Context based Adaptable Defense against Collaborative Attacks

Context based Adaptable Defense against Collaborative Attacks in Service Oriented Architecture PIs: Bharat Bhargava Purdue University 02/11/23 1st Annual Northrop Grumman Cybersecurity Research Consortium Symposium Progress Report 2010 CERIAS security center and Computer Science department, [email protected] 1

Project Overview Problem Statement Develop and experiment with algorithms for survivability and recovery that provide information assurance, integrity of data and communication, confidentiality, and reliability in the presence of coordinated attacks in SoA. Proposes adaptable schemes based on context. Goals & Objectives Contributes to security in Cloud and SoA environment. Investigate scenarios of Advanced Persistent Threats (APT)and develop defense strategies against them. Build prototype to demonstrate. This will lead to collaboration with NGC IRAD efforts . Study cyber situation awareness ( CSA). Apply these ideas to the use case: Safeguarding Electronic Health Records 02/11/23 2

Accomplished Research Milestones APT and coordinated attack – Three advanced persistent threats have been analyzed. Identification of intruder in cyber network has been completed. The detection of coordinated attacks has been studied. Defense schemes are to be studied. The APT of Fast flex attacks is based on a real world Storm Worm attack. The APT scenarios will be implemented in prototype and the defense mechanisms will be demonstrated in their capabilities. This leads to collaboration with NGC IRAD efforts. It will contribute to cyber genome project that can lead to proposals for Department of Defense. Completion date August, 2011. Security and Privacy in Cloud Computing. – Privacy and Identity Management in Cloud. Two ideas have been studied: Use 3 predicate over encrypted data, permitting the use of identity data on untrusted hosts. Research has focused on security problems stemming from: Loss of control, Lack of trust (mechanisms), Multi-tenancy. The idea of active bundles is being developed. This work is theoretical but the implementation of active bundle idea is in progress. Joint work with Dr. Brancik and Brent Green of NGC. Research to be completed by May 2011. Earlier versions of draft white paper have been written. 02/11/23

Key Technical Accomplishments Technical accomplishment Three APTs have been developed: Fast Flux Attacks based on Storm Worm, Joint blackhole and wormhole attacks to deal with insider/external attacks, Attacks on Privacy in Electronic Private Healthcare Information (EPHI) and Cloud APT defense mechanisms include: Developing techniques for Identifying intruder and collaboration among multiple attackers including inside/external attackers, Designing algorithms to disrupt the ongoing attacks to avoid further progress of attacks as well as any collaboration, Identifying attackers from their host and/or network behavior. Cyber situation Awareness. We are identifying and formalizing: What is a context? What is a Situation? A workshop has been held in May 2010 with funding from Air Force. Details are in slides presented to NGC on June 14. See http://www.cs.purdue.edu/homes/rranchal/ngc.html Privacy and Identity Management in Cloud. The main idea is to use active bundles to facilitate privacy preserving data dissemination through the use of active bundles. Research has focused on security problems stemming from: Loss of control, Lack of trust (mechanisms), Multi-tenancy. 02/11/23 4

NG Tech Transfer Research is being conducted in collaboration with the NGC IR&D on Advanced Persistent Threats (APT) and Endpoint Situation Awareness IR&D in NG. NG Point of Contact are Dr. Ken Brancik , Calvin Smith and Jason Liu. Cloud computing efforts has been discussed with Steve Warner(IS). We will use these ideas in the application of Electronic private health care information systems. The major focus is on privacy and identity management in Cloud environments. Research is already in progress and we are in the process of writing a white paper with Dr. Brancik and Brent Green of NG. – Key activities Preliminary discussions & briefs, and joint white paper and proposals write-ups are in progress. Date: March-June, 2010 Purdue is in process of implementing the ideas. DoD proposals based on BAA are being planned. 02/11/23 5

External Activities Publication &/or Collaborative NGC / University White Paper: Title of Paper: Defending against Collaborative Packet Drop Attacks on MANETs – Authors: Weichao Wang, Bharat Bhargava, Mark Linderman – Submission &/or Projected Completion Date: Sept 2010 – Status: Work-in-Progress but first version accepted in IEEE SRDS workshop Title of Paper: Extending Attack Graph-based Security Metrics and Aggregating Their Application – Authors: Nwokedi Idika and Bharat Bhargava – Submission &/or Projected Completion Date: May 2010 – Status: Accepted in IEEE Transaction on Dependable and Secure Systems Title of Paper: An approach for Privacy and Identity Management in Cloud – Authors: Ken Brancik, Bharat Bhargava and students at Purdue – Submission &/or Projected Completion Date: Aug 2010 – Status: Work-in-Progress External Research Proposal: – Program Manager : Norman Ahmed in AFRL – Partners (Alone), Submission Date: Nov. 2009, Status: Accepted 02/11/23 6

Other NGCRC Collaborative Activities IEEE Workshop on Mobile Cloud Computing ( MCC) http://sis.uncc.edu/ wwang22/Conference/MCC-2010/MDMWorkshop-Index.html – May 23, 2010 in Kansas City, Missouri ( in conjunction with MDM 2010) – Identify security and privacy issue s in Cloud computing – Co-Program chair : Steve Warner (IS), NGC ; General Chair Bharat Bhargava Purdue University – Other participants included Dr. Anya Kim from Naval Research Lab, Dr. Mark Linderman from Air Force Research Lab, Prof. Ken Birman of Cornell, Prof Weichao Wang of UNCC ( co-program chair of workshop) IEEE Symposium on Reliable Distributed Systems has been organized from Nov. 13, 2010, New Delhi, India. It will feature reliability and security research papers. NG researchers will be invited. 02/11/23 7

02/11/23 8