Data and Applications Security Developments and Directions
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Dependable Data Management
November 12, 2010
Outline of the Unit
Secure Dependable Data Management Secure Real-time Data Management Secure Sensor Information Management Reference
- Jungin Kim, Bhavani M. Thuraisingham: Dependable and Secure TMO Scheme. ISORC 2006: 133-140
- Jungin Kim, Bhavani M. Thuraisingham: Design of Secure CAMIN Application System Based on Dependable and Secure TMO and RT-UCON. ISORC 2007: 146-155
- Vana Kalogeraki, Dimitrios Gunopulos, Ravi S. Sandhu, Bhavani M. Thuraisingham: QoS Aware Dependable Distributed Stream Processing. ISORC 2008: 69-75
Secure Dependable Information Management:What is it?
Features of Secure Dependable Information Management
- secure information management
- fault tolerant information Management
- High integrity and high assurance computing
- Real-time computing
- Trust management
- Data Quality
- Data Provenance
Secure Dependable Information Management:Integration
Integration of the different Features
- Quality of Service
- Need end-to-end dependability?
- Dependable OS, Dependable data management, Dependable middleware, Dependable networks
Secure Dependable Information Management:Integration
Inference ControllerInference ControllerInference Controller
Dependable Communication Subsystem
Inference ControllerInference ControllerInference Controller
Dependable Operating System
Inference ControllerInference ControllerInference Controller
Dependable Middleware / Dependable Object Request Broker
Inference ControllerInference ControllerInference Controller
Dependable Data Manager
Inference ControllerInference ControllerInference Controller
Dependable Information Manager
Inference ControllerInference ControllerInference Controller
Dependable Applications
Secure Dependable Information Management:Conflict Resolution
Conflicts between different features
- Security, Integrity, Fault Tolerance, Real-time Processing
- E.g., A process may miss real-time deadlines when access control checks are made
- Trade-offs between real-time processing and security What are the problems?
- Access control checks vs real-time constraints
- Covert channels (Secret process could be a high priority process and an Unclassified process could be a low priority process)
- Time critical process could be malicious Need Flexible policies
- Real-time processing may be critical during a mission while security may be critical during non-operational times
Secure Dependable Information Management Example: Next Generation AWACS
Technology
provided by
the project
Technology
provided by
the project
Hardware
Display Processor
&Refresh
Channels
Consoles(14)
Navigation
Sensors
Data LinksData Analysis Programming
Group (DAPG)
FutureApp
FutureApp
FutureApp
Multi-SensorTracks
SensorDetections
MSIApp
DataMgmt. Data
Xchg.
Infrastructure Services
•Security being considered after the system has been designed and prototypes implemented
•Challenge: Integrating real-time processing, security and fault tolerance
Real-time Operating System
Secure Dependable Information Management:Integration
SensorSensor Data Manager Object
SensorSecurity ServiceObject
SensorFault
ToleranceService Object
SensorReal-time Service Object
SensorQuality ofService
ObjectSensorApplicationObject
Communication SubsystemObject Request Broker / Infrastructure
Secure Dependable Information Management: Directions for Research
Challenge: How does a system ensure integrity, security, fault tolerant processing, and still meet timing constraints?
- Develop flexible security policies; when is it more important to ensure real-time processing and ensure security?
- Security models and architectures for the policies; Examine real-time algorithms – e.g.,query and transaction processing
- Research for databases as well as for applications; what assumptions do we need to make about operating systems, networks and middleware?
Data may be emanating from sensors and other devices at multiple locations
- Data may pertain to individuals (e.g. video information, images, surveillance information, etc.)
- Data may be mined to extract useful information
- Privacy Preserving Surveillance
Real-time Information Management
Real-time Operating Systems
- E.g., Lynx OS Real-time Data Management
- Transactions must meet timing constraints
- E.g., RT-Zip (product developed in the early 1990s) Real-time Middleware
- E.g., RT-ORB (www.omg.org) Real-time networks
- Real-time message passing Need end-to-end real-time processing capability
Real-time Data Management
Sensor Data Manager
Update ProcessorProcesses input data, Carries out action, Stores some data in stable storage, Throws away transient data
Query ProcessorProcesses continuous queries and gives responses periodically
Input Data Transient Data
Data to and from Stable Storage
Continuous QueryResponse
Stable Sensor Data StorageStable DependableData StorageStable Sensor Data StorageStable DependableData Storage
Dependable Data Manager = Real-time + Security +Fault Tolerant Data Manager
Update ProcessorProcesses input data, Carries out action, Stores some data in stable storage, Throws away transient data
Query ProcessorProcesses continuous Real-time queries and gives responses periodically
Input Data Transient Data
Data to and from Stable Storage
Continuous QueryResponse
Sensor Data Manager
Update ProcessorProcesses input data, Carries out action, Stores some data in stable storage, Throws away transient data
Query ProcessorProcesses continuous queries and gives responses periodically
Input Data Transient Data
Data to and from Stable Storage
Continuous QueryResponse
Stable Sensor Data StorageStable DependableData StorageStable Sensor Data StorageStable DependableData Storage
Dependable Data Manager = Real-time + Security +Fault Tolerant Data Manager
Update ProcessorProcesses input data, Carries out action, Stores some data in stable storage, Throws away transient data
Query ProcessorProcesses continuous Real-time queries and gives responses periodically
Input Data Transient Data
Data to and from Stable Storage
Continuous QueryResponse
Real-time Data Management Management:Data Model
Data models such as relational and object models have time parameters
Data has timestamp as to when it was last updated Data must be kept current and updated to meet timing
constraints
- E.g., Data cannot be more than 1 day old Data processing algorithms (e.g., methods in an object
model) must meet timing constraints
- E.g., queries and transactions have to complete within a certain time
Real-time Data Management :Query
Queries have to meet timing constraints Certain queries may be more important than the others
- E.g. queries with short timing constraints Queries are processed in such a way that all queries must
meet the deadlines as much as possible What happens if the deadlines are not met?
Real-time Data Management :Transactions
Transactions have to meet timing constraints Transactions are assigned priorities depending on their
deadlines
- Those with shorter deadlines may be given higher priorities
Transactions with higher priorities are given resources such as locks’
If transactions T1 has priority 8 and Transactions T2 has priority 5 and if both are competing for locks at these same time, T1 is given the lock
If T1 is waiting for a lock that T2 has, then should T2 be aborted and the lock given to T1?
Conflict between Security and Real-time Processing
Suppose transaction T1 has priority 8 and Transactions T2 has priority 5
Assume that T2 is Unclassified and T1 is Secret If T1 is waiting for a lock that T2 has, then one possibility is to
abort T2 and give the lock to T1 However T2 is Unclassified. Therefore actions of a Secret
transaction have interfered with those of an unclassified transaction – potential for covert challenges
Should the system ensure that deadlines are met or should the system ensure security?
Access control checks also take time. Therefore in case of emergency should these checks be ignored?
Malicious code may tamper with the real-time constraints
Aspects of Data Quality
Annotations:Use annotations to specify data quality Parameters;Develop an algebra for data quality
Data Mining:Data mining to improve data quality;Need good quality data to carry out usefuldata mining
Components ofAspects of Data Quality
Semantic web and data quality:Data quality for the layers:XML, RDF, Ontologies, Interoperability, Query/Rules
Security and data quality:Tradeoffs between ensuring data quality and confidentiality;Quality of service managementtechniques
Data Provenance
Keep track of where the data has come from and who has handled the data
- Data source and how the data has arrived to the current positions
- From A to B to C to D etc. Use annotations for data provenance: document data
- Can you trust the data source?
- Has misinformation been given and if so at which point?
- Has data been misused?
Applications
Protecting Critical Infrastructures
- Power lines and Grids
- Telecommunications
- Food and water supplies
- Reservoirs
- Gas supplies
- National Information Infrastructures Protecting Information for the War fighters and Missions
- Getting the right and secure information at the right time
Secure Sensor Information Management Sensor network consists of a collection of autonomous and
interconnected sensors that continuously sense and store information about some local phenomena
- May be employed in battle fields, seismic zones, pavements Data streams emanate from sensors; for geospatial applications
these data streams could contain continuous data of maps, images, etc. Data has to be fused and aggregated
Continuous queries are posed, responses analyzed possibly in real-time, some streams discarded while rest may be stored
Recent developments in sensor information management include sensor database systems, sensor data mining, distributed data management, layered architectures for sensor nets, storage methods, data fusion and aggregation
Secure sensor data/information management has received very little attention; need a research agenda
Some Attacks on Sensors and Issues
Some attacks
- Access control violations, Denial of service attacks, Sensor protocol attacks, Hardware attacks
Sensors are often places in enemy territory and are prone to various types of attacks including terrorist physical attacks
Sensors also have limited memory and resources and therefore attacks could cause many problems with little backup procedures
Wireless sensors are a special types of sensors embedded into PDAs and other devices
- Many issues and challenges similar for sensors and wireless sensors
- Need to carry out a comparison of the security issues involved
Secure Sensor Communication
Cluster A: Unclassified SensorsCluster B: Classified Sensors
aSensor
aSensor
Communication Subsystem
SensornManager
Sensor Data
Sensor
Sensor Data
Sensor
Communication Subsystem
SensorDataManager
SensoronManager
SensorDataManager
aSensor
aSensor
Communication Subsystem
Sensor
ManagerSensor Data
Sensor
Sensor Data
Sensor
Communication Subsystem
SensorDataManager
SensornManager
SensorDataManager
aSensor
aSensor
Communication Subsystem
SensornManager
Sensor Data
Sensor
Sensor Data
Sensor
Communication Subsystem
SensorDataManager
SensoronManager
SensorDataManager
aSensor
aSensor
Communication Subsystem
Sensor
ManagerSensor Data
Sensor
Sensor Data
Sensor
Communication Subsystem
SensorDataManager
SensornManager
SensorDataManager
Cluster A: Unclassified SensorsCluster B: Classified Sensors
aSensor
aSensor
Communication Subsystem
SensornManager
Sensor Data
Sensor
Sensor Data
Sensor
Communication Subsystem
SensorDataManager
SensoronManager
SensorDataManager
aSensor
aSensor
Communication Subsystem
Sensor
ManagerSensor Data
Sensor
Sensor Data
Sensor
Communication Subsystem
SensorDataManager
SensornManager
SensorDataManager
aSensor
aSensor
aSensor
aSensor
Communication Subsystem
SensornManager
Sensor Data
Sensor
Sensor Data
Sensor
Communication Subsystem
SensorDataManager
SensoronManager
SensorDataManager
aSensor
aSensor
Communication Subsystem
Sensor
ManagerSensor Data
Sensor
Sensor Data
Sensor
Communication Subsystem
SensorDataManager
SensornManager
SensorDataManager
aSensor
aSensor
Communication Subsystem
SensornManager
Sensor Data
Sensor
Sensor Data
Sensor
Communication Subsystem
SensorDataManager
SensoronManager
SensorDataManager
aSensor
aSensor
Communication Subsystem
Sensor
ManagerSensor Data
Sensor
Sensor Data
Sensor
Communication Subsystem
SensorDataManager
SensornManager
SensorDataManager
Secure Sensor Data Manager: An Architecture
MultilevelSensor Data
Trusted Agentto computechecksums
Sensor
Data Manager
Sensor
Data ManagerCompute ChecksumBased on stream data valueand Security level;Store Stream data value, Security level and Checksum
Compute ChecksumBased on stream data valueand Security level retrievedfrom the stored sensor database
Secure Sensor Data Fusion:Inference Control
Stable Sensor Data Storage
Sensor Data Manager
Data to and from Stable Storage
Stable Sensor Data Storage
Update Processor
Data to and from Stable Storage
Query Processor
Security Manager
Inference ControllerInference Controller
Stable Sensor Data Storage
Sensor Data Manager
Data to and from Stable Storage
Stable Sensor Data Storage
Update Processor:Processes constraintsand enters sensor data at the appropriate levels
Data to and from Stable Storage
Query Processor:Processes constraints during query operation and prevent certain information from being retrieved
Security Manager:Managesconstraints
Inference Controller
Inference Controller:Controls aggregation
Secure Sensor Information Management: Directions for Research
Individual sensors may be compromised and attacked; need techniques for detecting, managing and recovering from such attacks
Aggregated sensor data may be sensitive; need secure storage sites for aggregated data; variation of the inference and aggregation problem?
Security has to be incorporated into sensor database management
- Policies, models, architectures, queries, etc. Evaluate costs for incorporating security especially when the sensor
data has to be fused, aggregated and perhaps mined in real-time Suspicious event detection and Privacy preserving surveillance
Top Related