Data and Applications Security Developments and DirectionsOutline of the UnitSecure Dependable Information Management: What is it?Secure Dependable Information Management: IntegrationSlide 5Secure Dependable Information Management: Conflict ResolutionSecure Dependable Information Management Example: Next Generation AWACSSlide 8Secure Dependable Information Management: Directions for ResearchReal-time Information ManagementReal-time Data ManagementReal-time Data Management Management: Data ModelReal-time Data Management : QueryReal-time Data Management : TransactionsConflict between Security and Real-time ProcessingAspects of Data QualityData ProvenanceApplicationsSecure Sensor Information ManagementSome Attacks on Sensors and IssuesSecure Sensor CommunicationSecure Sensor Data Manager: An ArchitectureSecure Sensor Data Fusion: Inference ControlSecure Sensor Information Management: Directions for ResearchData and Applications Security Developments and DirectionsDr. Bhavani ThuraisinghamThe University of Texas at DallasLecture #28Dependable Data ManagementApril 22, 2009Outline of the UnitSecure Dependable Data ManagementSecure Real-time Data ManagementSecure Sensor Information ManagementReference-Jungin Kim, Bhavani M. Thuraisingham: Dependable and Secure TMO Scheme. ISORC 2006: 133-140-Jungin Kim, Bhavani M. Thuraisingham: Design of Secure CAMIN Application System Based on Dependable and Secure TMO and RT-UCON. ISORC 2007: 146-155-Vana Kalogeraki, Dimitrios Gunopulos, Ravi S. Sandhu, Bhavani M. Thuraisingham: QoS Aware Dependable Distributed Stream Processing. ISORC 2008: 69-75Secure Dependable Information Management:What is it?Features of Secure Dependable Information Management-secure information management-fault tolerant information Management-High integrity and high assurance computing-Real-time computing-Trust management-Data Quality-Data ProvenanceSecure Dependable Information Management:IntegrationIntegration of the different Features-Quality of Service-Need end-to-end dependability?-Dependable OS, Dependable data management, Dependable middleware, Dependable networksSecure Dependable Information Management:Integration Inference ControllerInference ControllerInference ControllerDependable Communication Subsystem Inference ControllerInference ControllerInference ControllerDependable Operating System Inference ControllerInference ControllerInference ControllerDependable Middleware / Dependable Object Request BrokerInference ControllerInference ControllerInference ControllerDependable Data ManagerInference ControllerInference ControllerInference ControllerDependable Information ManagerInference ControllerInference ControllerInference ControllerDependable ApplicationsSecure Dependable Information Management:Conflict ResolutionConflicts between different features-Security, Integrity, Fault Tolerance, Real-time Processing-E.g., A process may miss real-time deadlines when access control checks are made-Trade-offs between real-time processing and securityWhat are the problems?-Access control checks vs real-time constraints-Covert channels (Secret process could be a high priority process and an Unclassified process could be a low priority process)-Time critical process could be maliciousNeed Flexible policies-Real-time processing may be critical during a mission while security may be critical during non-operational timesSecure Dependable Information Management Example: Next Generation AWACS Technology provided by the projectTechnology provided by the projectHardwareDisplay Processor&Refresh ChannelsConsoles(14)NavigationSensorsData LinksData Analysis Programming Group (DAPG)FutureAppFutureAppFutureAppMulti-SensorTracksSensorDetectionsMSIAppDataMgmt.DataXchg.Infrastructure Services•Security being considered after the system has been designed and prototypes implemented•Challenge: Integrating real-time processing, security and fault toleranceReal-time Operating SystemSecure Dependable Information Management:IntegrationSensorSensor Data Manager ObjectSensorSecurity ServiceObjectSensorFault ToleranceService ObjectSensorReal-time Service ObjectSensorQuality ofServiceObjectSensorApplicationObjectCommunication SubsystemObject Request Broker / InfrastructureSecure Dependable Information Management: Directions for ResearchChallenge: How does a system ensure integrity, security, fault tolerant processing, and still meet timing constraints?-Develop flexible security policies; when is it more important to ensure real-time processing and ensure security?-Security models and architectures for the policies; Examine real-time algorithms – e.g.,query and transaction processing -Research for databases as well as for applications; what assumptions do we need to make about operating systems, networks and middleware?Data may be emanating from sensors and other devices at multiple locations-Data may pertain to individuals (e.g. video information, images, surveillance information, etc.)-Data may be mined to extract useful information-Privacy Preserving SurveillanceReal-time Information ManagementReal-time Operating Systems-E.g., Lynx OSReal-time Data Management-Transactions must meet timing constraints-E.g., RT-Zip (product developed in the early 1990s)Real-time Middleware-E.g., RT-ORB (www.omg.org)Real-time networks-Real-time message passingNeed end-to-end real-time processing capabilityReal-time Data ManagementSensor Data ManagerUpdate ProcessorProcesses input data, Carries out action, Stores some data in stable storage, Throws away transient dataQuery ProcessorProcesses continuous queries and gives responses periodicallyInput Data Transient DataData to and from Stable StorageContinuous QueryResponseStable Sensor Data StorageStable DependableData StorageStable Sensor Data StorageStable DependableData StorageDependable Data Manager = Real-time + Security +Fault Tolerant Data ManagerUpdate ProcessorProcesses input data, Carries out action, Stores some data in stable storage, Throws away transient dataQuery ProcessorProcesses continuous Real-time queries and gives responses periodicallyInput Data Transient DataData to and from Stable StorageContinuous QueryResponseSensor Data ManagerUpdate ProcessorProcesses input data, Carries out action, Stores some data in stable storage, Throws away transient dataQuery ProcessorProcesses continuous queries and gives responses periodicallyInput Data Transient DataData to and from Stable StorageContinuous
View Full Document
Unlocking...