Download Introduction - The University of Texas at Dallas

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
Document related concepts
no text concepts found
Transcript 
Cyber Security Essentials
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Introduction to the Course
Course Outline
 May 31: Introduction to Security, Malware
 June 7: Security Governance and Risks / Data mining overview
 June 14: Access Control / Access control and policy for data
management /Data Mining for Security
 June 21: Security architecture / Access control for web services and
the cloud/Identity Management
 June 28: Cryptography / Identity Management / Exam #1 Review
 July 5: Exam #1 / Guest Lecture
 July 12: Network Security / Secure XML Publishing
 July 19: Data and Applications Security / Secure Data Architectures;
/ Assured Cloud Computing / Securing Social Networks
 July 26: Legal Aspects/Forensics / Privacy Preserving Data
Mining/Operations Security/Disaster Planning / Physical Security/
 Papers presented / Insider Threat/Review for Exam #2
 August 9: Exam #2
Text Book
 CISSP All-in-One Exam Guide, Fifth Edition
 Author: Shon Harris
 Hardcover: 1216 pages
 Publisher: McGraw-Hill Osborne Media; 5 edition (January 15, 2010)
 Language: English
 ISBN-10: 0071602178
 ISBN-13: 978-0071602174
Course Rules
 Unless special permission is obtained from the instructor, each
student will work individually.
 Copying material from other sources will not be permitted unless the
source is properly referenced.
 Any student who plagiarizes from other sources will be reported to
the Computer Science department and any other committees as
advised by the department
 No copying of anything from a paper except for about 10 words in
quotes. No copying of figure even if it is attributed. You have to draw
all figures.
 COURSE ATTENDANCE IS MANDATORY
Course Plan
 Exam #1: 20 points – July 5
 Exam #2: 20 points - August 9
 Two term papers 10 points each: Total 20 points
- June 28, July 27
 Programming project : 20 points
- August 2
 Two Assignments: 10 points each: Total: 20 points
- June 21, July 19
Assignment #1
 Explain with examples the following
- Discretionary access control
- Mandatory access control
- Role-based access control (RBAC)
- Privacy aware role based access control
- Temporal role based access control
- Risk aware role-based access control
- Attribute-based access control
- Usage control (UCON)
Assignment #2
 Suppose you are give the assignment of the Chief Security Officer of
a major bank (e.g., Bank of America) or a Major hospital (e.g.,
Massachusetts General)
 Discuss the steps you need to take with respect to the following (you
need to keep the following in mining: Confidentiality, Integrity and
Availability;; you also need to understand the requirements of
banking or healthcare applications and the policies may be:
- Information classification
- Risk analysis
- Secure networks
- Secure data management
- Secure applications
Term Papers
 Write two papers on any topic discussed in class (that is, any of the
10 CISSP modules)
Sample format - 1
 Abstract
 Introduction
 Survey topics – e..g, access control models
 Analysis (compare the models)
 Future Directions
 References
Sample format - 2
 Abstract
 Introduction
 Literature survey and what are the limitations
 Your own approach and why it is better
 Future Directions
 References
Contact
 For more information please contact
- Dr. Bhavani Thuraisingham
- Professor of Computer Science and
- Director of Cyber Security Research Center Erik Jonsson School
of Engineering and Computer Science EC31, The University of
Texas at Dallas Richardson, TX 75080
- Phone: 972-883-4738
- Fax: 972-883-2399
- Email: [email protected]
- URL:
- http://www.utdallas.edu/~bxt043000/
Project
 Software
 Design document
- Project description
- Architecture (prefer with a picture) and description (software –
e.g., Oracle, Jena etc.)
- Results
- Analysis
- Potential improvements
- References
Sample projects
 Risk analysis tool
 Query modification for XACML
 Data mining tool for malware
 Trust management system
    -
Paper: Original – you can use material from
sources, reword (redraw) and give reference
 Abstract
 Introduction
 Body of the paper
- Comparing different approaches and analyzing
- Discuss your approach,
- Survey
 Conclusions
 References
- ([1]. [2], - - -[THUR99].
- Embed the reference also within the text.
- E.g., Tim Berners Lee has defined the semantic web to be -[2].
--
Papers to read for Exam #1
 Identity Management
- David W. Chadwick, George Inman: Attribute Aggregation in
Federated Identity Management. IEEE Computer 42(5): 33-40
(2009)
 Role-based Access control
- Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E.
Youman: Role-Based Access Control Models. IEEE Computer
29(2): 38-47 (1996)
 Usage Control
- First 20 pages or so of
- Jaehong Park, Ravi S. Sandhu: The UCONABC usage control
model. ACM Trans. Inf. Syst. Secur. 7(1): 128-174 (2004)
Papers to read for Exam #1
 Dissemination Control
- Roshan K. Thomas, Ravi S. Sandhu: Towards a Multidimensional Characterization of Dissemination Control. POLICY
2004: 197-200Role-based Access control
Index to Exam #1
 Lecture 3: Information Security Governance, Risk (Q1)
 Lecture 5:Data Mining for Malware Detection (Q2)
 Lecture 6: Access Control (Q3)
 Lecture 7: Access Control in Data Management Systems (Q4)
- Also includes the 3 papers on role based access control, Usage
control and dissemination control (Q5)
 Lecture 8: Security Architecture and Design (Q6)
 Lecture 9: Security for SOA/Web Services (Q7)
 Lecture 10: Secure Cloud Computing (Q8)
 Lecture 12: Cryptography (Q9)
 Lecture 14: Charts on Identity Management (based on Identity
Management paper) (Q10)
 Extra credit 2 questions
Papers to read for Exam #2
 Security and Privacy for Social Networks
- Jack Lindamood, Raymond Heatherly, Murat Kantarcioglu,
Bhavani M. Thuraisingham: Inferring private information using
social network data. WWW 2009: 1145-1146
- Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat
Kantarcioglu, Bhavani M. Thuraisingham: A semantic web based
framework for social network access control. SACMAT 2009:
177-186
 Secure XML Publishing
- Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M.
Thuraisingham, Amar Gupta: Selective and Authentic ThirdParty Distribution of XML Documents. IEEE Trans. Knowl. Data
Eng. 16(10): 1263-1278 (2004)
Papers to read for Exam #2
 Assuring Information Sharing in the Cloud
- Tyrone Cadenhead, Murat Kantarcioglu, Vaibhav
Khadilkar, Bhavani M. Thuraisingham: Design and
Implementation of a Cloud-Based Assured Information Sharing
System. 36-50
 Papers presented by the TA – posted in Lecture 16 (July 5, 2013)
Large-scale Plagiarism Detection and Authorship attribution
- (1) Juxtapp: A Scalable System for Detecting Code Reuse
Among Android Applications
-
http://www.cs.berkeley.edu/~dawnsong/papers/2012%20juxtapp
_dimva12.pdf
(2) On the Feasibility of Internet-Scale Author Identification
http://www.cs.berkeley.edu/~dawnsong/papers/2012%20On%20t
he%20Feasibility%20of%20InternetScale%20Author%20Identification.pdf
Papers to read for Exam #2
 Privacy
- Rakesh Agrawal, Ramakrishnan Srikant: Privacy-Preserving
Data Mining. SIGMOD Conference 2000: 439-450 (presented
August 2, 2-13, posted Lecture 27)
 Overview of patents, trademarks, copyright, trade secret - - posted
Lecture 26 (presented August 2, 2013)
 Insider Threat Detection (Lecture 28)
- Pallabi Parveen, Jonathan Evans, Bhavani M. Thuraisingham,
Kevin W. Hamlen, Latifur Khan: Insider Threat Detection Using
Stream Mining and Graph Mining. SocialCom/PASSAT 2011:
1102-1110
Index to Exam #2
 Lecture 11: Assured Cloud Computing for Information Sharing
 Lecture 15: Telecommunications and Network Security
 Lecture 16: Two papers presented by TA on July 5
Large-scale Plagiarism Detection and Authorship
attribution
 Lecture 17: Data and Applications Development Security
 Lecture 18:/Multilevel Secure Data Mgmt/Secure Data Architectures
 Lecture 19: Security and Privacy in Social Networks
 Lecture 20: Legal, Regulations, Compliance and Investigations
 Lecture 21: Physical (Environmental) Security
 Lecture 22: Business Continuity and Disaster Recovery Planning
 Lecture 23: Operations Security
Index to Exam #2 (Concluded)
 Lecture 24: Digital Forensics
 Lecture 25: Privacy
 Lecture 26 – Patents, Trademarks, Copyright, Trade secret
 Lecture 27 – Privacy preserving data mining
 Lecture 28 – Insider Threat detection
 Lecture 29 – Cyber Operations
Related documents
Example: Data Mining for the NBA - The University of Texas at Dallas
Example: Data Mining for the NBA - The University of Texas at Dallas
Introduction - The University of Texas at Dallas
Introduction - The University of Texas at Dallas
Introduction - The University of Texas at Dallas
Introduction - The University of Texas at Dallas
No Slide Title
No Slide Title
601323 Data Mining
601323 Data Mining
MKT 341 – Marketing Research
MKT 341 – Marketing Research
Special session on the social network mining and analysis
Special session on the social network mining and analysis
Big Data Mining: Frequent items and deep learning
Big Data Mining: Frequent items and deep learning
Principles of Data Mining. (2001) David Hand, Heikki Mannila, and
Principles of Data Mining. (2001) David Hand, Heikki Mannila, and
DFW-Metroplex - The University of Texas at Dallas
DFW-Metroplex - The University of Texas at Dallas
EDUCATIONAL DATA MINING
EDUCATIONAL DATA MINING
Data Mining and the Web
Data Mining and the Web
No Slide Title
No Slide Title
Data Mining and Decision Tree by Masumi Shimoda
Data Mining and Decision Tree by Masumi Shimoda
CIT 365: Data Mining and Data Warehousing
CIT 365: Data Mining and Data Warehousing
Introduction - The University of Texas at Dallas
Introduction - The University of Texas at Dallas
Presentation slides
Presentation slides
Lecture4 - The University of Texas at Dallas
Lecture4 - The University of Texas at Dallas
Introduction - The University of Texas at Dallas
Introduction - The University of Texas at Dallas