Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Dependable Data Management November 28, 2011
Outline of the Unit Secure Dependable Data Management Secure Real-time Data Management Secure Sensor Information Management Reference Jungin Kim, Bhavani M. Thuraisingham: Dependable and Secure TMO Scheme. ISORC 2006: 133-140 Jungin Kim, Bhavani M. Thuraisingham: Design of Secure CAMIN Application System Based on Dependable and Secure TMO and RT-UCON. ISORC 2007: 146-155 Vana Kalogeraki, Dimitrios Gunopulos, Ravi S. Sandhu, Bhavani M. Thuraisingham: QoS Aware Dependable Distributed Stream Processing. ISORC 2008: 69-75
Secure Dependable Information Management: What is it? Features of Secure Dependable Information Management secure information management fault tolerant information Management High integrity and high assurance computing Real-time computing Trust management Data Quality Data Provenance
Secure Dependable Information Management: Integration Integration of the different Features Quality of Service Need end-to-end dependability? Dependable OS, Dependable data management, Dependable middleware, Dependable networks
Secure Dependable Information Management: Integration
Secure Dependable Information Management: Conflict Resolution Conflicts between different features Security, Integrity, Fault Tolerance, Real-time Processing E.g., A process may miss real-time deadlines when access control checks are made Trade-offs between real-time processing and security What are the problems? Access control checks vs real-time constraints Covert channels (Secret process could be a high priority process and an Unclassified process could be a low priority process) Time critical process could be malicious Need Flexible policies Real-time processing may be critical during a mission while security may be critical during non-operational times
Secure Dependable Information Management Example: Next Generation AWACS Navigation Data Analysis Programming Display Consoles Data Links Group (DAPG) Processor (14) & Sensors Refresh Channels Sensor Multi-Sensor Detections Tracks Security being considered after the system has been designed and prototypes implemented Challenge: Integrating real-time processing, security and fault tolerance Technology provided by the project Future Future Future App App App Data MSI Mgmt. Data App Xchg. Infrastructure Services Real-time Operating System Hardware 27
Secure Dependable Information Management: Integration
Secure Dependable Information Management: Directions for Research Challenge: How does a system ensure integrity, security, fault tolerant processing, and still meet timing constraints? Develop flexible security policies; when is it more important to ensure real-time processing and ensure security? Security models and architectures for the policies; Examine real- time algorithms – e.g.,query and transaction processing Research for databases as well as for applications; what assumptions do we need to make about operating systems, networks and middleware? Data may be emanating from sensors and other devices at multiple locations Data may pertain to individuals (e.g. video information, images, surveillance information, etc.) Data may be mined to extract useful information Privacy Preserving Surveillance
Real-time Information Management Real-time Operating Systems E.g., Lynx OS Real-time Data Management Transactions must meet timing constraints E.g., RT-Zip (product developed in the early 1990s) Real-time Middleware E.g., RT-ORB (www.omg.org) Real-time networks Real-time message passing Need end-to-end real-time processing capability
Real-time Data Management
Real-time Data Management Management: Data Model Data models such as relational and object models have time parameters Data has timestamp as to when it was last updated Data must be kept current and updated to meet timing constraints E.g., Data cannot be more than 1 day old Data processing algorithms (e.g., methods in an object model) must meet timing constraints E.g., queries and transactions have to complete within a certain time
Real-time Data Management : Query Queries have to meet timing constraints Certain queries may be more important than the others E.g. queries with short timing constraints Queries are processed in such a way that all queries must meet the deadlines as much as possible What happens if the deadlines are not met?
Real-time Data Management : Transactions Transactions have to meet timing constraints Transactions are assigned priorities depending on their deadlines Those with shorter deadlines may be given higher priorities Transactions with higher priorities are given resources such as locks’ If transactions T1 has priority 8 and Transactions T2 has priority 5 and if both are competing for locks at these same time, T1 is given the lock If T1 is waiting for a lock that T2 has, then should T2 be aborted and the lock given to T1?
Conflict between Security and Real-time Processing Suppose transaction T1 has priority 8 and Transactions T2 has priority 5 Assume that T2 is Unclassified and T1 is Secret If T1 is waiting for a lock that T2 has, then one possibility is to abort T2 and give the lock to T1 However T2 is Unclassified. Therefore actions of a Secret transaction have interfered with those of an unclassified transaction – potential for covert challenges Should the system ensure that deadlines are met or should the system ensure security? Access control checks also take time. Therefore in case of emergency should these checks be ignored? Malicious code may tamper with the real-time constraints
Aspects of Data Quality Components of Aspects of Data Quality Data Mining: Annotations: Data mining to improve Use annotations to data quality; specify data quality Need good quality data Parameters; to carry out useful Develop an algebra for data mining data quality Security and data quality: Semantic web and Tradeoffs between ensuring data quality: data quality and confidentiality; Data quality for the layers: Quality of service management XML, RDF, Ontologies, techniques Interoperability, Query/Rules
Data Provenance Keep track of where the data has come from and who has handled the data Data source and how the data has arrived to the current positions From A to B to C to D etc. Use annotations for data provenance: document data Can you trust the data source? Has misinformation been given and if so at which point? Has data been misused?
Applications Protecting Critical Infrastructures Power lines and Grids Telecommunications Food and water supplies Reservoirs Gas supplies National Information Infrastructures Protecting Information for the War fighters and Missions Getting the right and secure information at the right time
Secure Sensor Information Management Sensor network consists of a collection of autonomous and interconnected sensors that continuously sense and store information about some local phenomena May be employed in battle fields, seismic zones, pavements Data streams emanate from sensors; for geospatial applications these data streams could contain continuous data of maps, images, etc. Data has to be fused and aggregated Continuous queries are posed, responses analyzed possibly in real- time, some streams discarded while rest may be stored Recent developments in sensor information management include sensor database systems, sensor data mining, distributed data management, layered architectures for sensor nets, storage methods, data fusion and aggregation Secure sensor data/information management has received very little attention; need a research agenda
Some Attacks on Sensors and Issues Access control violations, Denial of service attacks, Sensor protocol attacks, Hardware attacks Sensors are often places in enemy territory and are prone to various types of attacks including terrorist physical attacks Sensors also have limited memory and resources and therefore attacks could cause many problems with little backup procedures Wireless sensors are a special types of sensors embedded into PDAs and other devices Many issues and challenges similar for sensors and wireless sensors Need to carry out a comparison of the security issues involved
Secure Sensor Communication
Secure Sensor Data Manager: An Architecture
Secure Sensor Data Fusion: Inference Control
Secure Sensor Information Management: Directions for Research Individual sensors may be compromised and attacked; need techniques for detecting, managing and recovering from such attacks Aggregated sensor data may be sensitive; need secure storage sites for aggregated data; variation of the inference and aggregation problem? Security has to be incorporated into sensor database management Policies, models, architectures, queries, etc. Evaluate costs for incorporating security especially when the sensor data has to be fused, aggregated and perhaps mined in real-time Suspicious event detection and Privacy preserving surveillance