Data and Applications Security (DAS) Research

at UTD

Dr. Bhavani Thuraisingham

20 June 2006

1-204/19/23 18:07

Memorandum

0 This presentation reflects our team's intentions for Data and Applications (DAS) research at UTD and will continue to evolve and could change to meet conditions and uncertainties that could be prevalent in the future.

0 It is the intent of the DAS team to make UTD the premier research university in DAS for government and industry.

0 DAS research areas and funding projections are based on current trends and are not intended to be the final version. Values and numbers given are only estimates and they involve assumptions.

0 Statements made in this presentation are forward-looking statements. Such statements are not guarantees of future performance.

1-304/19/23 18:07

Outline

0 What is Data and Applications Security (DAS)?

0 How does DAS fit in within Cyber Security?

0 Strength of UTD in DAS

0 What are UTD’s major areas in DAS?

- Will elaborate on some of the areas

0 Who are our major collaborators?

0 What is our current funding?0 What investments do we need and potential sources of support?0 Who are our “Other Sources”?0 What Technical/Professional Accomplishments do we want to

achieve in the next 3-5 years?

1-404/19/23 18:07

What is DAS?Integrates Information Security and Data Management

AccessControlPoliciesPrivacyTrust

Discretionary andMultilevel securitySecure relational, distributed and OO systems, Query, transactions

Secure warehouses,Mining systems,Privacy preserving data miningSecure digital Libraries, sensorsSemantic webs

Components of

Securing data, information and knowledge systems and applications

Vulnerability analysis:Applications of data mining inWorm, Intrusion detection

Secure applications:BiometricsDigital forensicsElectronic voting machines

Details in my book #7

1-504/19/23 18:07

How does DAS fit in within Cyber Security

Data andApplicationsSecurity(DAS)

Network Security(Securing networks including secure protocols and communications)

Operating systems(securing resources such as files, interposes communication)

Components of

Cyber SecurityAlso calledInformation Security

Secure Middleware:Secure object request brokersJ2EE security

Cross cutting themes:Security and economicsSecure sensorsAccess controlVulnerabilities

Details in my book #7

1-604/19/23 18:07

Strength of UTD in DAS0 UTD is one of the top three leaders in DAS (others Purdue and GMU)

0 Bhavani Thuraisingham is considered a leading expert in DAS

- Early contributor; worked in the field for 21 years

- Comprehensive book in DAS

- Invited to over 30 keynote addresses over the past 12 years

- Advisor to govt sponsors while at MITRE

- Strong in related technologies including data mining, information management and overall cyber security

0 UTD also has a strong primary and supporting team in this area

- Key players: Latifur and Murat in data mining and DAS

- Others: Kevin Hamlen, I-Ling, Prabhakaran, Kang, Weili

=Theory, Web services, Motion data, Visualization, Geospatial

1-704/19/23 18:07

What are UTD’s Major Areas in DAS?

0 Assured Information Sharing (Very Strong)

0 Security for semantic web (Very Strong)

0 Secure Geospatial Information Management (Very Strong)

0 Data Mining for Cyber Security Applications (Strong - Latifur)

0 Data Mining for National Security Applications (Strong)

0 Privacy Preserving Data Mining (Strong - Murat)

0 Secure Data Grid (Strong – I-Ling)

0 Data Integrity and Provenance (Strong – Murat)

0 Secure sensor information management (Strong)

0 Foundations (Strong - Kevin)

0 Other areas: Biometrics, Dependability (Medium)

- Biometrics, - - -

Very strong = Pioneer, Strong = Leader, Medium = One of many

Next 3 charts will elaborate on the areas we are very strong; where are we? Where do we want to go?

1-804/19/23 18:07

Assured Information Sharing: Where are we? Where do we want to go? (Bhavani, Latifur, Murat)

PublishData/Policy

ComponentData/Policy for Agency A

Data/Policy for Coalition/ Extract patterns

PublishData/Policy

ComponentData/Policy for Agency C

ComponentData/Policy for Agency B

PublishData/Policy

Where are we?

We are examining

3 cases:

Friendly partners; Semi-

honest partners;

Untrustworthy partners

Techniques: data mining

and policy enforcement,

game theory, worm

detectionWhere do we want to go?Build a testbed/lab for AIS so that organizations share text, relations,

images, video, geospatial data, carry out analysis and enforce policies for all 3 cases

1-904/19/23 18:07

Our Research in Secure Geospatial Data Management: Where are we? Where do we want to go? (Latifur, Bhavani)

Data Source A

Data Source B

Data Source CSECURITY/ QUALITY

Semantic Metadata ExtractionDecision Centric Fusion Geospatial data interoperability through web servicesGeospatial data miningGeospatial semantic web

Tools for Analysts

Where are we? Building the pieces in the blue box and developing geospatial semantic web technologies

Where do we want to go/Use the testbed developed for AIS to test out algorithms for geospatial data interoperab9lity and security

1-1004/19/23 18:07

Secure Semantic Web: Where are we? Where do we want to go? (Bhavani, Latifur)

0 Where do we want to go

0Need to develop an integrated secure system / Testbed

XML, XML Schemas

Rules/Query

Logic, Proof and TrustTRUST

CONFIDENTILAITY

RDF, Ontologies

URI, UNICODE

PRIVACY

0Machine Understandable Web Pages

0What are we doing: CPT Policy enforcement (Confidentiality, Privacy, Trust)

1-1104/19/23 18:07

Who are our major collaborators?

AIS

Geospatial

Semantic web

Data mining

For cyber sec.

Data mining

for national sec.

Privacy

Provenance and

Integrity

Secure Grid

Sensor info

Other

UCD UMBC UGA LSU UTA UVA UIUCPurdue GMU

X

X

x

X

X

X

X

X

XX

X

X X

X

XX

We are also writing some papers with UCI, UCF, WVU, PSU, UNC-CharlotteForeign collaborators: U. of Nottingham, Kings College, UK

1-1204/19/23 18:07

Where is our funding coming from (since October 2004; jointly with Latifur, Murat)

AIS

Geospatial

Semantic web

Data mining

For cyber sec.

Data mining

for national sec.

Privacy

Provenance and

Integrity

Secure Grid

Sensor info

Other

Raytheon NSF CongressAFOSR AFRL

300K

120K

DTO

100K 300K

500K

200K

Black: Current External, Red: Verbal confirmation with sponsor, Purple: Hoping to get funding 2006; Green: Cost share, Internal, Startup (Bhavani only)Some funding of others (e.g., Murat’s startup) are not included

100K

Int./St.up

150K

90K

70K

60K

60K

50K

30K

40K

120K

20K

20K

1-1304/19/23 18:07

What investments do we need and potential sources of support?

AIS

Geospatial

Semantic web

Data mining

For cyber sec.

Data mining

for national sec.

Privacy

Provenance and

Integrity

Secure Grid

Sensor info

Other

NSF MURITotal Infrastructure

$4m

$500K

Other sources are agencies and consortium; e.g. with OGC proposals to NGAPrivacy is mainly Murat’s area with some support from BhavaniCurrently 2m is a line item in the budget for secure grid; 500K/yr to UTD

Other sources UTD

$3m$1m

$700K

$700K

$500K

400K

$1m

$500K $1m $500K $2 m

$1m $1.5m

$500K $500K

$350K $350K

$350K $350K

$400KCongress TBD

TBD TBD

250K 150K

300K 100KTBD

1-1404/19/23 18:07

“Other Sources” : Agencies and Consortia0 Agencies:

- We are establishing very good connections with AF (AFOSR and AFRL); also well connected for a MURI for AF. Next step is to follow up on contacts with Army and Navy

- Also establishing contacts with DHS, DTO, CIA, NSA; we are identifying areas of mutual interest

0 Consortia

- One consortium we are forming is with NGA, Oracle, Raytheon; we are working on proposal to NGA on interoperability

- A goal is to establish a UTD-consortium with industry and get them to join the consortium for a fee. This is one my main objectives for FY07

0 Congressional Funds

- Once we get started on this, we would like to go after center scale projects

1-1504/19/23 18:07

What other resources do we need?0 Three more faculty in DAS, Digital Forensics, Data Mining either

assistant or associate professor level from top schools –

- Stanford, CMU, Berkeley for data mining

- Include UIUC, Purdue and GATech for DAS and Digital Forensics

0 Laboratory space to build an open test bed / laboratory so that we become a showcase for the government in AIS and related areas

- Demonstrate Assured Information Sharing with data (text, images, etc.) coming from different sources and demonstrate through semantic web technologies (sort of a war room)

- Will use SAIAL resources as needed

0 Secretary for managing our papers, open source, patents, projects

1-1604/19/23 18:07

What Technical/Professional Accomplishments do we want to achieve in the next 3-5 years?

Publications in top journals and conferencesIEEE/ACMKeynotes

Senior member ofIEEE, IEEE/ACM Fellows, International awardsConference chairs

Develop open sourceSoftware, PatentsTechnology transfer to companiesGovernmentTest beds

Components of

We hope UTD Research in DAS will result in the following

Consortia/Standards:e.g., OGC, Oracle, Raytheon consortia;DETER community

Books based on PhD thesise.g., Contract signedFor book #1 on data mining applicationsAwad, Khan and Thuraisingham

UTD DAS Team will work together to establish A government Southwest Research Center in this areaFor the govt.