Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Cyber Security Essentials Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course May 29, 2015 Text Book CISSP All-in-One Exam Guide, Sixth Edition Author: Shon Harris Publisher: McGraw-Hill Osborne Media; 6th edition Language: English Course Rules Unless special permission is obtained from the instructor, each student will work individually. Copying material from other sources will not be permitted unless the source is properly referenced. Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department No copying of anything from a paper except for about 10 words in quotes. No copying of figure even if it is attributed. You have to draw all figures. Course Attendance is Mandatory unless prior permission is obtained Course Plan Exam #1: 20 points – July 10 Exam #2: 20 points - August 7?? Two term papers 10 points each: Total 20 points - June 26, July 24 Programming project : 20 points - July 31 Two Assignments: 10 points each: Total: 20 points - June 19, July 17 Assignment #1 Explain with examples the following - Discretionary access control - Mandatory access control - Role-based access control (RBAC) - Privacy aware role based access control - Temporal role based access control - Risk aware role-based access control - Attribute-based access control - Usage control (UCON) Assignment #2 Suppose you are give the assignment of the Chief Security Officer of a major bank (e.g., Bank of America) or a Major hospital (e.g., Massachusetts General) Discuss the steps you need to take with respect to the following (you need to keep the following in mining: Confidentiality, Integrity and Availability;; you also need to understand the requirements of banking or healthcare applications and the policies may be: - Information classification - Risk analysis - Secure networks - Secure data management - Secure applications Term Papers Write two papers on any topic discussed in class (that is, any of the 10 CISSP modules) Sample format - 1 Abstract Introduction Survey topics – e..g, access control models Analysis (compare the models) Future Directions References Sample format - 2 Abstract Introduction Literature survey and what are the limitations Your own approach and why it is better Future Directions References Project Software Design document - Project description - Architecture (prefer with a picture) and description (software – e.g., Oracle, Jena etc.) - Results - Analysis - Potential improvements - References Sample projects Risk analysis tool Query modification for XACML Data mining tool for malware Trust management system - Paper: Original – you can use material from sources, reword (redraw) and give reference Abstract Introduction Body of the paper - Comparing different approaches and analyzing - Discuss your approach, - Survey Conclusions References - ([1]. [2], - - -[THUR99]. - Embed the reference also within the text. - E.g., Tim Berners Lee has defined the semantic web to be -[2]. -- Contact For more information please contact - Dr. Bhavani Thuraisingham - Professor of Computer Science and - Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 - Phone: 972-883-4738 - Fax: 972-883-2399 - Email: [email protected] - URL: - http://www.utdallas.edu/~bxt043000/ Index to Lectures for Exam #2 Lecture #3: Data Mining for Malware Detection Lecture #7: Digital Forensics Lecture #8: Privacy Lecture #11: Access Control in Data Management Systems Lecture #13: Secure Data Architectures Lecture #20: Introduction to SOA, Secure SOA, Secure Cloud Lecture #21: Secure Cloud Computing (some duplication with Lecture #20) Lecture #22: Comprehensive Overview of Cloud Computing Lecture #23: Secure Publication of XML Documents in the Cloud Lecture #24: Cloud-based Assured Information Sharing Lecture #25: Secure Social Media Also read the paper Managing Multi-Jurisdictional Requirements in the Cloud: Towards a Computational Legal Landscape, David Gordon and Travis Breaux; ACM CCS Cloud Security Workshop 2011 Papers to Read for Exam #2 Managing Multi-Jurisdictional Requirements in the Cloud: Towards a Computational Legal Landscape, David Gordon and Travis Breaux; ACM CCS Cloud Security Workshop 2011 Access Control in Data Management Systems (Lecture #11) - Suggested Papers - RBAC: Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E. Youman: Role-Based Access Control Models. IEEE Computer 29(2): 38-47 (1996) UCON: Jaehong Park, Ravi S. Sandhu: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1): 128-174 (2004) - first 20 pages DCON: Roshan K. Thomas, Ravi S. Sandhu: Towards a Multi-dimensional Characterization of Dissemination Control. POLICY 2004: 197-200 (IEEE) - Privacy (Lecture #8) - Suggested papers - Rakesh Agrawal, Ramakrishnan Srikant: Privacy-Preserving Data Mining. SIGMOD Conference 2000: 439-450 Papers to Read for Exam #2 Data Mining for Malware Detection (Lecture #3) - Suggested Papers - Mohammad M. Masud, Latifur Khan, Bhavani M. Thuraisingham: A Hybrid Model to Detect Malicious Executables. ICC 2007: 1443-1448 Secure Third Part Publication of XML Data in the Cloud (Lecture #23) - Suggested Papers - Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third-Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004) (first 6 sections, proofs not needed for exam) Cloud-basd Assured Information Sharing (Lecture #24) - Suggested Papers - Tyrone Cadenhead, Vaibhav Khadilkar, Murat Kantarcioglu, Bhavani M. Thuraisingham: A cloud-based RDF policy engine for assured information sharing. SACMAT 2012: 113-116 Papers to Read for Exam #2 Secure Social Media (Lecture #25) - Suggested Papers - Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat Kantarcioglu, Bhavani M. Thuraisingham: A semantic web based framework for social network access control. SACMAT 2009: 177-186 - Jack Lindamood, Raymond Heatherly, Murat Kantarcioglu, Bhavani M. Thuraisingham: Inferring private information using social network data. WWW 2009: 1145-1146 Papers to Read for Presentations: CODASPY 2011 Lei Jin, Hassan Takabi, James B. D. Joshi: Towards active detection of identity clone attacks on online social networks. 27-38 (Sachin) Philip W. L. Fong: Relationship-based access control: protection model and policy language. 191-202 Mohammad Jafari, Philip W. L. Fong, Reihaneh Safavi-Naini, Ken Barker, Nicholas Paul Sheppard: Towards defining semantic foundations for purpose-based privacy policies. 213-224 (Jane) Igor Bilogrevic, Murtuza Jadliwala, Jean-Pierre Hubaux, Imad Aad, Valtteri Niemi: Privacy-preserving activity scheduling on mobile devices. 261-272 Barbara Carminati, Elena Ferrari, Sandro Morasca, Davide Taibi: A probabilitybased approach to modeling the risk of unauthorized propagation of information in on-line social networks. 51-62 (Chitra) Papers to Read for Presentations: CODASPY 2012 Yuhao Yang, Jonathan Lutes, Fengjun Li, Bo Luo, Peng Liu: Stalking online: on user privacy in social networks. 37-48 (Jason) Suhendry Effendy, Roland H. C. Yap, Felix Halim: Revisiting link privacy in social networks. 61-70 (Kruthika) Ninghui Li, Haining Chen, Elisa Bertino: On practical specification and enforcement of obligations. 71-82 (Ankita) Ian Molloy, Luke Dickens, Charles Morisset, Pau-Chen Cheng, Jorge Lobo, Alessandra Russo: Risk-based security decisions under uncertainty. 157-168 (Navya) Musheer Ahmed, Mustaque Ahamad: Protecting health information on mobile devices. 229-240 (Ajay) Papers to Read for Presentations: CODASPY 2013 Sanae Rosen, Zhiyun Qian, Zhuoqing Morley Mao: AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users. 221-232 (Akshay) Rimma V. Nehme, Hyo-Sang Lim, Elisa Bertino: FENCE: continuous access control enforcement in dynamic data stream environments. 243-254 Wei Wei, Ting Yu, Rui Xue: iBigTable: practical data integrity for bigtable in public cloud. 341-352 (Ashwin) Majid Arianezhad, L. Jean Camp, Timothy Kelley, Douglas Stebila: Comparative eye tracking of experts and novices in web single sign-on. 105116 Papers to Read for Presentations: CODASPY 2014 William C. Garrison III, Yechen Qiao, Adam J. Lee: On the suitability of dissemination-centric access control systems for group-centric sharing. 1-12 (Pratyusha) Ebrahim Tarameshloo, Philip W. L. Fong, Payman Mohassel: On protection in federated social computing systems. 75-86 (Aishwarya) Michael Mitchell, Guanyu Tian, Zhi Wang: Systematic audit of third-party android phones. 175-186 Tien Tuan Anh Dinh, Anwitaman Datta: Streamforce: outsourcing access control enforcement for stream data to the clouds. 13-24 (Arpita) Mohammad Saiful Islam, Mehmet Kuzu, Murat Kantarcioglu: Inference attack against encrypted range queries on outsourced databases. 235-246 Papers to Read for Presentations – ACM CCS Cloud Security Workshop 2011 All Your Clouds are Belong to us - Security Analysis of Cloud Management Interfaces Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Joerg Schwenk, Nils Gruschka and Luigi Lo Iacono (Kirupa) Trusted Platform-as-a-Service: A Foundation for Trustworthy Cloud-Hosted Applications Andrew Brown and Jeff Chase (Rohit) Detecting Fraudulent Use of Cloud Resources Joseph Idziorek, Mark Tannian and Doug Jacobson Papers to Read for Presentations – ACM CCS Cloud Security Workshop 2012 Fast Dynamic Extracted Honeypots in Cloud Computing Sebastian Biedermann, Martin Mink, Stefan Katzenbeisser (Anirudh) Unity: Secure and Durable Personal Cloud Storage Beom Heyn Kim, Wei Huang, David Lie Exploiting Split Browsers for Efficiently Protecting User Data Angeliki Zavou, Elias Athanasopoulos, Georgios Portokalidis, Angelos Keromytis (Rahul) CloudFilter: Practical Control of Sensitive Data Propagation to the Cloud Ioannis Papagiannis, Peter Pietzuch Papers to Read for Presentations – ACM CCS Cloud Security Workshop 2013 Structural Cloud Audits that Protect Private Information Hongda Xiao; Bryan Ford; Joan Feigenbaum Cloudoscopy: Services Discovery and Topology Mapping Amir Herzberg; Haya Shulman; Johanna Ullrich; Edgar Weippl (Ahmed) Cloudsweeper: Enabling Data-Centric Document Management for Secure Cloud Archives Chris Kanich; Peter Snyder (Greeshma) Supporting Complex Queries and Access Policies for Multi-user Encrypted Databases Muhammad Rizwan Asghar; Giovanni Russello; Bruno Crispo Papers to Read for Presentations – ACM CCS Cloud Security Workshop 2014 CloudSafetyNet: Detecting Data Leakage between Cloud Tenants Christian Priebe; Divya Muthukumaran; Dan O'Keeffe; David Eyers; Brian Shand; Ruediger Kapitza; Peter Pietzuch (Sowmaya) Reconciling End-to-End Confidentiality and Data Reduction In Cloud Storage, Nathalie Baracaldo; Elli Androulaki; Joseph Glider; Alessandro Sorniotti A Framework for Outsourcing of Secure Computation Jesper Buus Nielsen; Claudio Orlandi (Ajay) Guardians of the Clouds: When Identity Providers Fail Andreas Mayer; Marcus Niemietz; Vladislav Mladenov; Joerg Schwenk (Viswesh) Your Software at my Service Vladislav Mladenov, Christian Mainka; Florian Feldmann; Julian Krautwald; Joerg Schwenk