Formalization of Trust, Fraud, and Vulnerability Analysis

Slides:

Advertisements

Similar presentations

Advertisements

Department of Mathematics and Science

1 Trust-based Privacy Preservation for Peer-to-peer Data Sharing Y. Lu, W. Wang, D. Xu, and B. Bhargava yilu, wangwc, dxu, cs.purdue.edu Department.

Formal Methods for Intrusion Detection Presented by Brian Kellogg CSE 914: Formal Methods for Software Development Michigan State University December 11.

/7/2015 8:01:19 PM 7. Using Trust for Role-Based Access Control (RBAC) Prof. Bharat Bhargava Center for Education and Research in Information Assurance.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Data Mining and Intrusion Detection

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

The State of Security Management By Jim Reavis January 2003.

Modeling an Intelligent Continuous Authentication System to Protect Financial Information Resources Thomas G. Calderon Akhilesh Chandra John J. Cheh The.

1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.

Secure communication in cellular and ad hoc environments Bharat Bhargava Department of Computer Sciences, Purdue University This is supported.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.

Trust, Privacy, and Security Moderator: Bharat Bhargava 1 Coordinators: Bharat Bhargava 1, Csilla Farkas 2, and Leszek Lilien 1 1 Purdue University and.

/16/2015 9:20:53 PM 9. Role-Based Access Control (RBAC) Role Classification Algorithm Prof. Bharat Bhargava Center for Education and Research in.

09/28/2007 CIS Dept., UMass Dartmouth 1 Trustworthy Agent-Based Online Auction Systems Prof. Haiping Xu Concurrent Software Systems Laboratory Computer.

September 2003 Fraud Formalization and Detection Bharat Bhargava, Yuhui Zhong, Yunhua Lu Center for Education and Research in Information Assurance and.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Introduction (Pendahuluan)  Information Security.

Anonymizing Web Services Through a Club Mechanism With Economic Incentives Mamata Jenamani Leszek Lilien Bharat Bhargava Department of Computer Sciences.

PRIVACY, TRUST, and SECURITY Bharat Bhargava (moderator)

March 24, 2003Upadhyaya – IWIA A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.

Application Threat Modeling Workshop

Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

1 Autonomic Computing An Introduction Guenter Kickinger.

Data Warehouse & Data Mining

Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

INTERACTIVE ANALYSIS OF COMPUTER CRIMES PRESENTED FOR CS-689 ON 10/12/2000 BY NAGAKALYANA ESKALA.

The Grid System Design Liu Xiangrui Beijing Institute of Technology.

The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:

Data Mining By Dave Maung.

Second Line Intrusion Detection Using Personalization DISA Sponsored GWU-CS.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.

Ali Alhamdan, PhD National Information Center Ministry of Interior

Kansas State University Department of Computing and Information Sciences CIS 830: Advanced Topics in Artificial Intelligence Wednesday, March 29, 2000.

ReSeTrus Development of a digital library technology based on redundancy elimination and semantic elevation, with special emphasis on trust management.

SEC835 Security in Databases and Web applications Presentation.

A Security Framework with Trust Management for Sensor Networks Zhiying Yao, Daeyoung Kim, Insun Lee Information and Communication University (ICU) Kiyoung.

A Blackboard-Based Learning Intrusion Detection System: A New Approach

SECURITY IN MOBILE NETWORKS Bharat Bhargava CERIAS and Computer Sciences Departments Purdue University, W. Lafayette, IN Supported.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

Amendments to the District ESE Policy and Procedures that outline Virtual education guidelines appear in blue. "The noblest pleasure is the joy of understanding."

Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.

A Context Framework for Ambient Intelligence

Presented by Edith Ngai MPhil Term 3 Presentation

Introduction and implementation OWASP Risk Rating Management

Update from the Faster Payments Task Force

High Performance Computing Lab.

LAND RECORDS INFORMATION SYSTEMS DIVISION

Detection and Analysis of Threats to the Energy Sector (DATES)

Off-line Risk Assessment of Cloud Service Provider

Adaptable safety and security in v2x systems

Jiawei Han Department of Computer Science

SECURITY MECHANISM & E-COMMERCE

CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION

A survey of network anomaly detection techniques

Autonomous Aggregate Data Analytics in Untrusted Cloud

Chapter 27 Security Engineering

Web Mining Department of Computer Science and Engg.

Data Warehousing Data Mining Privacy

ITU-T Workshop on Security, Seoul (Korea), May 2002

Trust-based Privacy Preservation for Peer-to-peer Data Sharing

Presentation transcript:

Formalization of Trust, Fraud, and Vulnerability Analysis Bharat Bhargava, Leszek Lilien, Yuhui Zhong, Yi Lu, Yunhua Lu Department of Computer Sciences Purdue University http://www.cs.purdue.edu/homes/bb/NSFtrust.html

Trust-related research questions Formalization of trust Formalization of evidence Evidence identification for trust evaluation and prediction Design of evidence collection mechanisms Trust evaluation based on multiple types of evidences Mechanisms to build trust How to motivate trustor? Insurance mechanisms and escrow services How to motivate trustee? Monitor-and-punish and incentive-based mechanisms Evaluation methods for trust

Progress and results Developed an evidence model that accommodates credentials of different formats and supports evaluation of reliability of evidence [1] Designed a classification algorithm for building user-role profiles in a trust environment [2] Proposed a framework for adaptive trust assessment [3] Developed and implemented four trust production rules [3] Proposed a user behavior models to evaluate trust assessment approaches [3] Designed and partially implemented a trust-enhanced role mapping server that cooperates with RBAC mechanisms to solve authorization problems in open environments [1]

Fraud-related research questions Fraud formalization Categorize fraudsters Formalize deceiving intentions Fraud prevention Is the issue of resistance of biometric authentication to attack an important question for fraud prevention? Analyze fraud scenarios to construct states and transition actions for state transition analysis Hinder transitions from normal states to potential fraud states Fraud detection Behavior patterns to profile and monitor Identify patterns classified as anomalous Avoid false alarms, especially as patterns evolve over time Design rule generation algorithms to automatically discover fraud rules and to select fraud rule sets with comprehensive coverage, small size, and the required level of accuracy

Progress and results Modeled three deceiving intentions [4] Developed a deceiving intention prediction algorithm [4] Proposed an approach for swindler detection and an architecture realizing the approach [4] Derived an equilibrium bidding strategy for honest bidders in an English auction existing multiple bidding and shill bidding [5] Developed a token-based model for fraud detection and prevention [6] Shown experimentally that false alarm rate is reduced in token-based model compare to cost-based model [6]

Vulnerability-related research issues Vulnerability and threat analysis Analyze vulnerabilities and threats in database systems Solutions for threat avoidance Solutions for threat tolerance Analysis of computer security paradigms and effectiveness of methods and tools based on them Interplay of vulnerabilities, trust, and fraud Use trust to avoid/tolerate vulnerabilities and threats Reciprocally, use vulnerability and threat avoidance or tolerance to increase trust among peers Use analysis of trust, vulnerabilities and threats to reduce fraud (via prevention, detection and tolerance)

Progress and results Searched vulnerability databases (ICAT, CERT/CC, SecurityFocus, MITRE/CVE, CIRDB, MS, Oracle) [7] Identified vulnerabilities impacting database integrity (MS, Oracle) [7] Performing analysis of the vulnerabilities [7] Performing analysis of computer security paradigms (identifying, classifying, etc.) [8] Working on a new security paradigm for information security based on trust [8]

References B. Bhargava and Y. Zhong, "Authorization Based on Evidence and Trust,” in Proc. of Data Warehousing and Knowledge Discovery Conf. (DaWaK), Sept. 2002. E. Terzi, Y. Zhong, B. Bhargava, Pankaj, and S. Madria, "An Algorithm for Building User-Role Profiles in a Trust Environment,” in Proc. of Data Warehousing and Knowledge Discovery Conf. (DaWaK), Sept. 2002. Y. Zhong, Y. Lu, and B. Bhargava, "Dynamic Trust Production Based on Interaction Sequence," Technical Report, CSD-TR 03-006, Dept. of Computer Sciences, Purdue University, March 2003. B. Bhargava, Y. Zhong, and Y. Lu, "Fraud Formalization and Detection,” in Proc. of Data Warehousing and Knowledge Discovery Conf. (DaWaK), Sept. 2003. B. Bhargava, M. Jenamani, and Y. Zhong, "Impact of Privacy Violation on the Fairness of Internet Auctions," submitted for publication. Y. Lu, L. Lilien, and B. Bhargava, "A Token-based Model for Fraud Detection and Prevention,” Working Paper, Dept. of Computer Sciences, Purdue U., Sept. 2003. L. Lilien, T. Morris, and A. Savoy, "Analysis of Data Integrity Vulnerabilities, " Working Paper, Dept. of Computer Sciences, Purdue University, Sept. 2003. L. Lilien and A. Bhargava, "From Vulnerabilities to Trust: A Road to Trusted Computing ," to appear in Proc. of Intl. Conf. on Internet, Processing, Systems, Interdisciplinaries (IPSI), Sv. Stefan, Serbia and Montenegro, Oct. 2003.