computer science and engineering 1 csilla farkas associate professor center for information...
TRANSCRIPT
Computer Science and Engineering 1
Csilla FarkasAssociate Professor
Center for Information Assurance EngineeringDept. of Computer Science and Engineering
University of South Carolina
[email protected]://www.cse.sc.edu/~farkas
Computer Science and Engineering 2
Attack Sophistication vs. Intruder Technical Knowledge
High
Low
1980 1985 1990 1995 2000
password guessing
self-replicating code
password cracking
exploiting known vulnerabilities
disabling audits
back doors
hijacking sessions
sweepers
sniffers
packet spoofing
GUIautomated probes/scans
denial of service
www attacks
Tools
Attackers
IntruderKnowledge
AttackSophistication
“stealth” / advanced scanning techniques
burglaries
network mgmt. diagnostics
distributedattack tools
Cross site scripting
Stagedattack
Copyright: CERT, 2000
Computer Science and Engineering 3
CSI Survey 2008CSI Survey 2008
Types of incidents
CSI/FBI Computer Crime and Security SurveyComputer Security Institute
Computer Science and Engineering 4
CSI Survey 2008CSI Survey 2008
CSI/FBI Computer Crime and Security SurveyComputer Security Institute
Computer Science and Engineering 5
CSI Survey 2008CSI Survey 2008
CSI/FBI Computer Crime and Security SurveyComputer Security Institute
Computer Science and Engineering 6
CSI Survey 2008CSI Survey 2008
CSI/FBI Computer Crime and Security SurveyComputer Security Institute
Computer Science and Engineering 7
Systems must be protected against attacks!
What can a business do about it?
What can IT professionals do about it?
Computer Science and Engineering 8
Graduate Certificate Program in Information Assurance and
Security (IA&S)
Computer Science and Engineering 9
Security ObjectivesSecurity Objectives• Confidentiality: prevent/detect/deter improper
disclosure of information• Integrity: prevent/detect/deter improper
modification of information• Availability: prevent/detect/deter improper denial
of access to services
Security NeedsSecurity Needs
Computer Science and Engineering 10
Types of ThreatsTypes of Threats
• Errors of users
• Natural/man-made/machine disasters
• Dishonest insider
• Disgruntled insider
• Outsiders
Computer Science and Engineering 11
Computer Science and Engineering
• Semantic Web security – Data and meta-data security – Secure information sharing– Web application security
• Critical Infrastructure Protection– Economic and social aspects of
cyber attacks– SCADA systems security
Sample Research DirectionsSample Research Directions
Organizational Data
Confidential
OntologySecure Data Integration
andInferences
Public User
Web Data
Public
Access ControlModels
OffenseDefense
• Other Research– Policy Compliance – Online Privacy – Open source intelligence– Secure VANET communication
Computer Science and Engineering 12
Computer Science and Engineering
Secure Semantic Web Secure Semantic Web
• Web Data and Metadata Security – Semantic-Aware XML access control– RDF security policy– Stream data security
• Web Services (WS) Security– Service-level security across heterogeneous domains– Identity and trust management– Execution correctness, WS transactions
Computer Science and Engineering 13
Computer Science and Engineering
Damage Assessment and Social Damage Assessment and Social VulnerabilityVulnerability
• Damage Estimation and Social Vulnerability– Damage of the target may not reflect the real amount of
damage– Services may rely on the attacked service, causing a
cascading and escalating damage– Identify characteristics to evaluate vulnerability of different
social strata for cyber attack consequences• Support decision makers to
– Evaluate risk and consequences of cyber attacks– Support methods to prevent, deter, and mitigate consequences
of attacks
Computer Science and Engineering 14
IA JobsIA Jobs
• Job market– Civil (Join Information Systems Security Association, ISSA,
https://www.issa.org/ )
– Government (Internship available at USC-UTS, and SC Dept. of Probation, Parole, and Pardon Services)
– Military (Internship available at SPAWAR, Charleston)
• Education and training requirements (B.S. degree, certification, hands-on experiments)
• Salary• FUN
Computer Science and Engineering 15
IA&S Certificate IA&S Certificate ProgramProgram
Admission Requirements
• Baccalaureate degree in computer science, computer engineering, or a related field
• Work experience as information security professional
• Admission requirements for graduate study at the Department of Computer Science and Engineering http://www.cse.sc.edu/GRADUATE/AdmissionsPage.html
Computer Science and Engineering 16
Graduation requirements18 hours of graduate study with B average – 9 hours core courses– 9 hours of elective courses
IA&S Certificate ProgramIA&S Certificate Program
Computer Science and Engineering 17
Core CoursesCore Courses
• CSCE 522 – Information Systems Security Principles – offered every Fall semester
• CSCE 715– Network Security– offered every Fall semester
• CSCE 727 – Information Warfare– offered every 3rd semester
Computer Science and Engineering 18
Elective CoursesElective Courses
• CSCE 517 – Computer Crime and Forensics • CSCE 557 – Introduction to Cryptography• CSCE 548 – Secure Software Construction• CSCE 716 – Design for Reliability• CSCE 717 – Comp. Systems Performance• CSCE 790 – Topic Course• CSCE 813 – Internet Security• CSCE 814 – Distributed Systems Security• CSCE 824 – Secure Databases• CSCE 853 – Formal Models of Information Security
Computer Science and Engineering 19
New undergraduate courses:CSCE 201: Introduction to Information Security
Computer Science and Engineering 20
Thank you!Thank you!