CERIAS Weekly Security Seminar - Purdue University

Jason Crampton, "Administrative Scope and Role-Based Administration"

Role-based access control (RBAC) has received considerable attention in recent years, resulting in several important theoretical models and increasing use in commercial products. Nevertheless, role-based administration, the use of role-based techniques to control RBAC systems, has been less widely studied. We will consider the problem of controlling the propagation of authorization information in computer systems in general, and in role-based systems in particular. We will then introd...

Sam Wagstaff, "Cryptanalysis of Diffie-Hellman and Pohlig-Hellman"

We describe the Diffie-Hellman key-exchange protocol and the Pohlig-Hellman cipher. We discuss discrete logarithms and the cryptanalysis of these two systems. We also describe the Mental Poker protocol.

Sam Wagstaff, Cryptanalysis of Diffie-Hellman and Pohlig-Hellman

We describe the Diffie-Hellman key-exchange protocol and the Pohlig-Hellman cipher. We discuss discrete logarithms and the cryptanalysis of these two systems. We also describe the Mental Poker protocol. About the speaker: Before coming to Purdue, Professor Wagstaff taught at the Universities of Rochester, Illinois, and Georgia. He spent a year at the Institute for Advanced Study in Princeton. His research interests are in the areas of cryptography, parallel computation, and analysis of alg...

Sam Wagstaff, "Information Theory"

We discuss the history and basic facts of Information Theory and give simple applications to cryptography and data security.

Sam Wagstaff, Information Theory

We discuss the history and basic facts of Information Theory and give simple applications to cryptography and data security. About the speaker: Before coming to Purdue, Professor Wagstaff taught at the Universities of Rochester, Illinois, and Georgia. He spent a year at the Institute for Advanced Study in Princeton. His research interests are in the areas of cryptography, parallel computation, and analysis of algorithms, especially number theoretic algorithms. He and J. W. Smith of the Unive...

Gary McGraw, "Building Secure Software"

Computer security takes on more importance as commerce becomes e-commerce and business embraces the Net. However, little progress has been made in the security field, especially when vendor technology is considered. Popular press coverage of computer security orbits around basic technology issues such as what firewalls are, when to use the DES encryption algorithm, which anti-virus product is best, or how the latest email-based attack works. The problem is, many security practitioners...

Gary McGraw, Building Secure Software

Computer security takes on more importance as commerce becomes e-commerce and business embraces the Net. However, little progress has been made in the security field, especially when vendor technology is considered. Popular press coverage of computer security orbits around basic technology issues such as what firewalls are, when to use the DES encryption algorithm, which anti-virus product is best, or how the latest email-based attack works. The problem is, many security practitioners don't k...

Peter Stephenson, Investigating Computer Security Incidents

The studies all say that 70% to 80% of information security incidents involve "insiders". However, today, it is becoming increasingly difficult to pinpoint exactly what we mean by an insider. Complicating the issue, law enforcement is increasingly overloaded and the FBI has gone on record as saying that the victims of such incidents should begin their own investigation. The good news is that the victim will likely be in a position to respond much more rapidly than will law enforcement. The b...

Peter Stephenson, "Investigating Computer Security Incidents"

The studies all say that 70% to 80% of information security incidents involve "insiders". However, today, it is becoming increasingly difficult to pinpoint exactly what we mean by an insider. Complicating the issue, law enforcement is increasingly overloaded and the FBI has gone on record as saying that the victims of such incidents should begin their own investigation. The good news is that the victim will likely be in a position to respond much more rapidly than will law enforcement...

Wenke Lee, Developing Data Mining Techniques for Intrusion Detection: A Progress Report

Intrusion detection (ID) is an important component of infrastructure protection mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, extensible, and cost-effective. These requirements are very challenging because of the complexities of today's network environments and the lack of IDS development tools. Our research aims to systematically improve the development process of IDSs. In the first half of the talk, I will describe our data mining framework for constructing ...

Wenke Lee, "Developing Data Mining Techniques for Intrusion Detection: A Progress Report"

Intrusion detection (ID) is an important component of infrastructure protection mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, extensible, and cost-effective. These requirements are very challenging because of the complexities of today's network environments and the lack of IDS development tools. Our research aims to systematically improve the development process of IDSs. In the first half of the talk, I will describe our data mining framework for constr...

Richard Stotts, Jerome Webb & Matthew Beebe, Richard Stotts, Jerome Webb & Matthew Beebe

About the speaker: Colonel Richard Stotts Bio Jerome Webb Mr. Jerome A. Webb is Chief of the Air Force Information Warfare Center\'s Computer Threat Analysis Section (AFIWC/IOAIC). IOAIC\'s mission is to provide threat data for the Air Force\'s Computer Network Operations mission, through the real time analysis of computer intrusions and development of a threat warning capability to protect against future intrusions. Mr. Webb is recognized as one of the leading authorities of computer-based...

Richard Stotts, Jerome Webb & Matthew Beebe, "Richard Stotts, Jerome Webb & Matthew Beebe"

Richard Stotts, Jerome Webb & Matthew Beebe, "Richard Stotts, Jerome Webb & Matthew Beebe"

John Richardson, Evolving the Internet

What's wrong with today's Internet? If TCP/IP has won, what's left to be done? In truth, we've only just begun ... to understand the how the Internet is evolving, the impact of our staggering demand for information, and how a whole set revolutionary technologies will change the Internet's foundation. This talk skims the waves - it highlights some of the key changes on the horizon and explains why they will be important. Some key trends we'll touch on include: overlay networks like voice-over-...

John Richardson, "Evolving the Internet"

What's wrong with today's Internet? If TCP/IP has won, what's left to be done? In truth, we've only just begun ... to understand the how the Internet is evolving, the impact of our staggering demand for information, and how a whole set revolutionary technologies will change the Internet's foundation. This talk skims the waves - it highlights some of the key changes on the horizon and explains why they will be important. Some key trends we'll touch on include: overlay networks like voi...

Eugene Spafford, The Challenge of Secure Software

Despite decades of advances in computer science and software engineering, our computing systems seem to be less and less trustworthy. Each week seems to bring new stories of computer viruses, invasions of privacy, serious bugs in common software platforms, and network intrusions. The trend seems to be getting worse instead of better. Why is that? And is there hope for safer systems for day-to-day use in e-commerce and government? In this talk, we will examine some of the factors that have le...

Eugene Spafford, "The Challenge of Secure Software"

Despite decades of advances in computer science and software engineering, our computing systems seem to be less and less trustworthy. Each week seems to bring new stories of computer viruses, invasions of privacy, serious bugs in common software platforms, and network intrusions. The trend seems to be getting worse instead of better. Why is that? And is there hope for safer systems for day-to-day use in e-commerce and government? In this talk, we will examine some of the factors that ...

Jens Palsberg, "Static Checking of Interrupt-Driven Software"

Resource-constrained devices are becoming ubiquitous. Examples include cell phones, palm pilots, and digital thermostats. It can be difficult to fit required functionality into such a device without sacrificing the simplicity and clarity of the software. Increasingly complex embedded systems require extensive brute-force testing, making development and maintenance costly. This is particularly true for system components that are written in assembly language. Static checking has the pot...

Jens Palsberg, Static Checking of Interrupt-Driven Software

Resource-constrained devices are becoming ubiquitous. Examples include cell phones, palm pilots, and digital thermostats. It can be difficult to fit required functionality into such a device without sacrificing the simplicity and clarity of the software. Increasingly complex embedded systems require extensive brute-force testing, making development and maintenance costly. This is particularly true for system components that are written in assembly language. Static checking has the potential ...

Pascal Meunier, The IRDB Project: An Incident Response Database For Gathering Cost And Incidence Information On Types of Security Events

Information about the incidence of security breaches is difficult to obtain. Emergency situations are not favorable to the maintenance of records, the security breaches are embarrassing and possibly damaging, and disclosing information about the incidents may reveal some sensitive information. Moreover, the nature of the incident and its cause are not always fully known. Because of this, the frequency and cost is difficult to assess by type of incident. The IRDB project attempts to provide a...

Pascal Meunier, "The IRDB Project: An Incident Response Database For Gathering Cost And Incidence Information On Types of Security Events"

Information about the incidence of security breaches is difficult to obtain. Emergency situations are not favorable to the maintenance of records, the security breaches are embarrassing and possibly damaging, and disclosing information about the incidents may reveal some sensitive information. Moreover, the nature of the incident and its cause are not always fully known. Because of this, the frequency and cost is difficult to assess by type of incident. The IRDB project attempts to pr...

John Steven Reel, "The Future of Information Security Technologies"

Information security, and the technologies that provide such security, are a very hot topic throughout the information technology and business communities today. This presentation opens with a consideration of the current network environment. It answers the questions "where are these technologies?" and "where are the gaps in the technologies that are being addressed?" especially as they impact security. Next, the presentation considers the field of network security technologies. It ad...

John Steven Reel, The Future of Information Security Technologies

Information security, and the technologies that provide such security, are a very hot topic throughout the information technology and business communities today. This presentation opens with a consideration of the current network environment. It answers the questions "where are these technologies?" and "where are the gaps in the technologies that are being addressed?" especially as they impact security. Next, the presentation considers the field of network security technologies. It addresses ...

Rick Davis, "The Holy Grail of E-Business Risk Management: Creating and Sustaining the Insurable Standard for E-Business Security and Assurance"

In order for e-commerce and e-business to grow at the fullest extent possible, higher levels of trust and accountability need to become established. The corporate buyers who rely on reliable structures need to hold those who build and support commercial network initiatives (call them "infrastructure and service providers") responsible for things that go wrong. Downtime, outages, viruses, data integrity, data confidentiality and hacker damage are some of the losses that providers need ...

Rick Davis, The Holy Grail of E-Business Risk Management: Creating and Sustaining the Insurable Standard for E-Business Security and Assurance

In order for e-commerce and e-business to grow at the fullest extent possible, higher levels of trust and accountability need to become established. The corporate buyers who rely on reliable structures need to hold those who build and support commercial network initiatives (call them "infrastructure and service providers") responsible for things that go wrong. Downtime, outages, viruses, data integrity, data confidentiality and hacker damage are some of the losses that providers need to preve...

Michael G. Fleming & Victor Maconachy, "Information Assurance Challenges for the 21st Century"

In today's increasingly dependent and interdependent global information society, information assurance for systems is gaining tremendous importance. Individuals, governments, and societies are insisting on secure and safe communications environments. The solution to providing those assurances lies in the formation of partnerships between and among business, academia and government. Mr. Fleming will present an overview of a model for such partnerships, to include critical elements for ...

Michael G. Fleming & Victor Maconachy, Information Assurance Challenges for the 21st Century

In today's increasingly dependent and interdependent global information society, information assurance for systems is gaining tremendous importance. Individuals, governments, and societies are insisting on secure and safe communications environments. The solution to providing those assurances lies in the formation of partnerships between and among business, academia and government. Mr. Fleming will present an overview of a model for such partnerships, to include critical elements for the succ...

Terran Lane, "Machine Learning Techniques for Anomaly Detection in Computer Security"

With the recent phenomenal growth of the availability and connectivity of computing resources and the advent of e-commerce, more valuable and private data is being stored online than ever before. But with greater value and availability comes greater threat. In this talk we examine the information security problem of anomaly detection --- recognizing the occurrence of ``out of the ordinary'' events which may prove to be hazardous. We evaluate this problem as a machine learning task and...

Terran Lane, Machine Learning Techniques for Anomaly Detection in Computer Security

With the recent phenomenal growth of the availability and connectivity of computing resources and the advent of e-commerce, more valuable and private data is being stored online than ever before. But with greater value and availability comes greater threat. In this talk we examine the information security problem of anomaly detection --- recognizing the occurrence of ``out of the ordinary'' events which may prove to be hazardous. We evaluate this problem as a machine learning task and describ...

Padgett Peterson, Implications of Mobile Code on Microsoft Platforms

With the advent of mobile code (excutable programs that are carried on web pages and inside E-Mail) in everyday use, the capability to include malicious software without the recipient's knowlege has been implicit. From the first crude examples ("Concept", 1995) through the "Russian New Year" exploits (1997-98), to the current surprises (Bubbleboy, 1999) there has been a continual advance in sophistication. Despite attempts by the manufacturer to provide mitigation, these patches are little ...

Padgett Peterson, "Implications of Mobile Code on Microsoft Platforms"

With the advent of mobile code (excutable programs that are carried on web pages and inside E-Mail) in everyday use, the capability to include malicious software without the recipient's knowlege has been implicit. From the first crude examples ("Concept", 1995) through the "Russian New Year" exploits (1997-98), to the current surprises (Bubbleboy, 1999) there has been a continual advance in sophistication. Despite attempts by the manufacturer to provide mitigation, these patches are l...

Judy Hochberg, "Automatic identification of classified documents"

How can one automatically identify classified documents? This is a vital question for the Department of Energy (DOE), which is reviewing millions of classified documents for possible declassification, and for Los Alamos National Laboratory (LANL), which is checking its unclassified computing storage systems for the presence of classified documents. The DOE, having already developed an expert rule system for automatic document classification, provided LANL with a small set of documents...

Judy Hochberg, Automatic identification of classified documents

How can one automatically identify classified documents? This is a vital question for the Department of Energy (DOE), which is reviewing millions of classified documents for possible declassification, and for Los Alamos National Laboratory (LANL), which is checking its unclassified computing storage systems for the presence of classified documents. The DOE, having already developed an expert rule system for automatic document classification, provided LANL with a small set of documents with wh...

Clay Shields, Tracing Denial-of-Service Attacks; or why we may never know who attacked Yahoo et. al.

The recent spate of attacks against Yahoo and other sites with large on-line presences brought denial-of-service attacks into the public consciousness. The methods used in these attacks make it very difficult, if not impossible, to locate the source of the attacks. The problem lies not only in finding the particular computers used to launch the attacks, but also in finding the individuals controlling those computers. I will discuss the attacks that occurred, why it is so difficult to track th...

Clay Shields, "Tracing Denial-of-Service Attacks; or why we may never know who attacked Yahoo et. al."

The recent spate of attacks against Yahoo and other sites with large on-line presences brought denial-of-service attacks into the public consciousness. The methods used in these attacks make it very difficult, if not impossible, to locate the source of the attacks. The problem lies not only in finding the particular computers used to launch the attacks, but also in finding the individuals controlling those computers. I will discuss the attacks that occurred, why it is so difficult to ...

Gerald Thomas, "Commercial High-Resolution Satellite Imagery Polic"

In October of 1999, Denver based Space Imaging launched the world's first very-high resolution commercial satellite, IKONOS 2, into polar orbit around the earth. For the first time in history, sub-1 meter near real time digital imagery is now available for virtually the entire globe to anyone with a credit card and access to the internet. This talk will explore: (1) the policy history around the US government's decision to let this technology "go commercial," (2) the status of current...

Gerald Thomas, Commercial High-Resolution Satellite Imagery Polic

In October of 1999, Denver based Space Imaging launched the world's first very-high resolution commercial satellite, IKONOS 2, into polar orbit around the earth. For the first time in history, sub-1 meter near real time digital imagery is now available for virtually the entire globe to anyone with a credit card and access to the internet. This talk will explore: (1) the policy history around the US government's decision to let this technology "go commercial," (2) the status of current US remo...

Victor Raskin, NLP for IAS: Overview and Implementations

This paper explores a promising interface between natural language processing (NLP) and information assurance and security (IAS). More specifically, it is devoted to possible applications of the accumulated considerable resources in NLP to IAS. The paper is of a mixed theoretical and empirical nature. Of the four possible venues of applications, (i) memorizing randomly generated passwords with the help of automatically generated funny jingles, (ii) natural language watermarking, (iii) using t...

Victor Raskin, "NLP for IAS: Overview and Implementations"

This paper explores a promising interface between natural language processing (NLP) and information assurance and security (IAS). More specifically, it is devoted to possible applications of the accumulated considerable resources in NLP to IAS. The paper is of a mixed theoretical and empirical nature. Of the four possible venues of applications, (i) memorizing randomly generated passwords with the help of automatically generated funny jingles, (ii) natural language watermarking, (iii)...

Gene Kim, "Open Source Issues and Opportunities for Tripwire"

Tripwire has a long history of openly available source, having been created at Purdue University in 1992 as a publicly available security tool. It has been created into an industrial strength tool, and has been successful in protecting critical enterprise processes in business and government. One of the decisions we made was to use a conventional shrink-wrapped software model -- in other words, source code was no longer readily available to the public. Without question, this has been ...

Gene Kim, Open Source Issues and Opportunities for Tripwire

Tripwire has a long history of openly available source, having been created at Purdue University in 1992 as a publicly available security tool. It has been created into an industrial strength tool, and has been successful in protecting critical enterprise processes in business and government. One of the decisions we made was to use a conventional shrink-wrapped software model -- in other words, source code was no longer readily available to the public. Without question, this has been a smoo...

Wenliang Du & Mahesh Tripunitara, "Security Relevancy Analysis on the Registry of Windows NT 4.0 (for Wenliang Du)"

Many security breaches are caused by inappropriate inputs crafted by people with malicious intents. To enhance the system security, we need either to ensure that inappropriate inputs are filtered out by the program, or to ensure that only trusted people can access those inputs. In the second approach, we sure do not want to put such constraint on every input, instead, we only want to restrict the access to the security relevant inputs. The goal of this paper is to investigate how to i...

Wenliang Du & Mahesh Tripunitara, Security Relevancy Analysis on the Registry of Windows NT 4.0 (for Wenliang Du)

Many security breaches are caused by inappropriate inputs crafted by people with malicious intents. To enhance the system security, we need either to ensure that inappropriate inputs are filtered out by the program, or to ensure that only trusted people can access those inputs. In the second approach, we sure do not want to put such constraint on every input, instead, we only want to restrict the access to the security relevant inputs. The goal of this paper is to investigate how to identify ...

Mahesh Tripunitara, Thwarting Denial of Service Attacks against Communication Protocols with Backward Compatible Changes: A Case Study

We will discuss a novel approach to building safeguards against denial of service attacks against communication protocols. Our approach involves changes to the relevant communication protocol subject to the following constraint: the protocol that results from the change must be backward compatible with the unchanged protocol. That is, an entity that employs the changed protocol must be able to communicate with an entity that employs the unchanged version. We will look at a specific problem in...

Mahesh Tripunitara, "Thwarting Denial of Service Attacks against Communication Protocols with Backward Compatible Changes: A Case Study"

We will discuss a novel approach to building safeguards against denial of service attacks against communication protocols. Our approach involves changes to the relevant communication protocol subject to the following constraint: the protocol that results from the change must be backward compatible with the unchanged protocol. That is, an entity that employs the changed protocol must be able to communicate with an entity that employs the unchanged version. We will look at a specific pr...

Donn Parker, "Information Security, a Folk Art in Need of an Upgrade"

Information security is an inarticulate, incoherent, incomplete, incorrect folk art attempting to preserve confidentiality, integrity, and availability (CIA) of information from destruction, disclosure, use, and modification (DDUM). This CIA/DDUM framework is the equivalent of alchemy in the middle ages when the elements consisted of fire, water, earth, and air. We must have security based on a coherent and complete framework model for stopping irrational cybercriminals. We must repla...

Donn Parker, Information Security, a Folk Art in Need of an Upgrade

Information security is an inarticulate, incoherent, incomplete, incorrect folk art attempting to preserve confidentiality, integrity, and availability (CIA) of information from destruction, disclosure, use, and modification (DDUM). This CIA/DDUM framework is the equivalent of alchemy in the middle ages when the elements consisted of fire, water, earth, and air. We must have security based on a coherent and complete framework model for stopping irrational cybercriminals. We must replace secu...

Michael Santarcangelo, eInfrastructure Security

This presentation will teach participants how to develop secure infrastructures in eCommerce by discussing security impacts to business applications, Netcentric security elements, and real stories from client experience. The presentation includes a thorough discussion of risk assessment methodology. About the speaker: Mr. Santarcangelo is a consultant in the Security Technologies Specialty for Andersen Consulting. He has three years of experience designing and implementing integrated security...

Michael Santarcangelo, "eInfrastructure Security"

This presentation will teach participants how to develop secure infrastructures in eCommerce by discussing security impacts to business applications, Netcentric security elements, and real stories from client experience. The presentation includes a thorough discussion of risk assessment methodology.