Publications Courses Projects and Presentations Advanced Certificate Program
Point of Contact
Shambhu J. Upadhyaya
Director, CEISARE
shambhu@cse.buffalo.edu
|
Research Projects
-
Event Correlation for Cyber
Attack Recognition Systems (S. Upadhyaya, CSE Dept., J. Llinas, IE
Dept. M. Sudit, IE Dept.)
-
Protecting Documents from Insider Threat – A
Multiphase Approach (S. Upadhyaya, CSE Dept.)
-
Real-Time Intrusion Detection with Emphasis
on Insider Attacks (S. Upadhyaya, CSE Dept.)
-
Architecture Model for a Generic and Secure
Wireless LAN System (S. Upadhyaya, CSE Dept.)
-
Unintended Information Retrieval (R. Srihari, CSE Dept.)
-
Dimensions of Web Assurance in B2C
E-Commerce: A Comparative Study (H. Raghav Rao, MSS Dept.)
-
Intrusion
Countermeasures Security Model Based on Prioritization Scheme for
Intranet Access (H.R. Rao, MSS Dept. and S. Upadhyaya, CSE Dept.)
Research Projects - Description
Event Correlation for Cyber
Attack Recognition Systems (S. Upadhyaya, CSE Dept., J. Llinas, IE
Dept. M. Sudit, IE Dept.)
In this project, we are working with colleagues from
Industrial Engineering on the development of a demonstrable
software-system prototype that will be capable of fusing performance
and event data coming from various intrusion detection and network
management subsystems typically used in information infrastructures
with data derived from textual, open sources to give the security
analyst a broad interpretation of what is going on in his system,
and what the motivation might be behind an attack. The fusion
process involves adaptive logic that produces feedback information
that can also be used to modulate the network and open-source
sensors to increase their effectiveness. This research involves
graph theoretic approaches to threat assessment, fusion and sensor
management.
|
Protecting Documents from Insider Threat – A
Multiphase Approach (S. Upadhyaya, CSE Dept.)
This project develops a comprehensive document control and
management system through several innovative schemes for secure
access, on-line monitoring and support for log-based forensics. The
uniqueness of the approach is the security consideration throughout
the life cycle of a document, viz., pre-document access phase,
mid-document access phase and post-document access phase. We are
applying the concept of user profiling, document profiling and
role-based access control mechanisms to accomplish the goals. The
expected outcomes of this research are: more accurate modeling and
mitigation of insider threat (graph-based), protection against
subversion/circumvention of the monitoring mechanism itself
(structural knowledge) and post-attack trace-back for attack
identification (forensics) as applicable to the realm of document
control.
|
Real-Time Intrusion Detection with Emphasis
on Insider Attacks (S. Upadhyaya, CSE Dept.)
Intrusion detection forms one facet of security measures to combat
cyber threat. We have been working on a novel security system based
on the encapsulation of user's intent, which can be readily used as
a concise reference for monitoring of intrusions. Moving away from
the traditional method of detecting intrusions through low level
network and other resource audit, to a much higher level results in
more complete semantic perspective of what the user wants to
accomplish. By actively querying the user for his intent, one will
be able to build a small and manageable set of assertions so that
the search space is more focused and the system is able to respond
faster, make fewer mistakes and scale well. The science and
engineering aspect of this research is rooted in:
1) Martingale theory
2) engineering methodologies for scalability
3) reasoning for effective discrimination between legitimate users
and intruders,
and finally
4) implementation, testing and revisions.
|
Architecture Model for a Generic and Secure
Wireless LAN System (S. Upadhyaya, CSE Dept.)
Existing WLAN security schemes are few and product specific. While
there are some schemes for dealing with problems relating to
Information Integrity, there are hardly any standard solutions for
security problems relating to Quality of Service and Network Health
Maintenance in Wireless Networks. In the absence of strong
standards, the existing approach to general WLAN security is vendor
specific. Different manufacturers provide their own specific set of
security features for their products. In this research, we propose
an architecture model for Secure WLANs that is generic in its
design, so that it can be easily incorporated into the existing
systems, and low cost, hence feasible and easy to implement. We
propose a framework to deal with Intrusion Detection, Malicious
Behavior Detection, Maintaining QoS and Network Health and Admission
Control. The model presents a unique solution for dealing with
Denial of Service Attacks on Access Points. A unique behavior
Monitoring scheme has been developed and tested by us, which
validates the model.
|
Unintended Information Retrieval (R.
Srihari, CSE Dept.)
The problem of unintended information revelation (UIR) is a special
case of text mining where the documents represent some pre-selected
subset of interest to a user, generated through purposeful querying
or surfing. The goal is to quantify the information revealed by this
subset, and detect significant chains of concepts and associations.
This project will impact several applications, most notably homeland
defense applications. The UIR toolkit will expose sensitive
information available on unclassified websites. It can also be used
to ascertain that information is benign, or safe to disseminate.
Applications in discovery from scientific documents are also
enabled.
|
Dimensions of Web Assurance in B2C
E-Commerce: A Comparative Study (H. Raghav Rao, MSS Dept.)
The goal of this project is to analyze the extent of implementation
of assurance services in select Fortune 1000 B2C firms, identify any
possible pattern that may exist between Company characteristics
(industry type, size, and reputation) and assurance service
dimensions (security, privacy and business integrity). The study
conducted in this project has a two-fold contribution. We believe it
is among the first to (a) investigate the extent of implementation
of third party assurance services in B2C e-commerce Company Websites
and (b) determine the presence of possible patterns in the extent of
implementation of assurance services in selected Fortune 1000 B-C
Companies in the following four sectors -- Computers and office
equipment, General merchandisers, Specialty retailers, and Apparel.
|
Intrusion
Countermeasures Security Model Based on Prioritization Scheme for
Intranet Access (H.R. Rao, MSS Dept. and S. Upadhyaya, CSE Dept.)
The focus of this joint research with a colleague from the School of
Management is security of corporate Intranets. Using role based
access control as a base we develop a framework of interaction of
various entities in the model. Alerts are a critical element of a
real-time response, but how alert engines operate and filter tons of
log data decides the effectiveness of such infrastructure. Our work
incorporates priority schemes into alert mechanisms to develop a
more effective intrusion countermeasure against misuse and attack.
It leverages the enterprise’s investment in security technology to
develop an optimized solution to respond to those attacks, by
advising the enterprise’s on-site administrators.
|
Education
Information Assurance Scholarship Program
and Capacity Building in Computer Security (S. Upadhyaya, CSE Dept.
and H.R. Rao, MSS Dept.)
This grant covers a total of four IA scholarships (two in 2002-03
and two additional ones in 2003-04). The capacity building part in
2002-04 includes the development of a new course, a laboratory and a
Certificate Program in IA and the capacity building in 2003-04
includes the development of a new course in Wireless Network
Security and planning for a Wireless Security Laboratory. The
Certificate Program is expected to be available in Fall 2004 and is
briefly described in the following.
|
|