Presentation Abstracts
Abstracts of Talks
Internet Real-time Monitoring Methods and Experience
presented by Ko IkaiIt is of growing importance for public safety and security to know what is occurring on the Internet in real-time. Although the non-centralized nature of the Internet makes it impossible to monitor completely, it is possible to use sampling techniques to estimate the state of the Internet. In Japan, several entities, including the National Police Agency (NPA), have made efforts to perform such monitoring. The NPA operates a distributed intrusion detection system, installed in 57 local police sites, and has monitored alerts and other information from them in a 24/7/365 analysis center since 2002. The center has detected various phenomena, such as the emergence of worms, the daily activity of zombie computers, packets from victims of SYN flood attacks and more. In this presentation, an overview of the monitoring system is provided.
Security Incident Monitoring and Analysis in Collaboration with ISPs
presented by Koji Nakao
ko-nakao@kddi.comA huge number of incidents can be recognized and detected under the existing Internet environments. The incidents related to ISP operations should be properly and promptly handled and responded to by the ISP as their own operations. However, the current security incidents are getting complicated and largely are influencing networks across ISP boundaries, spanning several ISP operations. It is therefore high time to start research and develop the global mechanisms to protect National/World-wide Internet environments that rely on ISPs. For this purpose, Telecom ISAC Japan was been launched in 2002 July with the strong support of NiCT (National Institute of Information and Communications Technology). This presentation gave the current activities on Security Incident Monitoring and Analysis in Telecom-ISAC Japan and NiCT.
Damage Assessment for Compromise of Cryptosystems
Presented by Eiji Okamoto
okamoto@risk.tsukuba.ac.jpThe expected lifespan of an encryption system is not longer than 20 years nowadays because of rapid progress in computers and networks. It is hard to predict actual time of compromise of encryption systems, but we have to prepare for the situation in the future. Hence we are going to estimate the damage by the various types of compromise of cryptosystems. The serious damage will be secret key loss, breakage of encryption algorithms/hashing functions, and inappropriate use of encryption system in actual application. These challenges are discussed in the context of a PKI model.
Security for Grid Computing Architectures
Presented by Yoshio Tanaka yoshio.tanaka@aist.go.jpA grid is a hardware and software infrastructure that clusters and integrates high-end computers, networks, databases and scientific instruments from multiple sources to form a virtual supercomputer on which users can work collaboratively. The grid enables resource sharing between sites thus dynamically creating a virtual organization. Cross-site authentication and access control are essential to safely implementing grid environments. This talk reports on experiences and future directions on cross-site authentication and access control in the Asia Pacific Grid and Japanese National Research Grid Initiative (NAREGI) project. The talk focuses on operational issues for cross-site authentication and recent activities on launching Asia Pacific Grid Policy Management Authority that coordinates a public key infrastructure in Asia Pacific for use with Grid authentication. The talk also includes issues to be considered for designing a PKI architecture which implements identification and authentication of a membership of a virtual organization.
Vulnerability analysis of information systems
Presented by Ichiro Murase
(Modeling of interaction between information systems and social infrastructures)
murase@mri.co.jpMany people pay notice to the risk in critical sectors and the interdependency analysis on critical sectors. We can see the vulnerabilities in each sector and vulnerabilities in relationships among many sectors. Mission Program 2 has developied a Hazard Map that shows the risk and vulnerabilities among critical sectors. The Hazard Map is a simulation program focused on the information systems that support Japanese critical sectors. The simulation scenario has a description of how a critical incident of the power sector would have effects on the communication sector and information systems of other sectors. The Hazard Map graphically displays the conditions that the power sector incident would spread through the other critical sectors in chronological order.
Engineering for Improving the Performance of Incident Handling Processes
Presented by Suguru Yamaguchi
suguru@is.naist.jpSince 1990's, there have been many CSIRT's established both in the commercial and public sectors. The fundamental roles of these organizations are to gather information on incidents and coordinate responses against them. However, because of proliferation on security incidents, CSIRT's have to face the situation where specialized technologies and engineering are required to reduce the overhead on incident handling process. There are many approaches adopted by CISRTs to do this; one with potential benefit is to have a mechanism to let CSIRTs exchange incident related information (semi-) automatically through a process called IODEF based information exchange system. In this report, a summary of current steps in IODEF development is presented along with the status of what our groups are working on.
Plan for Developing and Applying Multi - Risk – Communicator
Presented by Ryoichi Sasaki
sasaki@im.dendai.ac.jpAlong with the development of an Internet society, the attendant risk is increasing. An important subject has been how to reduce the risk is reduced and how to measure the risk reduction achieved. For this reason, it is important to have a common method for discussing risk elements among decision-making persons, such as residents, so that a consensus agreement may be reached. However, it is not easy to search for a combination of optimal measures for reducing risk, particularly when there are concepts which are opposed to each other, such as security, privacy, and development cost, and reaching agreement. This situation requires development of the “multi - risk communicator" with functions that include (1) simulator, (2) optimization engine, and (3) displaying the computed result to decision-making persons. The development and application plan of "multiplex risk communicator" is shown in this presentation.
Recent Research on Integrated Telecommunication for Crisis Management in National Institute of Information and Communications Technology
Presented by Hiroyuki Ohno
hohno@ohnolab.orgThe National Institute of Information and Communications Technology (NICT) has been focusing on "Integrated Telecommunications for Crisis Management" since 1999. We have two major topics in this research theme. They are "The crisis management for the Internet" and "The crisis management by the internet". As a part of the first topic, we have developed vulnerability database systems and two different types of network incident emulation systems. As a part of the second topic, we have developed the IAA system which is an information registration and retrieval system for natural disaster victims. Since the IAA system has been built on the internet, every one can access the system from all over the world at anytime. In the presentation, the latest research result and future plans will be provided.
Assurance and Trust in the Internet System
Presented by Yuko Murayama
murayama@iwate-pu.ac.jpWe present our initial research on assurance and trust. We call assurance Anshin in Japanese in this presentation. Anshin could be translated as sense of security as well. Security technology has been developed from the viewpoint of theoretical issues as well as performance. What have been missing are the user-interface and CSCW (Computer Supported Cooperative Work) viewpoints. Some in Japan call this area of research 'Human Crypto'. In this research we try and look into what brings the users assurance when they use security tools on the network. We describe an initial model.
Measuring, Characterizing, and Tracking Internet Threat Dynamics
Presented by Farnam JahanianThe Internet is increasingly susceptible to a broad spectrum of security and operational threats such as distributed denial of service attacks, zero-day worms, and routing exploits. First and foremost, these threats are globally scoped, respecting no geographic or topological boundaries. Secondly, recent mutations of Internet worms have shown to be exceptionally virulent, propagating to the entire vulnerable population in the Internet in a matter of minutes. This virulence has the effect of being exceptionally resource taxing creating side effects that pose problems for those that are outside the vulnerable population. To make matters worse, these threats often are zero- day threats, exploiting vulnerabilities for which no signature or patch has been developed. This presentation discusses the changing Internet ecology and the evolution of zero-day threats. The talk highlights results from the Internet Motion Sensor Project, a collaborative research project aimed at observing and characterizing security threats on a global scale through deployment of a set of topology aware dark IP network sensors across the Internet. The current IMS deployment consists of 28 distinct monitored blocks at 18 physical installations across the Internet. These deployments range in size from a /25 to a /8 and include major Internet service providers, large enterprises, academic networks, and broadband providers. These sensors represent a range of organizations and a diverse sample of the routable IPv4 space including nine of all routable /8 address ranges. While past research has attempted to extrapolate the results from a small number of blocks to represent global Internet traffic, we present evidence that distributed address blocks observe dramatically different traffic patterns. Data gathered from these deployments is used to demonstrate the ability of the IMS to capture and characterize several important recent Internet threats.
Status Dissemination and Trust Management for Critical Infrastructure Protection
Presented by Carl HauserThe North American power grids involve almost 3500 utility organizations. Existing SCADA-based status communication systems, which primarily use point-to-point links between substations and individual utility's control centers, provide inadequate cross-utility situational awareness for grid operators. The GridStat project is creating status dissemination middleware to allow creation of flexible, QoS-managed information infrastructures that address this problem for the power grid and other large, distributed infrastructures. The GridStat architecture naturally extends to nationwide, cross-infrastructure monitoring. However, the additional communication required for inter-utility sharing and monitoring, and afforded by GridStat, poses new information security concerns which we are addressing with research on trust management mechanisms.
Advanced Protection and Control of the Power Grid
Presented by Mariesa Crow and Bruce McMillinBulk power systems are a critical infrastructure and form one of the largest complex inter-connected networks ever built. Today, over 150,000 miles of interconnected high-voltage transmission lines link generators to load centers. Under normal operation, this web of interconnecting transmission lines is highly robust and reliable. However, during stressed conditions, a failure in one location can quickly propagate across the grid in complex and dramatic ways, and wide-spread blackouts may result. Protection of this critical infrastructure is a critical national need.
Advanced controllers that allow for rapid control of the power grid are the family of switched power electronics-based controllers, known as “flexible AC transmission system” (FACTS) devices. These devices control the power flow through the lines of the network by rapidly injecting independent currents and voltages into the system.
To use FACTS devices effectively in power flow control and in power system protection requires coordination of their individual actions. This control exists at several time scales and locations: minutes to hours to control transmission congestion and seconds to minutes to react to faults on the systems via distributed computing, and fractions of seconds to switch the power electronics devices using local computing. If these actions are not carefully coordinated, FACTS control may become counter-productive leading to increased congestion or insecure operation.
In this talk we will discuss FACTS device technology and propose distributed operation and control strategies to i) detect and mitigate intentional or unintentional cascading failures, ii) automatically adjust to changing physical environments, and iii) mitigate counterproductive actions. Preliminary results and the FACTS Interaction Laboratory currently under construction at the University of Missouri-Rolla are presented.
Grid Security: Status and Future Directions
Presented by Marty HumphreyThe goal of a Grid is to coordinate resources that are not subject to centralized control using standard, open, general-purpose protocols and interfaces to deliver nontrivial qualities of service (Foster/Kesselman). As the (Global) Grid Forum turns five years old, it is appropriate to assess the state of Grid security, particularly in the context of the contributions of the (Global) Grid Forum. In the first part of this talk, I will argue that, while the Grid security community has been very successful in adapting existing and emerging security mechanisms (e.g., PKI) to high-end computing environments and e-science applications, there are a number of core issues that remain unsolved, most notably firewalls, incident detection and response, and authorization. In the second part, I will describe our efforts at the University of Virginia to create reliable/survivable Grids. In particular, I will argue that policy management will be one of the most difficult challenges to solve in order to create persistent cyberinfrastructure and discuss our emerging solutions for explicit policy expression, negotiation, and enforcement.
Fault-Tolerant Forwarding in the Face of Malicious Routers
Presented by Keith MarzulloWe are interested in a simply stated, yet increasingly important network security problem: how to detect the existence of compromised routers in a link-state routing system and remove them from the routing fabric. The root of this problem arises from the key role that routers play in modern packet switched data networks. To a first approximation, networks can be modelled as a series of point-to-point links connecting pairs of routers to form a directed graph. Since few endpoints are directly connected, data must be forwarded -- hop-by-hop -- from router to router towards its destination. If a router in this fabric is compromised, then an attacker may drop, delay, reorder, corrupt or re-route any of the packets passing through that router. Such a capability can be used to deny service to legitimate hosts, to implement ongoing network surveillance or to provide an efficient man-in-the-middle functionality for attacking end systems.
Such attacks are not simply theoretically feasible, but are practiced today. Attackers have repeatedly demonstrated their ability to compromise routers, either by exploiting weak passwords or latent software vulnerabilities, and standard built-in commands are sufficient to drop or delay packets without requiring any modification to the router's code base. Moreover, several widely published documents provide a standard cookbook for transparently "tunneling" packets from a compromised router through an arbitrary third-party host and back again -- effectively amplifying the attacker's abilities to including arbitrary packet sniffing, injection or modification. Such attacks can be extremely difficult to detect manually, and it can be even harder to isolate which particular router or group of routers have been compromised.
The problem of detecting and removing compromised routers can be thought of as an instance of anomalous behavior-based intrusion detection. That is, a compromised router can be identified by correct routers when it exhibits behavior deviating from what is expected. We break this problem into three subproblems: traffic monitoring, information distribution, and countermeasures. In this talk, I will present our work in these three areas.
Adaptive Behavior Modeling for Securing Dedicated High Performance Clusters
Presented by Yogi DandassEmbedded clusters are found in many critical applications. High performance cluster computing is also commonly found in government, academia, and commercial organizations. Securing these assets is becoming a high priority. Researchers at the Center for Computer Security Research at Mississippi State University (MSU) are researching a variety of artificial intelligence techniques such as hidden Markov models, augmented push down automata, and neural networks for detecting misuse, intrusions, anomalies, and faults in clusters. The focus is on improving accuracy of the detection techniques while reducing overheads in computation, network traffic, and storage. Accuracy of alert signals is improved by intelligently combining threat assessments from a variety of sensors. Computational overheads of the security mechanisms are reduced by offloading security related processing onto reconfigurable FPGA-based coprocessors. Early results show that MSU's intrusion detection system can have an accuracy of at least 85% in a high performance cluster running scientific applications.
Turning Data into Knowledge Without Violating Privacy
Presented by Chris CliftonThe confluence of data mining, large databases, and networked information sources opens a wealth of possibilities for knowledge discovery. Privacy and security concerns have lead to a backlash against these technologies, witness street protests in Japan in August 2002 over the creation of a national registry and ID number, and the introduction in the U.S. Senate of the "Data-Mining Moratorium Act of 2003".
The irony is that most data mining generates summary results that do not violate privacy. Are we simply facing a need to educate the public on what data mining really is? The answer is no: the problem is real. It isn't data mining that is at fault, but gathering the data into a common warehouse to enable data mining. In general, problem arises when data must be shared.
This talk discusses how privacy-preserving data mining and other privacy-preserving collaboration techniques can enable applications that might otherwise be prevented due to privacy concerns, and what research issues to be addressed before these technologies can become reality.
Defending Against Online Identity Theft and Phishing
Presented by Dan BonehWeb spoofing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information. In this talk we will describe several browser plug-ins that help protect users from such attacks. One such plug-in, SpoofGuard, examines web pages and warns the user when form data may be part of a spoof attack. Another plug-in helps protect user passwords.
Privacy-Preserving Bayesian Network Structure Computation on Distributed Heterogeneous Data
Presented by Rebecca WrightAs more and more activities are carried out using computers and computer networks, the amount of potentially sensitive data stored by business, governments, and other parties increases. Different parties may wish to benefit from cooperative use of their data, but privacy regulations and other privacy concerns may prevent the parties from sharing their data. Privacy-preserving data mining provides a solution by creating distributed data mining algorithms in which the underlying data is not revealed.
We present a privacy-preserving protocol for a particular data mining task: learning the Bayesian network structure for distributed heterogeneous data. In this setting, two parties owning confidential databases wish to learn the structure of a Bayesian network on the combination of their databases without revealing anything about their data to each other. We give an efficient and privacy-preserving version of the K2 algorithm to construct the structure of a Bayesian network for the parties' joint data.
This website is maintained by Dr. Julie Ryan, whose email is jjchryan@gwu.edu. It was last updated 2 November 2004.
The views and opinions expressed on these pages are those of the author. The content of this page has not been reviewed or approved by the George Washington University.
