MMM-2003 - Keynote Speakers

Shiu-Kai Chin. Professor of Computer Science, Meredith Professor for Teaching Excellence, Center for Science and Technology, Syracuse University, NY, USA
Implementing a Calculus for Distributed Access Control in Higher Order Logic and HOL (abstract)

Nasir Memon. Assistant Professor, Polytechnic University Brooklyn, NY, USA
ForNet: A Distributed Network Forensics System (abstract)

Ravi Sandhu. Professor of Computer Science, George Mason University, USA
Usage Control: A vision for next generation access control (abstract)

Anatol' O. Slissenko. Professor of Computer Science, LACL, University Paris 12, France and SPIIRAS, St. Petersburg, Russia
Complexity Problems in the Analysis of Information Systems Security (abstract)

Salvatore J. Stolfo. Professor of Computer Science, Department of Computer Science Columbia University, USA
Behavior-based Computer Security (abstract)

Shambhu Upadhyaya. Associate Professor of Computer Science and Engineering and Director, Center of Excellence in Information Systems Assurance Research and Education, University at Buffalo, NY, USA
Real-Time Intrusion Detection with Emphasis on Insider Attacks (abstract)

Salvatore J. Stolfo
Professor of Computer Science
Department of Computer Science Columbia University

Behavior-based Computer Security

Abstract. Behavior-based security systems defend and protect systems not solely by attempting to identify known attacks using signatures or rules, but rather by detecting deviations from a system's normal behavior. Many approaches to "anomaly detection" have been proposed, including research systems that aim to detect masqueraders by modeling user command line sequences, or deviations in normal system level call sequences. In our work, we have applied anomaly detection algorithms to many detection tasks, including anomalous Windows registry accesses, file system anomalies, malicious email and stealthy reconnaissance.
The Malicious Email Tracking system (MET) is an online monitoring system to protect user email accounts by modeling user email flows to detect malicious email attachments, including policy violations as well as viral propagations that are not detectable or traceable via signature-based detection methods. The principles behind MET's operation is to model email flows to and from particular individual email accounts, including typical usage patterns of emails and attachment flow statistics across an enterprise. The statistics MET gathers may be used to determine "social clique and communication communities" of accounts that typically exchange emails, and the frequency of messages and the typical times and days those messages are exchanged. All this information can be used to model an account or a population of accounts to determine typical behaviors that may be used to detect deviations of interest, such as the propagation of an email virus within that population.
The Email Mining Toolkit (EMT) is an offline data mining toolkit that computes these behavior models for deployment in the online MET monitor. EMT will be demonstrated during the talk.

Ravi Sandhu
Professor of Computer Science
George Mason University

Usage Control: A vision for next generation access control

Abstract. The term usage control is a generalization of access control to cover obligations, conditions, ongoing controls and mutability. Traditionally, access control has dealt only with authorization decisions on users' access to target resources. Obligations are requirements that have to be fulfilled by the subject for allowing access. Conditions are subject and object-independent environmental requirements that have to be satisfied for access. In today's highly dynamic, distributed environment, obligations and conditions are also crucial decision factors for richer and finer controls on usage of digital resources. Traditional authorization decisions are generally made at the time of requests but hardly recognize ongoing controls for relatively long-lived access or for immediate revocation. Moreover, mutability issues that deal with updates on related subject or object attributes as a consequence of access have not been systematically studied. In this talk we motivate the need for usage control and show how it encompasses traditional access control, such as mandatory, discretionary and role-based access control, and more recent requirements such as trust management, digital rights management and privacy.

Anatol' O. Slissenko
Professor of Computer Science
LACL, University Paris 12, France and SPIIRAS, St. Petersburg, Russia

Complexity Problems in the Analysis of Information Systems Security

Abstract. The talk is a survey of complexity problems that concern the analysis of information systems security. "The analysis" means here mainly proving the requirements properties. Though the complexity aspects of cryptology is not a topic of the talk, some concepts and questions of this field will be discussed, as they are, or may be, relevant to the security concepts of general interest. We discuss the decidability and complexity of the analysis of cryptographic protocols, of the analysis of the problem of access to information systems and the complexity of detection of some types of attacks. We argue that many negative results like undecidability or high lower bounds, though of a theoretical importance, are not quite relevant to the analysis of practical systems. In conclusion there will be presented some properties of realistic systems that could be taken into account in order to try to obtain more adequate complexity results. Conceptual problems, like the notion of reducibility that preserves security, will be touched.

N.Memon
Assistant Professor
Polytechnic University Brooklyn, NY

ForNet: A Distributed Network Forensics System

Abstract. Networks have become ubiquitous and part of the global critical infrastructure. Mitigating threats to networks has become one of the most important missions of several government and private entities. However, from recent attacks on our critical network infrastructures it is evident that we are not only unable to prevent attacks but also, in many cases, unable to identify the perpetrators. Therefore, in addition to mitigating potential threats, the ability to identify and successfully prosecute malicious attacks is also critical to the security and survival of networks. In this talk, we describe a distributed approach to network forensics and we identify challenging problems that need to be addressed in order to improve our ability to attribute attacks to perpetrators. We then describe ForNet, a general, scalable platform for deploying a system that would significantly aid in network forensics.

Shiu-Kai Chin
Professor of Computer Science, Meredith Professor for Teaching Excellence
Center for Science and Technology, Syracuse University

Implementing a Calculus for Distributed Access Control in Higher Order Logic and HOL

Thumrongsak Kosiyatrakul, Susan Older, Polar Humenn, and Shiu-Kai Chin
Systems Assurance Institute. Syracuse University, Syracuse, New York 13244, USA

Abstract. Access control determining which requests for services should be honored or not—is particularly difficult in networked systems. Assuring that access-control decisions are made correctly involves determining identities, privileges, and delegations. The basis for making such decisions often relies upon cryptographically signed statements that are evaluated within the context of an access-control policy.
An important class of access-control decisions involves brokered services, in which intermediaries (brokers) act on and make requests on behalf of their clients. Stock brokers are human examples; electronic examples include the web servers used by banks to provide the online interface between bank clients and client banking accounts. The CORBA (Common Object Request Broker Architecture) CSIv2 (Common Secure Interoperability version 2) protocol is an internationally accepted standard for secure brokered services [CSI01]. Its purpose is to ensure service requests, credentials, and access-control policies have common and consistent interpretations that lead to consistent and appropriate access-control decisions across potentially differing operating systems and hardware platforms. Showing that protocols such as CSIv2 fulfill their purpose require reasoning about identities, statements, delegations, authorizations, and policies and their interactions.
To meet this challenge, we wanted to use formal logic to guide our thinking and a theorem prover to verify our results. We use a logic for authentication and access control [LABW92,ABLP93, WABL94] that supports reasoning about the principals in a system, the statements they make, their delegations, and their privileges. To assure our reasoning is correct; we have implemented this logic as a definitional extension to the HOL theorem prover [GM93]. We describe this logic, its implementation in HOL, and the application of this logic to brokered requests in the context of the CORBA CSIv2 standard.

References

[ABLP93] Martin Abadi, Michael Burrows, Butler Lampson, and Gordon Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and, Systems, 15(4):706-734, September 1993.

[CSI01] The common secure interoperability version 2. Technical Report ptc/01-06-17, Object Management Group, June 2001. Available via http://www.omg.org/cgi-bin/doc?ptc/01-06-17.

[GM93] M.J.C. Gordon and T.F. Melham. Introduction to HOL: A Theorem Proving Environment for Higher Order Logic. Cambridge University Press, New York, 1993.

[LABW92] Butler Lampson, Martin Abadi, Michael Burrows, and Edward Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265-310, November 1992.

[WABL94] Edward Wobber, Martin Abadi, Michael Burrows, and Butler Lampson. Authentication in the Taos operating system. ACM Transactions on Computer Systems, 12(l):3-32, February 1994.

Shambhu Upadhyaya
Associate Professor of Computer Science and Engineering and Director, Center of Excellence in Information Systems Assurance Research and Education
University at Buffalo

Real-Time Intrusion Detection with Emphasis on Insider Attacks

Abstract. Intrusion detection is an important yet a very hard problem to solve. This concept has emerged because it is impossible to close all security loopholes in a computer system despite sound intrusion avoidance techniques such as encryption and firewalls. Currently there are more than 100 commercial tools and research prototypes for intrusion detection. These can be largely classified as either misuse or anomaly detection systems.
While misuse detection looks for specific signs by comparing the current activity against a database of known activity, anomaly detection works by generating a reference line based on the system model and signaling significant deviations from it as intrusions. Both approaches rely on audit trails which can be very huge. Moreover, conventionally they are off-line and offer little in terms of strong deterrence in the face of attacks.
In this talk, we will examine the intrusion detection tools and techniques from a taxonomical point of view and study the real-time properties and applicability to real systems and their shortcomings. Following the overview, we will present our own cost-based framework which quantifies and handles both misuse and anomalies in a unified way. Decisions regarding intrusions are seldom binary and we have developed a reasoning framework that performs decision-making on a more informed basis. The overall reference graph is based on the user's profile and the intent obtained at the beginning of a session. The uniqueness of each user's activity helps identify and arrest attempts by intruders to masquerade as genuine users, which is typically the case in insider attacks. We will examine this work and present some results.