1. Data and Applications Security (DAS) Research at UTD Dr. Bhavani Thuraisingham 20 June 2006

2. 1-2 9/23/2015 03:39 Memorandum 0 This presentation reflects our team's intentions for Data and Applications (DAS) research at UTD and will continue to evolve and could change to meet conditions and uncertainties that could be prevalent in the future. 0 It is the intent of the DAS team to make UTD the premier research university in DAS for government and industry. 0 DAS research areas and funding projections are based on current trends and are not intended to be the final version. Values and numbers given are only estimates and they involve assumptions. 0 Statements made in this presentation are forward-looking statements. Such statements are not guarantees of future performance.

3. 1-3 9/23/2015 03:39 Outline 0 What is Data and Applications Security (DAS)? 0 How does DAS fit in within Cyber Security? 0 Strength of UTD in DAS 0 What are UTD’s major areas in DAS? -Will elaborate on some of the areas 0 Who are our major collaborators? 0 What is our current funding? 0 What investments do we need and potential sources of support? 0 Who are our “Other Sources”? 0 What Technical/Professional Accomplishments do we want to achieve in the next 3-5 years?

4. 1-4 9/23/2015 03:39 What is DAS? Integrates Information Security and Data Management Access Control Policies Privacy Trust Discretionary and Multilevel security Secure relational, distributed and OO systems, Query, transactions Secure warehouses, Mining systems, Privacy preserving data mining Secure digital Libraries, sensors Semantic webs Components of Securing data, information and knowledge systems and applications Vulnerability analysis: Applications of data mining in Worm, Intrusion detection Secure applications: Biometrics Digital forensics Electronic voting machines Details in my book #7

5. 1-5 9/23/2015 03:39 How does DAS fit in within Cyber Security Data and Applications Security (DAS) Network Security (Securing networks including secure protocols and communications) Operating systems (securing resources such as files, interposes communication) Components of Cyber Security Also called Information Security Secure Middleware: Secure object request brokers J2EE security Cross cutting themes: Security and economics Secure sensors Access control Vulnerabilities Details in my book #7

6. 1-6 9/23/2015 03:39 Strength of UTD in DAS 0 UTD is one of the top three leaders in DAS (others Purdue and GMU) 0 Bhavani Thuraisingham is considered a leading expert in DAS -Early contributor; worked in the field for 21 years -Comprehensive book in DAS -Invited to over 30 keynote addresses over the past 12 years -Advisor to govt sponsors while at MITRE -Strong in related technologies including data mining, information management and overall cyber security 0 UTD also has a strong primary and supporting team in this area -Key players: Latifur and Murat in data mining and DAS -Others: Kevin Hamlen, I-Ling, Prabhakaran, Kang, Weili =Theory, Web services, Motion data, Visualization, Geospatial

7. 1-7 9/23/2015 03:39 What are UTD’s Major Areas in DAS? 0 Assured Information Sharing (Very Strong) 0 Security for semantic web (Very Strong) 0 Secure Geospatial Information Management (Very Strong) 0 Data Mining for Cyber Security Applications (Strong - Latifur) 0 Data Mining for National Security Applications (Strong) 0 Privacy Preserving Data Mining (Strong - Murat) 0 Secure Data Grid (Strong – I-Ling) 0 Data Integrity and Provenance (Strong – Murat) 0 Secure sensor information management (Strong) 0 Foundations (Strong - Kevin) 0 Other areas: Biometrics, Dependability (Medium) -Biometrics, - - - Very strong = Pioneer, Strong = Leader, Medium = One of many Next 3 charts will elaborate on the areas we are very strong; where are we? Where do we want to go?

8. 1-8 9/23/2015 03:39 Assured Information Sharing: Where are we? Where do we want to go? ( Bhavani, Latifur, Murat) Publish Data/Policy Component Data/Policy for Agency A Data/Policy for Coalition/ Extract patterns Publish Data/Policy Component Data/Policy for Agency C Component Data/Policy for Agency B Publish Data/Policy Where are we? We are examining 3 cases: Friendly partners; Semi- honest partners; Untrustworthy partners Techniques: data mining and policy enforcement, game theory, worm detection Where do we want to go? Build a testbed/lab for AIS so that organizations share text, relations, images, video, geospatial data, carry out analysis and enforce policies for all 3 cases

9. 1-9 9/23/2015 03:39 Our Research in Secure Geospatial Data Management: Where are we? Where do we want to go? (Latifur, Bhavani) Data Source A Data Source B Data Source C SECURITY/ QUALITY Semantic Metadata Extraction Decision Centric Fusion Geospatial data interoperability through web services Geospatial data mining Geospatial semantic web Tools for Analysts Where are we? Building the pieces in the blue box and developing geospatial semantic web technologies Where do we want to go/ Use the testbed developed for AIS to test out algorithms for geospatial data interoperab9lity and security

10. 1-10 9/23/2015 03:39 Secure Semantic Web: Where are we? Where do we want to go? ( Bhavani, Latifur ) 0 Where do we want to go 0 Need to develop an integrated secure system / Testbed XML, XML Schemas Rules/Query Logic, Proof and Trust TRUSTTRUST CONFIDENTILAITYCONFIDENTILAITY RDF, Ontologies URI, UNICODE PRIVACYPRIVACY 0 Machine Understandable Web Pages 0 What are we doing: CPT Policy enforcement (Confidentiality, Privacy, Trust)

11. 1-11 9/23/2015 03:39 Who are our major collaborators? AIS Geospatial Semantic web Data mining For cyber sec. Data mining for national sec. Privacy Provenance and Integrity Secure Grid Sensor info Other UCDUMBCUGALSUUTA UVA UIUCPurdueGMU X X x X X X X X X X X X X X X X We are also writing some papers with UCI, UCF, WVU, PSU, UNC-Charlotte Foreign collaborators: U. of Nottingham, Kings College, UK

12. 1-12 9/23/2015 03:39 Where is our funding coming from (since October 2004; jointly with Latifur, Murat) AIS Geospatial Semantic web Data mining For cyber sec. Data mining for national sec. Privacy Provenance and Integrity Secure Grid Sensor info Other RaytheonNSFCongressAFOSRAFRL 300K 120K DTO 100K300K 500K 200K Black: Current External, Red: Verbal confirmation with sponsor, Purple: Hoping to get funding 2006; Green: Cost share, Internal, Startup (Bhavani only) Some funding of others (e.g., Murat’s startup) are not included 100K Int./St.up 150K 90K 70K 60K 50K 30K 40K 120K 20K

13. 1-13 9/23/2015 03:39 What investments do we need and potential sources of support? AIS Geospatial Semantic web Data mining For cyber sec. Data mining for national sec. Privacy Provenance and Integrity Secure Grid Sensor info Other NSFMURI Total Infrastructure $4m $500K Other sources are agencies and consortium; e.g. with OGC proposals to NGA Privacy is mainly Murat’s area with some support from Bhavani Currently 2m is a line item in the budget for secure grid; 500K/yr to UTD Other sourcesUTD $3m $1m $700K $500K 400K $1m $500K$1m$500K $2 m $1m $1.5m $500K $350K $400K CongressTBD 250K150K 300K100K TBD

14. 1-14 9/23/2015 03:39 “Other Sources” : Agencies and Consortia 0 Agencies: -We are establishing very good connections with AF (AFOSR and AFRL); also well connected for a MURI for AF. Next step is to follow up on contacts with Army and Navy -Also establishing contacts with DHS, DTO, CIA, NSA; we are identifying areas of mutual interest 0 Consortia -One consortium we are forming is with NGA, Oracle, Raytheon; we are working on proposal to NGA on interoperability -A goal is to establish a UTD-consortium with industry and get them to join the consortium for a fee. This is one my main objectives for FY07 0 Congressional Funds -Once we get started on this, we would like to go after center scale projects

15. 1-15 9/23/2015 03:39 What other resources do we need? 0 Three more faculty in DAS, Digital Forensics, Data Mining either assistant or associate professor level from top schools – -Stanford, CMU, Berkeley for data mining -Include UIUC, Purdue and GATech for DAS and Digital Forensics 0 Laboratory space to build an open test bed / laboratory so that we become a showcase for the government in AIS and related areas -Demonstrate Assured Information Sharing with data (text, images, etc.) coming from different sources and demonstrate through semantic web technologies (sort of a war room) -Will use SAIAL resources as needed 0 Secretary for managing our papers, open source, patents, projects

16. 1-16 9/23/2015 03:39 What Technical/Professional Accomplishments do we want to achieve in the next 3-5 years? Publications in top journals and conferences IEEE/ACM Keynotes Senior member of IEEE, IEEE/ACM Fellows, International awards Conference chairs Develop open source Software, Patents Technology transfer to companies Government Test beds Components of We hope UTD Research in DAS will result in the following Consortia/ Standards: e.g., OGC, Oracle, Raytheon consortia; DETER community Books based on PhD thesis e.g., Contract signed For book #1 on data mining applications Awad, Khan and Thuraisingham UTD DAS Team will work together to establish A government Southwest Research Center in this area For the govt.