Intrusion Detection with Emphasis on Insider Attacks
(completed). We have
worked on a novel security system based on the encapsulation of
owner's intent, which can be readily used as a concise reference
for monitoring of intrusions. Moving away from the traditional
method of detecting intrusions through low level network and
other resource audit, to a much higher level results in the
semantic perspective of what the user wants to accomplish. By
actively querying the user for his intent, one will be able to
build a small and manageable set of assertions so that the
search space is more focused and the system is able to respond
faster, make fewer mistakes and scale well.
Chinchani (Ph.D., May 2005), A. Muthukrishnan (M.S., June 2004),
M. Chandrasekaran (M.S., June 2004); Under Supervision of Shambhu Upadhyaya
IWIA 2003, ACSAC 2004, Managing Cyber Threats, Springer 2005
(2003-05), AFRL (2000-06)
Correlation for Cyber Attack Recognition Systems (completed).
We have developed a
demonstrable software-system prototype that is capable of fusing
performance and event data coming from various intrusion
detection and network management subsystems typically used in
information infrastructures with data derived from textual, open
sources to give the security analyst a broad interpretation of
what is going on in his system, and what the motivation might be
behind an attack. The fusion process involves adaptive logic
that produces feedback information that can also be used to
modulate the network and open-source sensors to increase their
effectiveness. This research involves graph theoretic approaches
to threat assessment, fusion and sensor management.
Mathew (Ph.D. July 2009) and C. Shah (M.S., Jan.
2005); Under Supervision of Shambhu Upadhyaya, Moise
Sudit, Jim Llinas
IWIA 2005, SIMA 2005, ACM VizSec 2006, Milcom 2009, Milcom 2010
(2004-06), AFRL (2004-06)
Documents from Insider Threat – A Multiphase Approach
project has developed a comprehensive document control and
management system through several innovative schemes for secure
access, on-line monitoring and support for log-based forensics.
The uniqueness of the approach is the security consideration
throughout the life cycle of a document, viz., pre-document
access phase, mid-document access phase and post-document access
phase. We have applied the concept of user profiling, document
profiling and role-based access control mechanisms to accomplish
the goals. The outcomes of this research are: more accurate
modeling and mitigation of insider threat (graph-based),
protection against subversion/circumvention of the monitoring
mechanism itself (structural knowledge) and post-attack
trace-back for attack identification (forensics) as applicable
to the realm of document control.
Pramanik (Ph.D., Aug. 2007), S. Vidyaraman (Ph.D., Feb. 2008),
N. Shah (M.S., June 2004), A. Garg (Ph.D., June 2006); Under
Supervision of Shambhu Upadhyaya
Symposium 2004, ACSAC 2004, IA Symposium 2006, ICC 2006, IFIP
Digital Forensics 2008
User-Centered Security Design Techniques (completed).
The field of security has
many theories that are both sound and complete, yet their
implementation is of concern in modern day systems. The game
theoretic models developed in this project take into account the
preferences of the users and the goals of the system/security
mechanism; each of the models is tuned towards the goal of
providing a technically meaningful solution by actively
involving the users in the loop. This project is a major step
forward in solving the decade old problem of the weak human
factor that has received little technical attention beyond mere
education of users.
Vidyaraman (Ph.D., June 2008); Under Supervision of
2006, Ubisafe 2007, ESORICS 2007, MMM-ACNS 2010
Force Research Laboratory (2004-08)
Defect and Fault
Modeling of RF Circuits (completed).
A number of problems in the VLSI Testing area are better addressed by
empirical studies and simulation. Defect based testing has been
now recognized as a very effective test approach for deep
sub-micron integration technology due to its ability to focus on
realistic faults. In this research, we have looked at front-end
RF components and with the help of layout level analysis tools,
conducted empirical analysis to model realistic failures. This
research has involved the defect analysis and fault model
extensions of both active and passive circuit elements.
Sundararaman (M.S., May 2004), R. Bhowmick (M.S., June 2005), S.
Gopalakrishnan (Dec. 2006); Under Supervision of Shambhu
ISQED 2004, NATW 2004, DFTS 2006, Jetta 2008
Microelectronics Design Center, University of Rochester
Threats and Reasoning about Intrusions. We
have developed a theory of insider threat assessment. This is
the first such work which systematically and specifically
addressed insider threat. The team has developed a modeling
methodology which captures several aspects of insider threat,
and subsequently makes an assessment to reveal possible attack
strategies of an insider in an organization. The current focus
is insider threat detection in database systems by
monitoring user's data access patterns.
Chinchani (Ph.D., May 2005), S. Pramanik (Ph.D., Aug. 2007), S.
Mathew (Ph.D., July 2009); Under Supervision of Shambhu
Upadhyaya and Hung Ngo
2005, IEEE DSN 2005, Fusion 2008, RAID 2010
A Behavior Based
Methodology to Mitigate Internet Attacks.
In this project, a unified
behavior based framework for mitigating Internet based threats
is being developed. The main goal of this research is to develop
an attack-agnostic framework to address all facets of security –
viz. attack protection, detection, response and forensics. The
impact of this research is a set of solutions to mitigate the
common Internet based threats – phishing, zero-day attacks,
spyware and information leak.
Chandrasekaran (Ph.D., May 2009), N. Pulera (M.S., June 2008),
(H. Alkebulan, M.S., Dec. 2008); Under Supervision of
Ubisafe 2006, Malware 2007 (Best Paper Award)
and Trusted Communications in Wireless Networks.
In this project, we adopt a
"data-first" approach for improving robustness and security
guarantees in wireless communications: it provides solutions for
robust data delivery under several threat and failure models
associated with diverse network settings. The emphasis is on
mitigating risks from exploits that target open-air properties
of the wireless media. Two parallel streams of work address
dominant data communication and design issues in Wireless Data
Networks (WDNs, which include Mobile Ad-hoc and Wireless Mesh
Networks) and Wireless Sensor Networks (WSNs).
Virendra (Ph.D., June 2008), R. Mehresh (M.S., June 2009); Under Supervision of
SKM 2006, ICC
2007, MMM-ACNS 2007, SKM 2010
Force Research Laboratory (2007-09)
Techniques for Rapid Mitigation of Phishing and Spam Emails.
Phishing scams pose a
serious threat to end-users and commercial institutions alike.
Current software based solutions that operate at application
space to detect such emails using rule-based techniques are not
very effective. We aim at detecting phishing attacks
based on the semantic and structural properties present in the
content of the phishing emails. Our solution is hardware based
and can be implemented at the gateways. For this purpose, we
are trying to implement some basic theories such
as Simulated Annealing, Bayesian Learning, and Associative Rule
Mining in the hardware by exploiting the inbuilt pipelining,
scheduling and other accelerator capabilities and the micro
engines of the Tolapai processor.
Chandrasekaran (Ph.D., May 2009), A. Nagrale (M.S., Feb.
2010), P. Gupta (M.S., Feb. 2010), H. Nagarajaiah (M.S.,
June 2010), V. Keshavamurthy (M.S., June 2011); J. Parikh
(M.S., expected December 2011); D. Yip (BS, expected June
2012); Under Supervision
of Shambhu Upadhyaya
Workshop co-located at IEEE SRDS 2009; DCNMS 2011 Workshop
co-located at IEEE SRDS 2011
Intel Corporation (2008-10)
Robustness of Localization Techniques for Emergency Sensor
advancement in radio and processor technology has seen the rise
of Wireless Sensor Networks (WSN) as a reliable and
cost-effective tool for real-time information gathering and
analysis tasks during emergency scenarios like natural
disasters, terrorist attacks, military conflicts, etc.
Post-deployment localization is extremely important and
necessary in such applications. But, current distributed
localization approaches are not designed for such highly hostile
and dynamic network conditions. This project studies the adverse
effects of factors like cheating beacon node behavior, node
disablement and measurement inconsistencies on the corresponding
localization protocols and attempts to provide simple and
efficient solutions, both in terms of computation and resource
requirements, to overcome each of these problems.
Jadliwala (Ph.D., Sept. 2008); Under Supervision of
IJSNET 2007, SRDS 2007, INFOCOM 2008, WiSec 2009, F2DA Workshop
co-located at IEEE SRDS 2009
Recovery. In this
project, we develop a new game-changing methodology, viz. secure
proactive recovery, which can be built into future
mission-critical systems as a contingency plan. Our solution is
being realized through a hardware-supported design of consensus
protocols to make them immune to attacks and deception by an
adversary. In order to minimize overhead and enhance
performance, we utilize redundant hardware that may be found in
today’s self-testing processor ICs towards tamper-proofing the
Mehresh (Ph.D., Started Sept. 2009), K. Kamana (M.S., June
2010), M. Pothukolu (M.S., June 2010), H. Mulukutla (M.S.,
June 2010); J. Jagadheeshwar Rao (M.S., June 2011); Sulaksh
Natarajan (M.S., June 2011); Under Supervision of Shambhu Upadhyaya
Third International Workshop on Dependable Network
Computing and Mobile Systems (DNCMS 2010) co-located at IEEE
SRDS 2010; SAM 2011
Force Research Laboratory (2009-10)
Methods-Based Common Criteria Certification Framework for a
Separation Kernel. The
project will study the Open Kernel Lab’s OKL4 separation kernel
and develop a framework of the formal proof artifacts necessary
to obtain Common Criteria EAL 6+ certification of OKL4 to the
SKPP v1.03 specification. Phase 2 will look at the design of
secure application on top of the kernel using the concept of
Kudari (M.S., Sept. 2010), P. Nataraj (M.S., June 2010), V.
Krishnamurthy (M.S., June. 2011); P. Dabade (M.S. expected
December 2011); Under
Supervision of Shambhu Upadhyaya
Harris Corporation, Rochester, NY