PANEL 5: SECURITY AND PRIVACY OF INFORMATION SYSTEMS KEN - - PowerPoint PPT Presentation

panel 5 security and privacy of information systems ken
SMART_READER_LITE
LIVE PREVIEW

PANEL 5: SECURITY AND PRIVACY OF INFORMATION SYSTEMS KEN - - PowerPoint PPT Presentation

Mar 21, 2023 31 likes •151 views

1 PANEL 5: SECURITY AND PRIVACY OF INFORMATION SYSTEMS KEN KLINGENSTEIN, EHAB AL-SHAER, ALPTEKIN KUPCU, ALBERT LEVI, DI MA & GENE TSUDIK 2 Security and Privacy (S&P) Throughout 70-s and early 80-s Mainly within

slide-1
SLIDE 1

PANEL 5: SECURITY AND PRIVACY OF INFORMATION SYSTEMS KEN KLINGENSTEIN, EHAB AL-SHAER, ALPTEKIN KUPCU, ALBERT LEVI, DI MA & GENE TSUDIK

1

slide-2
SLIDE 2

Security and Privacy (S&P)

  • Throughout 70-s and early 80-s

– Mainly within government/military + contractors – Some industry – Thinly represented in academic research

  • Late 80-s, early 90-s

– More industry involvement – Initial research funding availability

  • Late 90-s

– Lots of industry interest – Gradually earns academic “respect” – More funding (e.g., DARPA, NSA, DOE, NIST)

  • Last decade

– Much more funding (NSF, DHS, IARPA enter the game) – Many faculty positions & much more academic research – Less industry research due to worsening economy

2

slide-3
SLIDE 3

S&P Maturity

  • Secure & Trusted Computing (SATC) program at NSF
  • Even the ACM now treats S&P as a first-class object in

its classification update effort (on-going)

  • Numerous conferences of widely varying quality

– About 8-10 with reasonable reputations – Many collaborations form at these venues – NOTE: few ME researchers attend!

  • A few reputable journals, e.g., ACM TISSEC, JoC, JCS,

IEEE TDSC & TIFS

3

slide-4
SLIDE 4

Security Research in General

Reactive

1. Identify existing security problems 2. Propose techniques to address/mitigate them OR: 1. Spot problems in current security methods

  • 2. Expose and, optionally, patch them

Proactive: a 4-step process…

4

slide-5
SLIDE 5

Step 1: Invent plausible, credible and very scary new adversary

5

slide-6
SLIDE 6

Step 2: Postulate new exciting (and viable) habitat for scary new adversary

6

slide-7
SLIDE 7

Step 3: Develop credible, effective and practical weapons against scary adversary Step 4: Market and popularize your “fairy tale”

7

slide-8
SLIDE 8

Which way?

  • Reactive research gets attention & immediate

appreciation

  • Proactive is much riskier, but stimulates the

intellect more

  • Plenty of motivation for either/both in US-ME

collaboration

8

slide-9
SLIDE 9

SPROUT Security & Privacy Research Outfit

http://sprout.ics.uci.edu

slide-10
SLIDE 10

Current Research Interests & Directions

  • Privacy-agile cryptographic protocols

– Signing, authentication with privacy – Private set operations, leading to:

  • private database querying, genomic, social networking & participatory sensing applications
  • Secure Embedded Systems

– Minimal malware-resilient architectures, smart metering applications (privacy) – RFID applications, e.g., supply-chain tracking, malicious reader mitigation

  • Candidate future Internet architectures  Named Data Networking (NDN)

– Lots of interesting security/privacy issues stemming from named, signed content

  • WSN-s and MANET-s

– Resilient autonomous/unattended operation with mobile adversary – Privacy-agile mobility + routing

  • Usability in/of S&P

– Device association, security configuration – Privacy interfaces, RFID applications

10

Cryptography

Systems + network security

slide-11
SLIDE 11

Sample Tentative Collaboration Topics

  • Anonymous low-latency communication
  • Censorship mitigation
  • Privacy in OSNs, micro-blogging
  • S&P in Emerging Internet Architectures
  • CPS security, e.g., malware

resistance/detection

11

slide-12
SLIDE 12

12