Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download WelcometoCISandCybercorps
Document related concepts
Multilevel security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Unix security wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Wireless security wikipedia , lookup
Distributed firewall wikipedia , lookup
Cyberwarfare wikipedia , lookup
Airport security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Mobile security wikipedia , lookup
Information security wikipedia , lookup
Cyberattack wikipedia , lookup
Social engineering (security) wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Security-focused operating system wikipedia , lookup
Transcript
Center for Information Security: An Overview October 4th, 2002 University of Tulsa - Center for Information Security CIS Overview • IA Mission: Education, Research and Service • CS Faculty – Prof. Sujeet Shenoi – Prof. Mauricio Papa – Prof. John Hale • Other faculty in multidisciplinary track (Political Science, Economics, Law, History • Founded in 1996 • NSA Center of Excellence in Information Assurance Education (2000) • Only school in the country fully compliant with federal INFOSEC training standards University of Tulsa - Center for Information Security CIS Curriculum • Curriculum Features – IA courses integrated into the CS/IST curricula – 3 IA courses taught each semester – Federal CNSS Certifications offered at TU • • • • • CNSS 4011 (Information System Security Professional) CNSS 4012 (Designated Approving Authority) CNSS 4013 (System Administrator) CNSS 4014 (Information System Security Officer) CNSS 4015 (System Certifier) – 10 CNSS 4011 Certificates awarded in 2001 – 48 CNSS 4011/12/14 Certificates in May 2002 University of Tulsa - Center for Information Security Information Assurance Courses (Core) CORE IA COURSES Computer Security: Introduction to security problems in computing. Encryption and decryption techniques. Secure encryption systems. Cryptographic protocols and practices. Security in networks and distributed systems. Legal and ethical issues in computer security. Secure E-Commerce: Electronic commerce technology, models and issues. Principles and case studies. Introduction to security architectures for electronic commerce including digital signatures, certificates, and public key infrastructure (PKI). Legal and national policy electronic commerce issues. Information System Assurance: Design and analysis methods for high assurance information systems. Safety, reliability and security. Specification of mission critical system properties. Software and hardware validation, verification and certification. Enterprise Security Management: Security architecture design and implementation methodologies for enterprises. Risk management, policy development, and system integration. Public Key Infrastructures. Security management, preparedness and incident response processes and techniques. Procurement, accreditation, installation and validation of secure enterprise information systems. Secure System Administration and Certification: Provisioning, procurement and installation of network, hardware and software systems for mission critical enterprises. System configuration, integration and maintenance. Incident handling and response. Methodologies and standards for system testing, verification and certification. University of Tulsa - Center for Information Security Information Assurance Courses (Electives) ELECTIVE IA COURSES (CS) Network Security Computer & Network Forensics Telecommunications Security Risk Management Security Engineering Critical Infrastructure Protection Topics in Information Assurance SYSTEMS COURSES (CS) Operating Systems Database Systems Computer Networks Distributed Computing Operating Systems Theory Advanced Database Systems Advanced Computer Networks ELECTIVE IA COURSES (LAW) National Security Law Cyber Law and Policy Constitutional Law Constitutional Law II Administrative Law International Law ELECTIVE IA COURSES (POLSCI/HIST/ECON) U.S. National Security Policy Global Threats to American Security Ethnic Conflict and Civil War Intelligence & U.S. National Security Policy Politics of Cyber Terrorism History of 20th Century American Foreign Policy Opponents of the American Empire Domestic Economic Policy & Homeland Security University of Tulsa - Center for Information Security CNSS Course Mappings CNSS 4011: INFOSEC CNSS 4012: DAA CNSS 4013: SA Comp Security Secure E-Commerce Info Sys Assur Comp Security Secure E-Commerce Info Sys Assur Ent Sec Mgmt Comp Security Secure E-Commerce Info Sys Assur Sec Sys Admin & Cert IA Elective 2 of 3 Systems Courses Op Systems Databases Comp Networks IA Elective 2 of 3 Systems Courses Op Systems Databases Comp Networks IA Elective 3 of 3 Systems Courses Op Systems Databases Comp Networks CNSS 4014: ISSO CNSS 4015: SC Comp Security Secure E-Commerce Info Sys Assur Ent Sec Mgmt Comp Security Secure E-Commerce Info Sys Assur Ent Sec Mgmt Sec Sys Admin & Cert IA Elective 3 of 3 Systems Courses Op Systems Databases Comp Networks IA Elective 3 of 3 Systems Courses Op Systems Databases Comp Networks University of Tulsa - Center for Information Security CyberCorps • Scholarship for Service – Part of the Cyber Service initiative • Announced in May 2002 – NSF Grant to five Universities • University of Tulsa, Naval Postgraduate School, Iowa State University, Purdue University, University of Idaho and Carnegie Mellon University • Mission – Training of elite squadrons of computer security experts – Defense against Internet hackers and terrorists University of Tulsa - Center for Information Security CyberCorps Program • Objectives – Enroll 12 new students each year • Open to students in their junior year or first-year graduate students (two-year program) • Grant pays each student’s tuition for two years, room and board, travel to conferences and stipend • Obligations – Students must complete a summer internship in a federal agency at the end of their first year – Two years of service for the Federal Government University of Tulsa - Center for Information Security CyberCorps Program • Research – Students will conduct research in collaboration with federal scientists toward a Senior Project or Master’s Thesis – Teams: two undergraduates and one graduate student • Outreach Activities – Developing Information Technology Ethics courses for middle and high-school students – Collaborate with the National Memorial Institute for the Prevention of Terrorism in Oklahoma City University of Tulsa - Center for Information Security Research Projects • • • • • • • • Telecommunications Security Intrusion Detection Attack Modeling and Visualization Network Vulnerability Analysis Computer and Network Forensics Policy Mediation Programmable Security Cryptographic Protocol Verification University of Tulsa - Center for Information Security Telecommunications Security • DoJ project developing systems for defending PTNs from cyberterrorist attacks • Experimental PTN providing analog, digital and wireless telephony used for research • Convergence networks • SS7, xDSL, ISDN, wireless gateways • Collaboration with NIST and Williams University of Tulsa - Center for Information Security Intrusion Detection • DoJ project developing robust intrusion detection systems • Specialized software agents monitor network resources, report anomalies and intrusions • Initiate countermeasures • Collaboration with the ISTS/Dartmouth Consortium University of Tulsa - Center for Information Security Attack Modeling/Visualization • DoJ project developing coherent schemes for monitoring and visualizing Internet attacks in real-time • Java prototype under development • Distributed agents synthesize feedback from IDS into a special language • Subsequently transformed into an integrated graphical representation by centralized monitor University of Tulsa - Center for Information Security Network Vulnerability Analysis • DoJ project developing tools for mapping IP networks and analyzing vulnerabilities • In the process of including convergence technologies • Information includes operating system profiles and data, IP service fingerprints • SS7 network and wireless gateways • Integrated with an attack model database to support vulnerability analysis University of Tulsa - Center for Information Security Computer and Network Forensics • Currently supported by Williams Energy Services • Developing state-of-the-art forensic capabilities • Network scanners, IP profilers, chat room monitors, evidence preservation • Tools for recovering and analyzing evidence • Tulsa Police Department’s Cyber Crime Division University of Tulsa - Center for Information Security Policy Mediation • NSF project using primitive logic and mediator technology • Implement access control and metapolicies • Negotiate authorization policies in federated DB environments • Prototype in Java using JDBC and CORBA • NIST scientists have developed universal policy machines University of Tulsa - Center for Information Security Programmable Security • NSA and NSF supported project developing programming languages with constructs for programmable security • Primitive ticket-based model used to implement a variety of access control models (DAC, MAC, RBAC and TBAC) • Security checking at compile and runtime University of Tulsa - Center for Information Security Cryptographic Protocol Verification • Developed a formalism that integrates logic and process calculus components • Support for formal proofs about the protocol, knowledge and behavior of principals • Comprehensive modeling of encrypted and unencrypted messages • Expressive message passing semantics • Constructs for modeling agents • Modeling/Verifying security properties of distributed systems University of Tulsa - Center for Information Security
