Emerging NCSA Security R&D

NSF CyberSecurity SummitSeptember 28th, 2004

Von Welchvwelch@ncsa.uiuc.edu

Sep 27, 2004 2NCSA Emerging Security R&D

About this presentation• Overview of a number of technologies

being developed by a number of groups at NCSA

• Seeking to find consumers, foster communication and collaboration

• Purpose is to give quick overview of each project to spur interest

• Please contact myself or project lead/PI listed for a given project for more information

Sep 27, 2004 3NCSA Emerging Security R&D

• National Center for Advanced Secure Systems Research

• ONR-funded multi-organization security R&D center led by NCSA

• Partners include University of Illinois at Urbana-Champaign, Battelle Pacific Northwest Division, InfoAssure Inc., the University of Tennessee, and the Naval Postgraduate School

• http://www.ncassr.org

Sep 27, 2004 4NCSA Emerging Security R&D

Security R&D Projects

• ONR-funded Technology Research Education Commercialization Center

• http://www.trecc.org

• NSF Middleware Initiative

• http://www.nsf-middleware.org/

Sep 27, 2004 5NCSA Emerging Security R&D

MAIDS: Mining Alarming Incidents in Data Streams

Datamining applied to streams

MAIDS is aimed to:• Discover changes, trends and

evolution characteristics in data streams

• Construct clusters and classification models from data streams

• Explore frequent patterns and similarities among data streams

MAIDS is being applied to NCSA’s network flow data in order to be trained to automatically detect incidents

Contact: Michael Welge welge@ncsa.uiuc.edu

Sep 27, 2004 6NCSA Emerging Security R&D

SIFT• Security Incident Fusion Tool

(SIFT)• Framework and tools for

combination of flow and log data from multiple sources and coherent visualization

• Software available from: http://www.ncassr.org/projects/sift/

• Contact: Bill Yurcik (yurcik@ncsa.uiuc.edu)

Sep 27, 2004 7NCSA Emerging Security R&D

SELS: A Secure Email List ServiceContact: Himanshu Khurana hkhurana@ncsa.uiuc.edu

• Mail List Security– Confidentiality: Solution using proxy encryption techniques

whereby the plaintext is not exposed at list server; instead, list server simply transforms encrypted messages

– Integrity and authentication: Solution using digital signatures where certificate validation is provided by list server

– Anti-spamming: Solution using digital signatures and HMACs where list server discards any message not sent by a valid subscriber

• Prototype (Java)– Email client plugins for JavaMail and Eudora currently being

developed– Evaluating available list server software for plugin development

Himanshu Khurana

Sep 27, 2004 8NCSA Emerging Security R&D

MyProxy: Grid Credential Management

• Stores Grid X.509 credentials

• Retrieval through SASL/PAM allows for authentication via OTP, password, Kerberos

• Allows bridging between authentication domains

• Contact: Jim Basney (jbasney@ncsa.uiuc.edu)

MyProxy

OTP, Krb5,Password

X.509 GridCredential

Sep 27, 2004 9NCSA Emerging Security R&D

Grid-Shib: Grid-Shibboleth Integration

• Integration of Internet2’s Shibboleth with Globus Toolkit

• Funded by NSF NMI program• Allow for use of Shibboleth-served attributes in

Grid authorization– Allow leveraging of Shibboleth software and

deployments to support Grids– Utilizing Web Services security standards (SAML)

• Contact: Von Welch (vwelch@ncsa.uiuc.edu)

Sep 27, 2004 10NCSA Emerging Security R&D

Other activities• Software-defined radio policy

enforcement– Von Welch (vwelch@ncsa.uiuc.edu)

• Security Middleware for sensors– Himanshu Khurana

(hkurana@ncsa.uiuc.edu)

• Secure Grid Laboratory– Testbed for deployment and testing– Randy Butler (rbutler@ncsa.uiuc.edu)

Sep 27, 2004 11NCSA Emerging Security R&D

For more information• http://www.ncassr.org

• Or contact me for routing– vwelch@ncsa.uiuc.edu