Context based Adaptable Defense against Collaborative Attacks in Service Oriented Architecture

1^st Annual Northrop Grumman Cybersecurity Research Consortium Symposium Progress Report

2010

PIs: Bharat Bhargava

Purdue University

*

1

CERIAS security center and Computer Science department, bbshail@purdue.edu

Project Overview

• Problem Statement

Develop and experiment with algorithms for survivability and recovery that provide information assurance, integrity of data and communication, confidentiality, and reliability in the presence of coordinated attacks in SoA. Proposes adaptable schemes based on context.

• Goals & Objectives

Contributes to security in Cloud and SoA environment. Investigate scenarios of Advanced Persistent Threats (APT)and develop defense strategies against them. Build prototype to demonstrate. This will lead to collaboration with NGC IRAD efforts . Study cyber situation awareness ( CSA). Apply these ideas to the use case: Safeguarding Electronic Health Records

*

2

Accomplished Research Milestones

• APT and coordinated attack
• Three advanced persistent threats have been analyzed. Identification of intruder in cyber network has been completed. The detection of coordinated attacks has been studied. Defense schemes are to be studied. The APT of Fast flex attacks is based on a real world Storm Worm attack. The APT scenarios will be implemented in prototype and the defense mechanisms will be demonstrated in their capabilities. This leads to collaboration with NGC IRAD efforts. It will contribute to cyber genome project that can lead to proposals for Department of Defense. Completion date August, 2011.
• Security and Privacy in Cloud Computing.
• Privacy and Identity Management in Cloud. Two ideas have been studied: Use predicate over encrypted data, permitting the use of identity data on untrusted hosts. Research has focused on security problems stemming from: Loss of control, Lack of trust (mechanisms), Multi-tenancy. The idea of active bundles is being developed. This work is theoretical but the implementation of active bundle idea is in progress. Joint work with Dr. Brancik and Brent Green of NGC. Research to be completed by May 2011. Earlier versions of draft white paper have been written.

​

​

​

*

3

Key Technical Accomplishments

• Technical accomplishment

Three APTs have been developed:

Fast Flux Attacks based on Storm Worm, Joint blackhole and wormhole attacks to deal with insider/external attacks, Attacks on Privacy in Electronic Private Healthcare Information (EPHI) and Cloud

• APT defense mechanisms include: Developing techniques for Identifying intruder and collaboration among multiple attackers including inside/external attackers, Designing algorithms to disrupt the ongoing attacks to avoid further progress of attacks as well as any collaboration, Identifying attackers from their host and/or network behavior.
• Cyber situation Awareness. We are identifying and formalizing: What is a context? What is a Situation? A workshop has been held in May 2010 with funding from Air Force. Details are in slides presented to NGC on June 14. See http://www.cs.purdue.edu/homes/rranchal/ngc.html
• Privacy and Identity Management in Cloud. The main idea is to use active bundles to facilitate privacy preserving data dissemination through the use of active bundles. Research has focused on security problems stemming from: Loss of control, Lack of trust (mechanisms), Multi-tenancy.

*

4

NG Tech Transfer

• Research is being conducted in collaboration with the NGC IR&D on Advanced Persistent Threats (APT) and Endpoint Situation Awareness IR&D in NG.
• NG Point of Contact are Dr. Ken Brancik , Calvin Smith and Jason Liu. Cloud computing efforts has been discussed with Steve Warner(IS).
• We will use these ideas in the application of Electronic private health care information systems. The major focus is on privacy and identity management in Cloud environments. Research is already in progress and we are in the process of writing a white paper with Dr. Brancik and Brent Green of NG.
• Key activities
• Preliminary discussions & briefs, and joint white paper and proposals write-ups are in progress.
• Date: March-June, 2010
• Purdue is in process of implementing the ideas. DoD proposals based on BAA are being planned.

*

5

External Activities�

• Publication &/or Collaborative NGC / University White Paper:

Title of Paper: Defending against Collaborative Packet Drop Attacks on MANETs

• Authors: Weichao Wang, Bharat Bhargava, Mark Linderman
• Submission &/or Projected Completion Date: Sept 2010
• Status: Work-in-Progress but first version accepted in IEEE SRDS workshop

Title of Paper: Extending Attack Graph-based Security Metrics and Aggregating Their Application

• Authors: Nwokedi Idika and Bharat Bhargava
• Submission &/or Projected Completion Date: May 2010
• Status: Accepted in IEEE Transaction on Dependable and Secure Systems

Title of Paper: An approach for Privacy and Identity Management in Cloud

• Authors: Ken Brancik, Bharat Bhargava and students at Purdue
• Submission &/or Projected Completion Date: Aug 2010
• Status: Work-in-Progress
• External Research Proposal:
• Program Manager : Norman Ahmed in AFRL
• Partners (Alone), Submission Date: Nov. 2009, Status: Accepted

*

6

Other NGCRC Collaborative Activities

• IEEE Workshop on Mobile Cloud Computing ( MCC) http://sis.uncc.edu/~wwang22/Conference/MCC-2010/MDM-Workshop-Index.html
• May 23, 2010 in Kansas City, Missouri ( in conjunction with MDM 2010)
• Identify security and privacy issue s in Cloud computing
• Co-Program chair : Steve Warner (IS), NGC ; General Chair Bharat Bhargava Purdue University
• Other participants included Dr. Anya Kim from Naval Research Lab, Dr. Mark Linderman from Air Force Research Lab, Prof. Ken Birman of Cornell, Prof Weichao Wang of UNCC ( co-program chair of workshop)

​

IEEE Symposium on Reliable Distributed Systems has been organized from Nov. 1-3, 2010, New Delhi, India. It will feature reliability and security research papers. NG researchers will be invited.

​

*

7

*

8