Access Control Convergence: Challenges and Opportunities
Ravi Sandhu, University of Texas San Antonio, United States
VEST: An Early Warning System for Future Cyber-Attacks
V. S. Subrahmanian, Dartmouth College, United States
Privacy-Preserving Analytics in the Big Data Environment
Jaideep Vaidya, MSIS, Rutgers Business School, United States
Access Control Convergence: Challenges and Opportunities
Ravi Sandhu
University of Texas San Antonio
United States
Brief Bio
Ravi Sandhu is Professor of Computer Science, Executive Director of the Institute for Cyber Security and Lead PI of the NSF Center for Security and Privacy Enhanced Cloud Computing at the University of Texas at San Antonio, where he holds the Lutcher Brown Endowed Chair in Cyber Security. Previously he served on the faculty at George Mason University (1989-2007) and Ohio State University (1982-1989). He holds BTech and MTech degrees from IIT Bombay and Delhi, and MS and PhD degrees from Rutgers University. He is a Fellow of IEEE, ACM and AAAS, and has received numerous awards from IEEE, ACM, NSA, NIST and IFIP, including the 2018 IEEE Innovation in Societal Infrastructure award for seminal work on role-based access control (RBAC). A prolific and highly cited author, his research has been funded by NSF, NSA, NIST, DARPA, AFOSR, ONR, AFRL, ARO and private industry. His seminal papers on role-based access control established it as the dominant form of access control in practical systems. His numerous other models and mechanisms have also had considerable real-world impact. He served as Editor-in-Chief of the IEEE Transactions on Dependable and Secure Computing, and previously as founding Editor-in-Chief of ACM Transactions on Information and System Security. He was Chairman of ACM SIGSAC, and founded the ACM Conference on Computer and Communications Security, the ACM Symposium on Access Control Models and Technologies and the ACM Conference on Data and Application Security and Privacy. He has served as General Chair, Steering Committee Chair, Program Chair and Committee Member for numerous security conferences. He has consulted for leading industry and government organizations, and has lectured all over the world. He is an inventor on 31 security technology patents and has accumulated over 39,000 Google Scholar citations for his papers. At UTSA his team seeks to pursue world-leading research in both the scientific foundations of cyber security and their applications in diverse 21st century cyber technology domains, including cloud computing, internet of things, autonomous vehicles, big data and blockchain. Particular focus is on foundations and technology of attribute-based access control (ABAC) as a successor to RBAC in these contexts. His web site is at www.profsandhu.com.
Abstract
There have been a handful of ground-breaking concepts in access control over the past half century which have received significant traction in practical deployments. These include the fundamental policy-mechanism and operational-administrative distinctions, along with the authorization models of discretionary access control (DAC), mandatory access control (MAC), role-based access control (RBAC), attribute-based access control (ABAC) and relationship-based access control (ReBAC). In this talk we will argue that modern cyber systems require an effective convergence of these concepts, in that they must coexist in mutually supportive synergy. We will highlight some challenges and opportunities in making this vision a practical reality.
VEST: An Early Warning System for Future Cyber-Attacks
V. S. Subrahmanian
Dartmouth College
United States
Brief Bio
V.S. Subrahmanian is the Dartmouth College Distinguished Professor in Cybersecurity, Technology, and Society and Director of the Institute for Security, Technology, and Society at Dartmouth. He previously served as a Professor of Computer Science at the University of Maryland from 1989-2017 where he also served for 6+ years as Director of the University of Maryland's Institute for Advanced Computer Studies. Prof. Subrahmanian is an expert on big data analytics including methods to analyze text/geospatial/relational/social network data, learn behavioral models from the data, forecast actions, and influence behaviors with applications to cybersecurity and counter-terrorism. He has written six books, edited ten, and published over 300 refereed articles. He is a Fellow of the American Association for the Advancement of Science and the Association for the Advancement of Artificial Intelligence and has received numerous other honors and awards. His work has been featured in numerous outlets such as the Baltimore Sun, the Economist, Science, Nature, the Washington Post, American Public Media and more. He serves on the editorial boards of numerous journals including Science, and currently serves on the Board of Directors of SentiMetrix, Inc. and on the Research Advisory Board of Tata Consultancy Services. He previously served on the Board of Directors of the Development Gateway Foundation (set up by the World Bank), DARPA's Executive Advisory Council on Advanced Logistics and as an ad-hoc member of the US Air Force Science Advisory Board.
Abstract
We consider the problem of predicting cyber-attacks based on known Common Vulnerability & Exposure (CVE) numbers. Given a CVE, we wish to answer 3 questions: (i) Will the CVE be exploited by malicious hackers? (ii) If so, when? (iii) How severe will the attack be? The answers to these questions are critical for almost all companies with significant software/hardware investments, for manufacturers of those software/hardware components, and for governments of the nations involved. In this talk, I will primarily focus on when a vulnerability will be exploited. Using a 23-month dataset gleaned from 5 sources, I will present a novel family of CAT (CVE-Author-Tweet) graphs. Each CAT graph has a massive associated system of recursive equations whose solution yields ``popularity scores’’ for the CVE-Author-Tweet nodes in the graph. Using these scores for different CAT graphs, we show a model that can predict when a vulnerability will be exploited – and we will use real world case studies to illustrate the efficacy of the approach. The talk will briefly describe progress on problems (i) and (iii) as well.
Privacy-Preserving Analytics in the Big Data Environment
Jaideep Vaidya
MSIS, Rutgers Business School
United States
Brief Bio
Jaideep Vaidya is a Professor in the MSIS Department at Rutgers University. He received the B.E. degree in Computer Engineering from the University of Mumbai, the M.S. and Ph.D. degree in Computer Science from Purdue University. His general area of research is in security, privacy, data mining, and data management. He has published over 170 technical papers in peer-reviewed journals and conference proceedings, and has received several best paper awards from the premier conferences in data mining, databases, digital government, security, and informatics. He is an ACM Distinguished Scientist, an IEEE Fellow and is the Editor in Chief of the IEEE Transactions on Dependable and Secure Computing.
Abstract
In the current digital age, data is continually being collected by organizations and governments alike. While the goal is to use this data to derive insight and improve services, the ubiquitous collection and analysis of data creates a threat to privacy. Furthermore, the digitization and centralization of data creates attractive targets for cyber criminals, with security breaches harming both individuals and organizations. In this talk, we present a vision for how privacy-preserving analytics can be done in the big data environment which will require a combination of technological advances to ensure both process and output privacy as well as socio-cognitive approaches to ensure the widespread use and deployment of such work.