Presentation is loading. Please wait.

Presentation is loading. Please wait.

Assured Information Sharing. Prof. Bhavani Thuraisingham and Prof. Latifur Khan The University of Texas at Dallas Prof. Ravi Sandhu George Mason University.

Published byScarlett Webster Modified over 8 years ago

Similar presentations

Presentation on theme: "Assured Information Sharing. Prof. Bhavani Thuraisingham and Prof. Latifur Khan The University of Texas at Dallas Prof. Ravi Sandhu George Mason University."— Presentation transcript:

1 Assured Information Sharing

2 Prof. Bhavani Thuraisingham and Prof. Latifur Khan The University of Texas at Dallas Prof. Ravi Sandhu George Mason University August 2006 Information Operation Across Infospheres: Assured Information Sharing

3 Acknowledgements Students –UTDallas Dilsad Cavus (MS, Data mining and data sharing) Srinivasan Iyer (MS, Trust management) Ryan Layfield (PhD, Game theory) Mehdi (PhD, Worm detection) –GMU Min (PhD, Extended RBAC) Faculty and Staff –UTDallas Prof. Murat (Game theory) Dr. Mamoun Awad (Data mining and Data sharing) Project supplemented by Texas Enterprise Funds

4 Architecture Export Data/Policy Component Data/Policy for Agency A Data/Policy for Federation Export Data/Policy Component Data/Policy for Agency C Component Data/Policy for Agency B Export Data/Policy

5 Our Approach Integrate the Medicaid claims data and mine the data; next enforce policies and determine how much information has been lost by enforcing policies Examine RBAC and UCON in a coalition environment Apply game theory and probing techniques to extract information from non cooperative partners; conduct information operations and determine the actions of an untrustworthy partner. Defensive and offensive operations

6 Coalition for Assured Information Sharing A coalition is formed by related entities like Medical care facilities and Health insurance companies to share information within themselves and to selected outsiders in a secure manner. Each of these entities can specify policies for access control through the coalition. The coalition provides controlled access to information in the database after enforcing policies generated by the entity owning the database.

7 Example Consider a set of hospitals: {H1, H2, … Hn} and a set of Health Insurance agencies {I1, I2, … In}. Each of these hospitals and insurance companies can be an entity in a Coalition. The Coalition server provides a single point of access for databases owned by each of the member entities. Each of these entities provides a policy file to the company/individual hosting the Coalition server.

8 Example … continued Situation – 1 When registering a client, an insurance agency I5 might want to ensure that the applicant does not have an active insurance coverage from any other insurance agency. A web service agent from the insurance company I5 issues a request to the Coalition server to verify this. - Using the applicant’s SSN, the web service agent can query each of the other insurance agency databases to retrieve records of active insurance coverage for the client with the specified SSN.

9 Coalition Architecture

10 Architectural Elements – 1 Web Service Agent:  Formulates a request and sends the request to the Response Engine  Receives response from the Response Engine and uses it to provide the appropriate service.  The aim of the web service agent is to obtain as much information as possible.

11 Architectural Elements – 2 Response Engine: Policy Enforcement Point (PEP):  Enforces policies on requests sent by the Web Service.  Translates this request into an XACML request; sends it to the PDP. Policy Decision Point (PDP):  Makes decisions regarding the request made by the web service.  Conveys the XACML request to the PEP.

12 Architectural Elements – 3 Coalition ( Policy files + Database) Policy Files:  Policy Files are written in XACML policy language.  Policy Files specify rules for “Targets”. Each target is composed of 3 components: Subject, Resource and Action; each target is identified uniquely by its components taken together. The XACML request generated by the PEP contains the target. The PDP’s decision making capability lies in matching the target in the request file with the target in the policy file.  These policy files are supplied by the owner of the databases (Entities in the coalition). Databases:  The entities participating in the coalition provide access to their databases.

13 Screenshots - 1

14 Screenshots - 2

15 Screenshots - 3

16 Enforcing Honesty Everyone has a choice: –Tell the truth –Lie Distributed Behavior Enforcement –Non-trivial to implement –Difficult to guarantee –Examples: BitTorrent, P2P Networks, etc. Unless we can afford to have a neutral 3 rd party that everyone can agree on, we need some way of enforcing ‘good’ behavior

17 Punishment However, there is a third option: refuse to participate –Usually not researched –Drastic measure that only makes sense if we can influence behavior Our modeling suggests that, with proper use of refusal, we can ultimately enforce helpful behavior without a managing agent

18 Evolutionary Strategy Every 200 rounds, we create a new generation of agents, using the most successful strategies available The fitness f() of a given agent is a function of how well they have performed during interaction with other agents –More successful agents have a higher probability of being a part of the next generation    n i i i i select af af ap 0 )( )( )(

19 Our Work Our mathematical models suggest that, assuming we punish by cutting off communication, the equilibrium is to always tell the truth Therefore, using an evolutionary environment, we have placed our particular rationality amongst a heterogeneous pool of competing ideologies –Tit-For-Tat: A famous algorithm that simply mirrors the last move an opponent made –Random: An agent that selects it’s strategy with a 50/50 chance –Casual Liar: Like our agent, but lies with a 10% probability –Subtle Liar: Like our agent, but chooses to lie when it perceives the piece being traded is of significant value With equal parts given to each agent, which one will emerge victorious?

20 Results

21 Centralized Reputations in Decentralized P2P Networks Nathalie Tsybulnik, Kevin W. Hamlen, Bhavani Thuraisingham

22 Motivation P2P Systems offer few security guarantees Shared data has low confidentiality Shared data has low integrity Easy for malicious peers to propagate malicious code

23 Introducing Penny A P2P Network that addresses the following types of attacks: –Spread of corrupt or incorrect data –Attaching incorrect labels to data –Discovering which peers own particular data –Generating a list of all peers who own particular data

24 Penny P2P Network that supports shared data labeling of: –Confidentiality –Integrity Peers can share data without revealing which data object they own Security labels are global but do not require a centralized server

25 Penny (Cont’d) P2P Network uses reputation-based trust management system –Store/retrieve labels –Despite malicious peer existence Maintain efficiency of network operations O(log N)

Download ppt "Assured Information Sharing. Prof. Bhavani Thuraisingham and Prof. Latifur Khan The University of Texas at Dallas Prof. Ravi Sandhu George Mason University."

Similar presentations

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
0 McLean, VA August 8, 2006 SOA, Semantics and Security.

0 McLean, VA August 8, 2006 SOA, Semantics and Security.
Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.

Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar(96608205043) C.Karthik(96608205022) H.Sheik mohideen(96608205046) S.Lakshmi rajan(96608205023)

Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar( ) C.Karthik( ) H.Sheik mohideen( ) S.Lakshmi rajan( )
On the Economics of P2P Systems Speaker Coby Fernandess.

On the Economics of P2P Systems Speaker Coby Fernandess.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.
Configuration Management

Configuration Management
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.
Extended Role Based Access Control – Based Design and Implementation for a Secure Data Warehouse Dr. Bhavani Thuraisingham Srinivasan Iyer.

Extended Role Based Access Control – Based Design and Implementation for a Secure Data Warehouse Dr. Bhavani Thuraisingham Srinivasan Iyer.
Database Design - Lecture 1

Database Design - Lecture 1
Research Paper Presentation Software Engineering in agent systems.

Research Paper Presentation Software Engineering in agent systems.
1 Confidentiality and Trust Management in a Coalition Environment Lecture #11 Dr. Bhavani Thuraisingham February 13, 2008 Data and Applications Security.

1 Confidentiality and Trust Management in a Coalition Environment Lecture #11 Dr. Bhavani Thuraisingham February 13, 2008 Data and Applications Security.
 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.

 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.
Evaluation and Testbed Development Bhavani Thuraisingham The University of Texas at Dallas Jim Massaro and Ravi Sandhu.

Evaluation and Testbed Development Bhavani Thuraisingham The University of Texas at Dallas Jim Massaro and Ravi Sandhu.
Information Operation across Infospheres: Assured Information Sharing Prof. Bhavani Thuraisingham Prof. Latifur Khan Prof. Murat Kantarcioglu Prof. Kevin.

Information Operation across Infospheres: Assured Information Sharing Prof. Bhavani Thuraisingham Prof. Latifur Khan Prof. Murat Kantarcioglu Prof. Kevin.
Data and Applications Security Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security August.

Data and Applications Security Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security August.
Data Warehousing Data Mining Privacy. Reading Bhavani Thuraisingham, Murat Kantarcioglu, and Srinivasan Iyer. 2007. Extended RBAC-design and implementation.

Data Warehousing Data Mining Privacy. Reading Bhavani Thuraisingham, Murat Kantarcioglu, and Srinivasan Iyer Extended RBAC-design and implementation.
Announcements. Data Management Chapter 12 Traditional File Approach  Structure Field  Record  File  Fixed All records have common fields, and a field.

Announcements. Data Management Chapter 12 Traditional File Approach  Structure Field  Record  File  Fixed All records have common fields, and a field.

Similar presentations

Ads by Google