security + Communications security Information assurance Mission assurance Includes cyber physical Ravi Sandhu 7

Fundamental Challenge What is fundamental to cyber security? Where are the boundaries of a cyber system? What are the goals of cyber security? Ravi Sandhu 8

Cyber Security Goal Enable system designers and operators to say: This system is secure Ravi Sandhu 9

Cyber Security Goal Enable system designers and operators to say: This system is secure Not attainable There is an infinite supply of attacks Ravi Sandhu 10

Cyber Security Goal Enable system designers and operators to say: This system is secure enough Many successful examples Ravi Sandhu 11

The ATM (Automatic Teller Machine) system is secure enough global in scope The ATM Paradox Not attainable via current cyber security science, engineering, doctrine not studied as a success story Similar paradoxes apply to on-line banking e-commerce payments Ravi Sandhu 12

High Assurance Cyber Security US President s nuclear football Ravi Sandhu 13

Cyber Security Goal Enable system designers and operators to say: This system is secure enough In an innovative ecosystem the innovation drive will ensure that the bar for enough will be fairly low Ravi Sandhu 14

Productivity-Security Cyber Security is all about tradeoffs Productivity Security Let s build it Cash out the benefits Next generation can secure it Let s not build it Let s bake in super-security to make it unusable/unaffordable Let s sell unproven solutions There is a middle ground We don t know how to predictably find it Ravi Sandhu 15

Grand Challenges Develop a scientific discipline to predictably find the sweet spots for different application and mission contexts to predictably find, incentivize and deploy microsec that leads to desirable macrosec outcomes that can be meaningfully taught in Universities at all levels: BS, MS, PhD Prognosis we shall succeed (we have no choice) but we need to change to succeed Ravi Sandhu 16

Butler Lampson Paraphrased (I think) Computer scientists could never have designed the web because they would have tried to make it work. But the Web does work. What does it mean for the Web to work? Security geeks could never have designed the ATM network because they would have tried to make it secure. But the ATM network is secure. What does it mean for the ATM network to be secure? Ravi Sandhu 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information