Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security R&D: A Personal Perspective

Published byLester Simmons Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyber Security R&D: A Personal Perspective"— Presentation transcript:

1 Cyber Security R&D: A Personal Perspective
Ravi Sandhu Executive Director Professor of Computer Science Lutcher Brown Chair in Cyber Security May 2019 © Ravi Sandhu World-Leading Research with Real-World Impact!

2 Excellence in graduate-level sponsored research
ICS Facts and Figures MISSION Excellence in graduate-level sponsored research PAST SYNOPSIS Founded: 2007 PhDs graduated: 25 External funding raised: $22M CURRENT STATUS Faculty affiliates: 20 College of Sciences: 8, Engineering: 5, Business: 5, Education: 2 Includes 6 with research fully managed through ICS Current PhD students: 32 College of Sciences: 22, Engineering: 7, Business: 2, Education: 1 Domestic: 17 Foreign: 15 Current non-PhD students: 8 Domestic: 7 Foreign: 1 © Ravi Sandhu World-Leading Research with Real-World Impact!

3 Holistic Cyber Security Research
Objectives POLICY ATTACKS What? Why? Enforce Enable Defend Respond PROTECT DETECT Complement How? Mechanisms © Ravi Sandhu World-Leading Research with Real-World Impact!

4 Holistic Cyber Security Research
Objectives POLICY ATTACKS What? Why? Enforce Enable Defend Respond Requires Institute Level Effort World Class Laboratories Global Collaborative Connections PROTECT DETECT Complement How? Mechanisms © Ravi Sandhu World-Leading Research with Real-World Impact!

5 ICS Major Research Thrusts
APPLICATION DOMAINS Cloud Computing, Internet of Things (IoT), Social Media, Big Data, Mobile Platforms, Enterprise, Insider Threat, Scientific Infrastructure, Smart Homes, Smart Cities, Smart Cars etcetera WORLD CLASS LABS FlexCloud Flex Farm FOUNDATIONAL TECHNOLOGIES Access Control, Policy, Malware, Forensics, Blockchain, Artificial Intelligence, Machine Learning, Data Provenance, Formal Methods etcetera Goal: Broaden and Deepen © Ravi Sandhu World-Leading Research with Real-World Impact!

6 World-Leading Research with Real-World Impact!
Security Objectives INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure © Ravi Sandhu World-Leading Research with Real-World Impact!

7 Covers privacy and intellectual property protection
Security Objectives USAGE purpose Covers privacy and intellectual property protection INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure © Ravi Sandhu World-Leading Research with Real-World Impact!

8 World-Leading Research with Real-World Impact!
Security Objectives USAGE purpose USAGE INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure © Ravi Sandhu World-Leading Research with Real-World Impact!

9 with non-Security Objectives
Cannot have it all Need to reconcile with non-Security Objectives Cost Convenience Growth CIAU Safety © Ravi Sandhu World-Leading Research with Real-World Impact!

10 World-Leading Research with Real-World Impact!
Cyber Security Goal Enable system designers and operators to say: This system is secure This system is as secure as it needs to be and no more Not attainable Many successful examples © Ravi Sandhu World-Leading Research with Real-World Impact!

11 Cyber Security is Dynamic
“My dear, here we must run as fast as we can, just to stay in place. And if you wish to go anywhere you must run twice as fast as that.” ― Lewis Carroll, Alice in Wonderland © Ravi Sandhu World-Leading Research with Real-World Impact!

12 Cyber Security Big Trends
Single enterprise Cyber only Configured Static Experts Fractured Multiple interacting parties Cyber physical Automated Adaptive Naïve users Seamless © Ravi Sandhu World-Leading Research with Real-World Impact!

13 Cryptography Symmetric Key Cryptography, 1977
Asymmetric Key Cryptography, 1996 BlockChain Applications, ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

14 Access Control Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

15 Discretionary Access Control (DAC)
Core concept: Custodian of information determines access Core drawback: Does not protect copies Therefore OK for integrity but not for confidentiality © Ravi Sandhu World-Leading Research with Real-World Impact!

16 Mandatory Access Control (MAC)
Top Secret Secret Confidential Unclassified can-flow © Ravi Sandhu World-Leading Research with Real-World Impact!

17 Mandatory Access Control (MAC)
Core concept: Extend control to copies by means of security labels Core drawback: Covert channels can make copies that bypass this control © Ravi Sandhu World-Leading Research with Real-World Impact!

18 Access Control Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

19 Role-Based Access Control (RBAC)
Primary-Care Physician Specialist Physician Physician Health-Care Provider © Ravi Sandhu World-Leading Research with Real-World Impact!

20 Role-Based Access Control (RBAC)
Core concept: Roles determine everything Core drawback: Roles are a natural concept for human users But not so natural for: Information objects IoT things Contextual attributes © Ravi Sandhu World-Leading Research with Real-World Impact!

21 Role-Based Access Control (RBAC)
Fundamental theorem of RBAC: RBAC can be configured to do DAC RBAC can be configured to do MAC © Ravi Sandhu World-Leading Research with Real-World Impact!

22 Access Control Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

23 Attribute-Based Access Control (ABAC)
Operation Access Decision? Yes/No Actor Target Context © Ravi Sandhu World-Leading Research with Real-World Impact!

24 Attribute-Based Access Control (ABAC)
Core concept: Attributes determine everything Core drawback: Flexibility at the cost of complexity No fixed access decision rule © Ravi Sandhu World-Leading Research with Real-World Impact!

25 Access Control Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

26 Access Control PEI Layers
Idealized Enforceable (Approximate) Codeable © Ravi Sandhu World-Leading Research with Real-World Impact!

27 ICS Major Research Thrusts
APPLICATION DOMAINS Cloud Computing, Internet of Things (IoT), Social Media, Big Data, Mobile Platforms, Enterprise, Insider Threat, Scientific Infrastructure, Smart Homes, Smart Cities, Smart Cars etcetera WORLD CLASS LABS FlexCloud Flex Farm FOUNDATIONAL TECHNOLOGIES Access Control, Policy, Malware, Forensics, Blockchain, Artificial Intelligence, Machine Learning, Data Provenance, Formal Methods etcetera Goal: Broaden and Deepen © Ravi Sandhu World-Leading Research with Real-World Impact!

28 Cloud-Enabled IoT (CE-IoT)
a) Access Control Oriented (ACO) Architecture b) Enhanced ACO (E-ACO) Architecture © Ravi Sandhu World-Leading Research with Real-World Impact!

29 CE-IoT Enforcement Model
Certificate and Crypto Based Communication control Attribute-Based Communication Control CCP Bandwidth and Latency User-Centric Privacy CCP CCP © Ravi Sandhu World-Leading Research with Real-World Impact!

Download ppt "Cyber Security R&D: A Personal Perspective"

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.

INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
© 2006 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,

© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013

1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,

1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.

1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Future of Access Control: Attributes, Automation, Adaptation

Future of Access Control: Attributes, Automation, Adaptation
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.

1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.

INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015

1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011

1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

Similar presentations

Ads by Google