cs 6393: cyber security models and systems cyber security … · 2020. 1. 24. · cyber center for...
TRANSCRIPT
CS 6393: Cyber Security Models and Systems
Cyber Security Perspective
Ravi Sandhu
Lecture 1Spring 2020
World-Leading Research with Real-World Impact!1
© Ravi Sandhu
World-Leading Research with Real-World Impact!2
© Ravi Sandhu
Cyber Security at UTSA
Human Development
School of Data Science
SciencesBusiness
Engineering
ArtsEducation
…….
Institute for Cyber SecurityCenter for Infrastructure Assurance …
Cyber Center for Security AnalyticsOpen Cloud Institute
National Security Collaboration Center
Human Development
School of Data Science
Cyber OperationsCyber Defense ResearchCyber Defense Education
A strategic priority since 2000
World-Leading Research with Real-World Impact!3
© Ravi Sandhu
ICS & C-SPECC
World-Leading Research with Real-World Impact!4
© Ravi Sandhu
ICS Mission and History
MISSIONSustained excellence in graduate-level sponsored research
2012-2017Graduated to a self-sustaining operation
2007-2012Founded by start-up funding from State of Texas
2017-2022Major expansion by winning NSF C-SPECC grant
In collaboration with:College of EngineeringCollege of BusinessCollege of EducationOpen Cloud InstituteCyber Center for Security & AnalyticsPartnership with 4 NISD High Schools:Harlan, Woodson, Taft, Business Careers
Established world class laboratories for:Secure cloud computing &Malware research
World-Leading Research with Real-World Impact!5
© Ravi Sandhu
Natural vs Cyber Science
Elephant Problem Cyber-Elephant Problem
Applied vs Foundational Science: Cyber-elephants require applied and foundational combined
Present vs Future Focus: Rapidly evolving cyber-elephants require future focus
World-Leading Research with Real-World Impact!6
© Ravi Sandhu
Holistic Cyber Security
PROTECT
DETECT
Complement
How?
POLICY ATTACKS
What? Why?
Enforce
Enable
Defend
Respond
Objectives
Mechanisms
World-Leading Research with Real-World Impact!7
© Ravi Sandhu
Security Objectives
INTEGRITYmodification
AVAILABILITYaccess
CONFIDENTIALITYdisclosure
Control of read and write is fundamental to all three
World-Leading Research with Real-World Impact!8
© Ravi Sandhu
Security Objectives
INTEGRITYmodification
AVAILABILITYaccess
CONFIDENTIALITYdisclosure
USAGEpurpose
Covers privacy and intellectual property
protection
World-Leading Research with Real-World Impact!9
© Ravi Sandhu
Security Objectives
INTEGRITYmodification
AVAILABILITYaccess
CONFIDENTIALITYdisclosure
USAGEpurpose
USAGE
World-Leading Research with Real-World Impact!10
© Ravi Sandhu
Security is Dynamic
“My dear, here we must run as fast as we can, just to stay in place. And if you wish to go anywhere you must run twice as fast as that.”
― Lewis Carroll, Alice in Wonderland
World-Leading Research with Real-World Impact!11
© Ravi Sandhu
Low Assurance Systems
The ATM (Automatic Teller Machine) system is secure enough global in scope Similarly on-line banking e-commerce payments
World-Leading Research with Real-World Impact!12
© Ravi Sandhu
High Assurance Systems
US President’s nuclear football Secret formula for Coca-Cola
World-Leading Research with Real-World Impact!13
© Ravi Sandhu
Cyber SecurityFundamental Limits
Copy control Inference Analog hole Trusting humans vs trusting software Trusted computing base vulnerabilities Side channels and covert channels …………….
World-Leading Research with Real-World Impact!14
© Ravi Sandhu
Cyber Security?
Computer security Information security = Computer security + Communications security
Information assurance Cyber SecurityIncludes cyber physical
World-Leading Research with Real-World Impact!15
© Ravi Sandhu
Cyber Security?
Computer security Information security = Computer security + Communications security
Information assuranceMission assuranceIncludes cyber physical
World-Leading Research with Real-World Impact!16
© Ravi Sandhu
Other Securities?
Data Security Network Security Operating System Security Privacy ………….
World-Leading Research with Real-World Impact!17
© Ravi Sandhu
Privacy vs Security
Security Privacy
Security
Privacy Security =Privacy
Security Privacy
Privacy
Security
World-Leading Research with Real-World Impact!18
© Ravi Sandhu
Privacy vs Security
Security Privacy
Security
Privacy Security =Privacy
Security Privacy
Privacy
Security