Download Lecture 1 - The University of Texas at Dallas

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Document related concepts
no text concepts found
Transcript
Digital Forensics
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Lecture #1
Introduction to Data and Applications Security and
Digital Forensics
August 20, 2007
Outline
 Data and Applications Security
-
Developments and Directions
 Some Emerging Technologies
-
Digital watermarking, Biometrics, Digital Forensics, - - -
Developments in Data and Applications
Security: 1975 - Present
 Access Control for Systems R and Ingres (mid 1970s)
 Multilevel secure database systems (1980 – present)
- Relational database systems: research prototypes and products;
Distributed database systems: research prototypes and some
operational systems; Object data systems; Inference problem
and deductive database system; Transactions
 Recent developments in Secure Data Management (1996 – Present)
- Secure data warehousing, Role-based access control (RBAC); Ecommerce; XML security and Secure Semantic Web; Data
mining for intrusion detection and national security; Privacy;
Dependable data management; Secure knowledge management
and collaboration; emerging technologies such as biometrics
and digital forensics
Developments in Data and Applications
Security: Multilevel Secure Databases - I
 Air Force Summer Study in 1982
 Early systems based on Integrity Lock approach
 Systems in the mid to late 1980s, early 90s
- E.g., Seaview by SRI, Lock Data Views by Honeywell, ASD and
ASD Views by TRW
- Prototypes and commercial products
- Trusted Database Interpretation and Evaluation of Commercial
Products
 Secure Distributed Databases (late 80s to mid 90s)
- Architectures; Algorithms and Prototype for distributed query
processing; Simulation of distributed transaction management
and concurrency control algorithms; Secure federated data
management
Developments in Data and Applications
Security: Multilevel Secure Databases - II
 Inference Problem (mid 80s to mid 90s)
- Unsolvability of the inference problem; Security constraint
processing during query, update and database design
operations; Semantic models and conceptual structures
 Secure Object Databases and Systems (late 80s to mid 90s)
- Secure object models; Distributed object systems security;
Object modeling for designing secure applications; Secure
multimedia data management
 Secure Transactions (1990s)
- Single Level/ Multilevel Transactions; Secure recovery and
commit protocols
Some Directions and Challenges for Data and
Applications Security - I
 Secure semantic web
- Security models
 Secure Information Integration
- How do you securely integrate numerous and
heterogeneous data sources on the web and otherwise
 Secure Sensor Information Management
- Fusing and managing data/information from distributed
and autonomous sensors
 Secure Dependable Information Management
- Integrating Security, Real-time Processing and Fault
Tolerance
 Data Sharing vs. Privacy
- Federated database architectures?
Some Directions and Challenges for Data and
Applications Security - II
 Data mining and knowledge discovery for intrusion detection
- Need realistic models; real-time data mining
 Secure knowledge management
- Protect the assets and intellectual rights of an organization
 Information assurance, Infrastructure protection, Access
Control
- Insider cyber-threat analysis, Protecting national databases,
Role-based access control for emerging applications
 Security for emerging applications
- Geospatial, Biomedical, E-Commerce, etc.
 Other Directions
- Trust and Economics, Trust Management/Negotiation, Secure
Peer-to-peer computing, Emerging technologies such as digital
forensics
Emerging Technologies in Data and Applications
Security
 Digital Identity Management
 Identity Theft Management
 Digital Watermarking
 Risk Analysis
 Economic Analysis
 Secure Electronic Voting Machines
 Biometrics
 Digital Forensics
Digital Identity Management
 Digital identity is the identity that a user has to access an
electronic resource
 A person could have multiple identities
- A physician could have an identity to access medical
resources and another to access his bank accounts
 Digital identity management is about managing the multiple
identities
- Manage databases that store and retrieve identities
- Resolve conflicts and heterogeneity
- Make associations
- Provide security
 Ontology management for identity management is an
emerging research area
Digital Identity Management - II
 Federated Identity Management
- Corporations work with each other across organizational
boundaries with the concept of federated identity
- Each corporation has its own identity and may belong to
multiple federations
Individual identity management within an organization
and federated identity management across organizations
 Technologies for identity management
- Database management, data mining, ontology
management, federated computing
-
Identity Theft Management
 Need for secure identity management
- Ease the burden of managing numerous identities
- Prevent misuse of identity: preventing identity theft
 Identity theft is stealing another person’s digital identity
 Techniques for preventing identity thefts include
- Access control, Encryption, Digital Signatures
- A merchant encrypts the data and signs with the public
-
key of the recipient
Recipient decrypts with his private key
Steganography and Digital Watermarking
 Steganography is about hiding information within other
information
- E.g., hidden information is the message that terrorist may
be sending to their pees in different parts of the worlds
- Information may be hidden in valid texts, images, films
etc.
- Difficult to be detected by the unsuspecting human
 Steganalysis is about developing techniques that can analyze
text, images, video and detect hidden messages
- May use data mining techniques to detect hidden patters
 Steganograophy makes the task of the Cyber crime expert
difficult as he/she ahs to analyze for hidden information
- Communication protocols are being developed
Steganography and Digital Watermarking - II
 Digital water marking is about inserting information without
being detected for valid purposes
- It has applications in copyright protection
- A manufacturer may use digital watermarking to copyright
a particular music or video without being noticed
- When music is copies and copyright is violated, one can
detect two the real owner is by examining the copyright
embedded in the music or video
Risk Analysis
 Analyzing risks
- Before installing a secure system or a network one needs
to conduct a risk analysis study
- What are the threats? What are the risks?
 Various types of risk analysis methods
Quantitative approach: Events are ranked in the order of
risks and decisions are made based on then risks
Qualitative approach: estimates are used for risks
-
Economics Analysis
 Security vs Cost
- If risks are high and damage is significant then it may be
worth the cost of incorporating security
- If risks and damage are not high, then security may be an
additional cost burden
 Economists and technologists need to work together
- Develop cost models
- Cost vs. Risk/Threat study
Secure Electronic Voting Machines
 We are slowly migrating to electronic voting machines
 Current electronic machines have many security
vulnerabilities
 A person can log into the system multiple times from different
parts of the country and cast his/her vote
 Insufficient techniques for ensuring that a person can vote
only once
 The systems may be attacked and compromised
 Solutions are being developed
 Johns Hopkins University is one of the leaders in the field of
secure electronic voting machines
Biometrics
 Early Identication and Authentication (I&A) systems, were
based on passwords
 Recently physical characteristics of a person are being sued
for identification
- Fingerprinting
- Facial features
- Iris scans
- Blood circulation
- Facial expressions
 Biometrics techniques will provide access not only to
computers but also to building and homes
 Other Applications
Digital Forensics
 Digital forensics is about the investigation of crime including
using digital/computer methods
 More formally: “Digital forensics, also known as computer
forensics, involved the preservation, identification, extraction,
and documentation of computer evidence stored as data or
magnetically encoded information”, by John Vacca
 Digital evidence may be used to analyze cyber crime (e.g.
Worms and virus), physical crime (e.g., homicide) or crime
committed through the use of computers (e.g., child
pornography)
Digital Forensics - II
 The steps include the following:
- When a crime occurs, law enforcement officials gather
every piece of evidence including information from the
crime scene as well as from the computers
- The evidence gathered is analyzed
- Techniques include
 Intrusion detection
 Data Mining
 Analyzing log files
 Analyze email messages
 Lawyers, Psychologists, Sociologists, Crime investigators
and Technologists have to work together
 International Journal of Digital Evidence is a useful source
Information Sharing between Trustworthy, Semitrustworthy and Untrustworthy Partners
Data/Policy for Federation
Export
Data/Policy
Export
Data/Policy
Export
Data/Policy
Component
Data/Policy for
Agency A
Component
Data/Policy for
Agency C
Component
Data/Policy for
Agency B