Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure / Resilient Systems and Data Dissemination / Provenance

Published byRebecca Lambert Modified over 7 years ago

Similar presentations

Presentation on theme: "Secure / Resilient Systems and Data Dissemination / Provenance"— Presentation transcript:

1 Northrop Grumman Cybersecurity Research Consortium (NGCRC) 2017 Fall Symposium
Secure / Resilient Systems and Data Dissemination / Provenance 26 October 2017 Bharat Bhargava Purdue University Technical Champion(s): Donald Steiner, Paul Conoval, Daniel Goodwin, Jason Kobes, Kory Brin

2 Data Dissemination/Provenance

3 Collaboration with NGC and MIT:
“WAXEDPRUNE” project: Web-based Access to Encrypted Data Processing in Untrusted Environments Researchers: Donald Steiner, Jason Kobes, Leon Li, Paul Conoval (Northrop Grumman Corporation) Bharat Bhargava , Denis Ulybyshev, Miguel Villarreal-Vasquez, Aala Alsalem, Leszek Lilien, Ganapathy Mani, Mai Elkady, Balamurugan Anandan, Rohit Ranchal (Purdue University) Harry Halpin (MIT)

4 Outline Collaboration with NGC IRADs Problem Statement
Research Approach Benefits Core Design Demos and Experiments Proposed Deliverables Ongoing Work 4

5 Collaboration with NGC IRADs
All materials available here: WAXEDPRUNE project: Proposed by Donald Steiner, Leon Li, Jason Kobes Extended prototype is running and can be accessed at Demo Code MTD project: Demo Code IEEE Cloud 2017 papers: 1) D. Ulybyshev, B. Bhargava, M. Villarreal-Vasquez, A. Alsalem, D. Steiner, L. Li, J. Kobes, H. Halpin and R. Ranchal, “Privacy-Preserving Data Dissemination in Untrusted Cloud” , IEEE Cloud 2017 2) M. Villarreal-Vasquez, B. Bhargava, P. Angin, N. Ahmed, D. Goodwin, K. Brin and J. Kobes, “An MTD-based Self-Adaptive Resilience Approach for Cloud Systems”, IEEE CLOUD 2017. Submitted for ”Computer & Security” Elsevier Journal, Oct. 2017: D. Ulybyshev, B. Bhargava, D. Steiner, L. Li, J. Kobes, A. Alsalem, H. Halpin and R. Ranchal “Secure Data Sharing and Data Leakage Detection in Untrusted Cloud” 5

6 Awards Schleman Gold Medallion Award, 2017
For supporting women in computer science Focus Award at Purdue University, 2017 Applying research to help differently abled (visually impaired, blind) Purdue University Computer Science Corporate Partners Research Award 2017 For work based on WaxedPrune project extension 6

7 Expertise Data Privacy Data Provenance Insider Threat Detection
Encrypted search over encrypted data Innovative use of blockchain for trust Moving Target Defense Applied Machine Learning Cognitive Autonomy Knowledge Discovery Scalability in SDN Experience of building prototypes for NG TechFest 7

8 Focus: Data Privacy, Provenance, Data Leakage
Problem Statement Focus: Data Privacy, Provenance, Data Leakage Detect data leakage (intentional or inadvertent) to unauthorized services Track provenance to support data lineage, reproducibility Measure data leakage (what got leaked, when, to whom, how sensitive was the data) Support encrypted search over database of Active Bundles 8

9 Problem Statement Cloud Server Doctor Data Owner
Active Bundle Web Crypto Authentication Doctor Data Owner Patient’s EHR (Active Bundle) Contact, Medical and Billing Information Insurance Researcher - Contact Info - Medical Info - Billing Info - E(Medical Info) - E(Contact Info) Leakage of Medical Info Scenario of EHR Dissemination in Cloud and Leakage (suggested by Dr. Leon Li, NGC) 9

10 Search Index (CryptDB)
Problem Statement Search Index (CryptDB) AB 1 2 n Public Cloud Active Bundle Database (Hospital IS) Build search index Feed AB’s Web-based Application Retrieve and Display Documents Search by keywords Encrypted Search over Encrypted Data stored in Cloud (suggested by Dr. Leon Li, NGC) SELECT prescription FROM Hospital_IS WHERE diagnosis = ‘insomnia’; Example: 10

11 Research Approach Privacy-Preserving Data Dissemination based on:
Access control policies Trust level of a subject (service, user) Context (e.g. emergency vs. normal) Security level of client’s browser (crypto capabilities) Authentication method (password-based, fingerprint, etc) Source network (secure intranet vs. unknown network) Type of client’s device: desktop vs. mobile (detected by Authentication Server) 11

12 Research Approach (cont.)
Data Leakage Detection For leaked encrypted data: Based on Obligations: how data is used by authorized party Obligations are enforced by Central Monitor when recipient tries to extract data from Active Bundle (AB) Digital watermarks that can be checked by web crawlers For leaked decrypted data: Based on visual watermarks embedded into sensitive data 12

13 WAXEDPRUNE prototype is extended to support the following features:
Contributions WAXEDPRUNE prototype is extended to support the following features: 1. Data leakage detection in SOA 2. Encrypted search over encrypted data (over Active Bundle database Prototype is implemented and was demonstrated at NGCRC symposium in April 2017 Source code and Demo video [7] are available 13

14 Novelty Contributes to Data Privacy, Integrity and Confidentiality
On-the-fly key generation scheme Does not require data owner’s availability Supports on-the-fly data updates for multiple subjects Tamper-resistance: data and policies integrity is provided Supports encrypted search over database of Active Bundles Data leakage detection and leakage damage assessment Captures data provenance for use in leakage measure and forensics 14

15 Core Design: Active Bundle
Active Bundle (AB) [2,4]: contains Sensitive data: Encrypted data items Metadata: describe AB and its access control policies Policies manage AB interaction with services and hosts Enc(Sensitive Data) Policies Policy Enforcement Engine Policy Engine: enforces policies specified in AB Provides tamper-resistance of AB [4, 1] 15

16 Data Provenance CM monitors each decryption and stores provenance data
Who tried to decrypt data Where did data come from What type (class) of data When Provenance data can be corrupted Send provenance messages to CM via secure protocol (https) Use blockchain in the future to provide provenance data integrity Provenance data itself can be leaked Encrypt it, key is stored at trusted party Provenance data is used to investigate data leakage 16

17 Data Leakage Detection
How can data get leaked by authorized subject? In the form of encrypted data (the whole AB is leaked): Data is protected by AB, but leakage needs to be detected Detection Phase 1: digital watermark can be checked by web crawler to detect copyright violations Detection Phase 2: based on Obligations: how data is used by authorized party? Obligations are enforced by Central Monitor (TTP) when recipient tries to extract data from AB CM checks whether data is supposed to be where they are Based on Discussions with Jason Kobes (NGC) at NGC Symposium 2016 17

18 Data Leakage Detection
CENTRAL MONITOR (CM) P Src ID (of X) Dest ID (of Y) Time Class of data d1 d1 or AB leakage SERVICE A AB AB SERVICE X AB, d1 SERVICE Y AB or d1 AB contains: - Enc [Data(D)] = {Enck1 (d1), ... , Enckn ( dn) } - Access Control Policies (P) = {p1,.., pk} Service X is authorized to read d1 from AB Service X may leak decrypted d1 or entire AB to Y When Y tries to decrypt d1, AB notifies CM CM enforces obligation policies 18 * This work is used in PhD Thesis Proposal of Denis Ulybyshev, Purdue University

19 Data Leakage Detection
Data can get leaked by authorized subject in the form of: Decrypted (raw) data (picture taken on a smartphone camera): Data is not protected by AB anymore Detection based on visual watermarks embedded into data and steganography (e.g. word order encodes valuable info) Decrypted plaintext with watermark removed Can give part of the data only to the requesting service and watch its trust level first 19

20 Data Leakage Mitigation Methods
Layered Approach: Don't give all the data to the requester at once First give part of data (incomplete, less sensitive) Watch how it is used and monitor trust level of using service If trust level is sufficient – give next portion of data Raise the level of data classification to prevent leakage repetition Intentional leakage to create uncertainty and lower data value Use provenance data stored at CM to identify the list of suspects Monitor network messages Check whether they contain e.g. credit card number that satisfies specific pattern and can be validated using regular expressions [4] 20

21 Data Leakage Damage Assessment
After data leakage is detected damage is assessed based on: To whom was the data leaked (unknown service with low trust level vs. service with high level of trust) Sensitivity (Classification) of leaked data (classified vs. unclassified) When was leaked data received (recent or old data) Can other sensitive data be derived from the leaked data (i.e. diagnosis can be derived from leaked medical prescriptions) Damage = K Data is Sensitive * K Service is Malicious * S(t) , where S(t) is the function for data sensitivity in time 21

22 Data Leakage Timing Data-related event (e.g. final exam) occurs at to
Threat from data being leaked before to is high Threat from data being leaked after to: No threat at all Linearly decreases with time Remains constant (for highly-sensitive data) 3 1 2 22

23 Performance overhead (61%) with data leakage detection on / off
Data Leakage Evaluation Performance overhead (61%) with data leakage detection on / off 23

24 Anti - fragility After leakage is detected, make system stronger against other related attacks on privacy Separate compromised role into two: Role and Benign_role Send new certificates to all benign services with Benign_role Create new Active Bundle with new policies, restricting access to Role (e.g. to all doctors from the same hospital with a malicious one) Increase sensitivity level for leaked data items, i.e. for diagnosis Disable “Save As” functionality on local node or exclude highly sensitive data from what can be stored locally 24

25 Encrypted Search over Encrypted Data
Cloud provider hosts database of ABs AB contains data in encrypted form AB has extra-attribute(s) used for indexing (age, diagnosis) Untrusted zone Query example: SELECT ID FROM EHR_DB WHERE age BETWEEN 35 AND 40; Converted query: SELECT c1 FROM Alias1 WHERE ESRCH ( Enc(age), Enc(35, 40) ); Result: {001, 003} ID diagnosis age 001 Insomnia 35 002 Cold-sore HSV1 30 003 Concussion 40 25

26 Deliverables Prototype implementation: Data Leakage prototype
Active Bundle Module AB implementation as an executable JAR file AB API implementation using Apache Thrift RPC framework Source code: Documentation: Deployment and user manual Demo video “Data dissemination and leakage detection” 26

27 Current work: BlockHub
Blockchain-based Software Sharing (WaxedPrune extension) Blockchain-based technology to provide integrity of provenance data Framework for secure cross-domain software development 27

28 Current work: BlockHub
BlockHub can be used for the following: 1. Tracking and control of software components that are shared across multiple countries or security domains. 2. Automating the export auditing and tracking processes. 3. Cross-domain dissemination of encrypted software modules based on role-based and attribute-based access control. 4. Licensing provenance of deployed software components. 5. Enabling software supply chain that is tamper resistant. 6. Software spillage remediation. 28

29 Current work: BlockHub
X and Y can share software via smart contracts running in blockchain network Every request and is logged in the blockchain’s distributed ledger Software is transferred in case when authorization has been granted by both smart contract and policy enforcement engine of the AB (SB) 29

30 Presentations and Publications
“Privacy-Preserving Data Dissemination in Untrusted Cloud” , D. Ulybyshev, B. Bhargava, M. Villarreal-Vasquez, D. Steiner, L. Li, J. Kobes, H. Halpin, R. Ranchal and A. Alsalem. IEEE Cloud 2017 “Policy-based Distributed Data Dissemination,” R. Ranchal, D. Ulybyshev, P. Angin, and B. Bhargava. CERIAS Security Symposium, April 2015 (Best poster award) “Authentication of User’s Device and Browser for Data Access in Untrusted Cloud,” D. Ulybyshev, B. Bhargava, L. Li, J. Kobes, D. Steiner, H. Halpin, B. An, M. Villarreal, R. Ranchal. CERIAS Security Symposium, April 2016. "Cross-Domain Data Dissemination and Policy Enforcement", R. Ranchal, PhD Thesis, Purdue University, June 2015. “Consumer Oriented Privacy Preserving Access Control for Electronic Health Records in the Cloud,” R. Fernando, R. Ranchal. B. An, L. Ben Othmane, B. Bhargava. Submitted to IEEE CLOUD 2016. “A Self-Cloning Agents-based Model for High Performance Mobile-Cloud Computing,” P. Angin, B. Bhargava, and Z. Jin. IEEE CLOUD 2015. Extended WAXEDPRUNE prototype demo video (from NGC Symposium, April 2017) 30

31 Secure/Resilient Systems A Moving Target Defense Solution

32 Collaboration with NGC IRADs and Publications
Internal Research and Development: Cyber Resilient Systems (Daniel Goodwin) Enterprise Resiliency (Frank Wilson) Cloud-based Cyber Resiliency (Carlos Otero) MTD Publications: M. Villarreal-Vasquez, B. Bhargava, P. Angin, N. Ahmed, D. Goodwin, K. Brin and J. Kobes. An MTD-based Self-Adaptive Resilience Approach for Cloud Systems. IEEE CLOUD 2017. N. Ahmed and B. Bhargava. Mayflies: A Moving Target Defense Framework for Distributed Systems. 3rd ACM workshop on MTD in conjunction with ACM Conference on Computer and Communications Security (CCS), Vienna, (Best Paper Award) N. Ahmed and B. Bhargava. Disruption-Resilient Publish/Subscribe: A Moving Target Defense Approach. The 6th International Conference on Cloud Computing and Services Science, CLOSER N. Ahmed and B. Bhargava. Towards Targeted Intrusion Detection Deployments in Cloud Computing. In the Int. Journal of Next-Generation Computing Vol. 6, No 2, IJNGC - JULY 2015. N. Ahmed and B. Bhargava. From Byzantine Fault-Tolerance to Fault-Avoidance: An Architectural Transformation to Attack and Failure Resilience. In IEEE Transactions on Cloud Computing, TCC 2016. N. Ahmed. Design, Implementation, and Experiments for Moving Target Defense. PhD Thesis, Purdue University, 2016. 32

33 Collaboration with NGC IRADs
Cyber Resilient Systems IRAD1: Cyber resiliency is based on the ability of the system to start secure, stay secure and return secure - The system starts with trusted components - Continue to operate maintaining level of trust - Return to trusted state case of an event Start Secure Stay Secure Return Secure 1NGC Cyber Resilient Systems IRAD (Daniel Goodwin) 33

34 Collaboration with NGC IRADs
Enterprise Resiliency IRAD2: Monitoring a family of systems and performing real-time analytics to provide actionable artifacts that can automatically address system anomalies Identifies agnostics technologies and architecture patterns that facilitate solutions to maximize computation resources for the enterprise Enterprise Anomaly Discovery Enterprise Automatic Healing 2NGC Enterprise Resiliency IRAD (Frank Wilson) 34

35 Collaboration with NGC IRADs
Cloud-based Cyber Resiliency IRAD3: Static and dynamic analysis of cloud applications Ensuring integrity during execution 3NGC Cloud-based Cyber Resiliency IRAD (Carlos Otero) 35

36 Outline Problem Statement Research Approach
Benefits of Proposed Research MTD Approach Details MTD Architecture Prototype and Measurements ( Final Report) Methodology Results Current Work

37 Focus: Secure/Resilient Systems
Problem Statement Focus: Secure/Resilient Systems Attack Surface

38 Focus: Secure/Resilient Systems
Problem Statement Focus: Secure/Resilient Systems Attack Surface Replication approaches are used to improve resiliency.

39 Focus: Secure/Resilient Systems
Problem Statement Focus: Secure/Resilient Systems Attack Surface Replication approaches in cloud computing increase the attack surface.

40 Focus: Secure/Resilient Systems
Problem Statement Focus: Secure/Resilient Systems Attack Surface We need resilient/self-healing systems that can accurately detect anomalies and dynamically adapt themselves to keep performing mission-critical functions even under attacks and failures.

41 Focus: Secure/Resilient Systems
Problem Statement Focus: Secure/Resilient Systems Research Question: Is it possible to construct a generic attack-resilient framework for distributed cloud systems with a combination of dynamic network configuration and continuous replacement of virtual machines?

42 Resiliency Solution = Live Monitoring + MTD
Research Approach Resiliency Solution = Live Monitoring + MTD

43 Research Approach “Stay one-step ahead” of sophisticated attack Protect the entire stack through dynamic interval-based spatial randomization Avoid threats in-time intervals rather than defending the entire runtime of systems through Mobility and Direction System will start secure, stay secure and return secure Increase agility, anti-fragility and adaptability of the system Unified generic MTD framework that enables reasoning about behavior of deployed systems on cloud platforms

44 Research Approach Adversaries have an asymmetric advantage: They have the time to study a system, identify its vulnerabilities, and choose the time and place of attack to gain the maximum benefit The idea of moving-target defense (MTD): Imposing the same asymmetric disadvantage on attackers by making systems dynamic and therefore harder to explore and predict

45 Benefits of the Proposed Solution
State of the Art System View: Application OS Network At a given time only some layers of the stack (Application, OS or Network) are checked/ protected Replica Replica Replica 3 Application Randomization Space OS Network Application OS Network Sate Verification Time Intervals (< 1 sec)

46 Benefits of the Proposed Solution
Proposed Solution System View: Application OS Network At a given time all layers of the stack (Application, OS or Network) are checked/protected. Replica Replica Replica 3 Application Randomization Space OS Network Application OS Network 1 2 3 n Sate Verification Time Intervals (< 1 sec)

47 MTD Approach Details Nodes run a distributed application on a given platform for a controlled period of time The running time is chosen in a way that successful ongoing attacks become ineffective The new fresh machine will integrate to the system and continue running the application after its data is updated SDN Network

48 MTD Approach Details Nodes run a distributed application on a given platform for a controlled period of time The running time is chosen in a way that successful ongoing attacks become ineffective The new fresh machine will integrate to the system and continue running the application after its data is updated SDN Network

49 MTD Architecture Components:
(1) Virtual Reincarnation (ViRA) (3) SDN Network Dynamics (2) Proactive Monitoring (4) Systems States and Application Runtime

50 Virtual Reincarnation: ViRA
Randomization and diversification technique where nodes (virtual machines) running a distributed application vanish and reappear on a different virtual state with different guest OS, Host OS, hypervisor, and hardware . Virtualized Environment Improve Resiliency Improve Anti-Fragility

51 Virtual Reincarnation: ViRA
“Active machines are replaced by new ones with a totally new image”

52 SDN Network Dynamics Network devices are reconfigured via OpenFlow on-the-fly New added flows redirect traffic intended for the old machine to the new machine SDN Network

53 SDN Network Dynamics Network devices are reconfigured via OpenFlow on-the-fly New added flows redirect traffic intended for the old machine to the new machine OpenFlow Tables: table=0,priority=0,actions=… : table=1,priority=0,actions=… table=2,ip,nw_dst= ,... SDN Network

54 Prototype and Measurements
Implementation Details A Byzantine fault tolerant (BFT-SMaRt) distributed application was run on a set of Ubuntu (either or randomly selected). VMs are connected with an SDN network using Open vSwitch The reincarnation is stateless The set of new VMs are periodically refreshed to start clean The network is reconfigured using OpenFlow

55 Prototype and Measurements
VM restart time: Time it takes the machine to respond to be full operational since it is started. Virtual creation time: Time to create the new image of the VM. Open vSwitch flow injection time: Time it takes to inject new flows to Open vSwitch Note: The important factor for system downtime here is the Open vSwitch flow injection time, as VM creation and restart take place before the reincarnation process

56 Current Work 2. Live monitoring with AI techniques
1. Current implementation 2. Live monitoring with AI techniques 3. From Stateless to Stateful Virtual Reincarnation

57 Current Work Stateful Virtual Reincarnation Support: We preserve the state of the virtual machine during the reincarnation process to make the solution application- agnostic Test the framework with Secure SOA Services (stateful reincarnation)

58 Stateful Reincarnation Ideas
Current Work Stateful Reincarnation Ideas VM1 VM2 VM3 Quorum D’ D D’’ T T’ T’’ VM4 D’’’ - D*: Synchronized Data - T*: Different version of Text - VM4 replaces VM T’’’

59 Stateful Reincarnation Ideas
Current Work Stateful Reincarnation Ideas Create different versions of binaries The original code is kept and set with read-only permission so that it can be used as part of the reference to the new locations of the blocks in the re-randomized version. We avoid identifying and updating code position pointers in each randomization process by keeping a table of trampolines as shown in (b). Each block is located at a fixed offset (i.e., off_c) with respect to the trampoline table. The pointers (in the original code space) are dynamically redirected to its respective address in the code variant when it is de-referenced Z. Wang, C. Wu, J. Li, Y. Lai, X. Zhang, W. Hsu and Y. Cheng. ReRANZ: A Ligh-Weight Virtual Machine to Mitigate Memory Disclosure Attacks. To appear in VEE2017.

60 Presentations and Publications
NGC Cyber Resilient Systems IRAD ( Enterprise Resiliency IRAD ( M. Villarreal-Vasquez, B. Bhargava, P. Angin, N. Ahmed, D. Goodwin, K. Brin and J. Kobes. An MTD-based Self-Adaptive Resilience Approach for Cloud Systems. IEEE CLOUD 2017. N. Ahmed and B. Bhargava. Mayflies: A Moving Target Defense Framework for Distributed Systems. 3rd ACM workshop on MTD in conjunction with ACM Conference on Computer and Communications Security (CCS), Vienna, 2016. N. Ahmed and B. Bhargava. Disruption-Resilient Publish/Subscribe: A Moving Target Defense Approach. The 6th International Conference on Cloud Computing and Services Science, CLOSER 2016. N. Ahmed. Design, Implementation, and Experiments for Moving Target Defense. PhD Thesis, Purdue University, 2016. N. Ahmed and B. Bhargava. Towards Targeted Intrusion Detection Deployments in Cloud Computing. In the Int. Journal of Next-Generation Computing Vol. 6, No 2, IJNGC - JULY 2015. N. Ahmed and B. Bhargava. From Byzantine Fault-Tolerance to Fault-Avoidance: An Architectural Transformation to Attack and Failure Resilience. In IEEE Transactions on Cloud Computing, TCC 2016. R. Ranchal, D. Ulybyshev, P. Angin, and B. Bhargava. Policy-based Distributed Data Dissemination. CERIAS Security Symposium, April 2015 (Best poster award) V. Pappas, M. Polychronakis and A. Keromytis. Smashing the gadgets: Hindering return-oriented programming using in-place code randomization.” In IEEE Security and Privacy (SP), 2012. L. Chen and A. Avizienis. N-version programming: A fault-tolerance approach to reliability of software operation. Digest of Papers FTCS-8: Eighth Annual International Conference on Fault Tolerant Computing M. Carvalho and R. Ford. Moving-target defenses for computer networks. IEEE Security & Privacy 12.2 (2014).

61 Backup Slides Backup Slides

62 Attribute- and Role-based Data Dissemination
Recipients are authorized for different fragments of EHR EHR is AB, can be sent to Doctor, Insurance, Researcher AUTHENTICATED CLIENT Browser’s Crypto Level: High Authentication Method: Fingerprint Client’s device: Desktop Source network: Corporate Intranet Role: Doctor ACCESSIBLE TEXT EHR Browser’s Crypto Level: Low Authentication Method: Password Client’s device: Mobile Source network: Unknown Role: Insurance Agent INACCESSIBLE TEXT 1 INACCESSIBLE TEXT 2 Q: What if Doctor leaks data to insurance agent for which the agent is not authorized? 77 * Discussed with Donald Steiner (NGC)

63 AB Tamper – Resistance Key is not stored inside AB [2, 4]
Separate symmetric key is used for each separate data value Protection against tampering attacks ensured Aggregation{di} (Execution info; Digest(AB Modules); Resources) Ki di Key Derivation Module DECki (di) Aggregation{di} ( Tampered ( Execution info; Digest(AB Modules); Resources) ) K’i wrong di Key Derivation Module DECk’i (di) * Discussed with Jason Kobes (NGC) 78

64 Attribute-Based Dissemination Evaluation
Performance overhead of Active Bundle with detection of browser's crypto capabilities on / off 79

Download ppt "Secure / Resilient Systems and Data Dissemination / Provenance"

Similar presentations

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Computer Emergency Notification System (CENS)

Computer Emergency Notification System (CENS)
Privacy Preserving Cross-Domain Data Dissemination (with adaptable service selection) Northrop Grumman TechFest June 2015 PI: Prof. Bharat Bhargava Purdue.

Privacy Preserving Cross-Domain Data Dissemination (with adaptable service selection) Northrop Grumman TechFest June 2015 PI: Prof. Bharat Bhargava Purdue.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.

Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.

Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Module 7 Planning and Deploying Messaging Compliance.

Module 7 Planning and Deploying Messaging Compliance.
Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.

Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Security Vulnerabilities in A Virtual Environment

Security Vulnerabilities in A Virtual Environment
Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.

Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.

Similar presentations

Ads by Google