Introduction to Biometrics

Dr. Bhavani Thuraisingham

The University of Texas at Dallas

Lecture #2
Information Security

August 24, 2005

Outline
 Operating Systems Security
 Network Security
 Designing and Evaluating Systems
 Web Security
 Other Security Technologies
 Data and Applications Security
Operating System Security
 Access Control

- Subjects are Processes and Objects are Files

- Subjects have Read/Write Access to Objects
- E.g., Process P1 has read acces to File F1 and write access to
File F2
 Capabilities

- Processes must presses certain Capabilities / Certificates to

access certain files to execute certain programs
- E.g., Process P1 must have capability C to read file F
Mandatory Security
 Bell and La Padula Security Policy

- Subjects have clearance levels, Objects have sensitivity levels;

clearance and sensitivity levels are also called security levels
- Unclassified < Confidential < Secret < TopSecret
- Compartments are also possible
- Compartments and Security levels form a partially ordered
lattice
 Security Properties

- Simple Security Property: Subject has READ access to an object

of the subject’s security level dominates that of the objects
- Star (*) Property: Subject has WRITE access to an object if the
subject’s security level is dominated by that of the objects\
Covert Channel Example
 Trojan horse at a higher level covertly passes data to a Trojan
horse at a lower level
 Example:

- File Lock/Unlock problem

- Processes at Secret and Unclassified levels collude with
one another
- When the Secret process lock a file and the Unclassified
process finds the file locked, a 1 bit is passed covertly
- When the Secret process unlocks the file and the
Unclassified process finds it unlocked, a 1 bit is passed
covertly
- Over time the bits could contain sensitive data
Network Security
 Security across all network layers

- E.g., Data Link, Transport, Session, Presentation,

Application
 Network protocol security

- Ver5ification and validation of network protocols

 Intrusion detection and prevention

- Applying data mining techniques

 Encryption and Cryptography
 Access control and trust policies
 Other Measures

- Prevention from denial of service, Secure routing, - - -

Steps to Designing a Secure System
 Requirements, Informal Policy and model
 Formal security policy and model
 Security architecture

- Identify security critical components; these components must be

trusted
 Design of the system
 Verification and Validation
Product Evaluation
 Orange Book

- Trusted Computer Systems Evaluation Criteria

 Classes C1, C2, B1, B2, B3, A1 and beyond

- C1 is the lowest level and A1 the highest level of assurance

- Formal methods are needed for A1 systems
 Interpretations of the Orange book for Networks (Trusted Network
Interpretation) and Databases (Trusted Database Interpretation)
 Several companion documents

- Auditing, Inference and Aggregation, etc.

 Many products are now evaluated using the federal Criteria
Security Threats to Web/E-commerce

Security
Threats and
Violations

Access
Integrity
Control Fraud Sabotage
Violations Violations

Confidentiality
Denial of Authentication
Service/ Nonrepudiation
Infrastructure Violations
Attacks
Approaches and Solutions
 End-to-end security

- Need to secure the clients, servers, networks, operating

systems, transactions, data, and programming languages
- The various systems when put together have to be secure
 Composable properties for security
 Access control rules, enforce security policies, auditing,
intrusion detection
 Verification and validation
 Security solutions proposed by W3C and OMG
 Java Security
 Firewalls
 Digital signatures and Message Digests, Cryptography
E-Commerce Transactions
 E-commerce functions are carried out as transactions

- Banking and trading on the internet

- Each data transaction could contain many tasks
 Database transactions may be built on top of the data transaction
service
- Database transactions are needed for multiuser access to web
databases
- Need to enforce concurrency control and recovery techniques
Types of Transaction Systems
 Stored Account Payment

- e.g., Credit and debit card transactions

- Electronic payment systems
- Examples: First Virtual, CyberCash, Secure Electronic Transaction

 Stored Value Payment

- Uses bearer certificates

- Modeled after hard cash
 Goal is to replace hard cash with e-cash
- Examples: E-cash, Cybercoin, Smart cards
What is E-Cash?
 Electronic Cash is stored in a hardware token
 Token may be loaded with money

- Digital cash from the bank

 Buyer can make payments to seller’s token (offline)
 Buyer can pay to seller’s bank (online)
 Both cases agree upon protocols
 Both parties may use some sort of cryptographic key mechanism to
improve security
Other Security Technologies
 Data and Applications Security
 Middleware Security
 Insider Threat Analysis
 Risk Management
 Trust and Economics
 Biometrics
Developments in Data and Applications
Security: 1975 - Present
 Access Control for Systems R and Ingres (mid 1970s)
 Multilevel secure database systems (1980 – present)

- Relational database systems: research prototypes and products;

Distributed database systems: research prototypes and some
operational systems; Object data systems; Inference problem
and deductive database system; Transactions
 Recent developments in Secure Data Management (1996 – Present)

- Secure data warehousing, Role-based access control (RBAC); E-

commerce; XML security and Secure Semantic Web; Data
mining for intrusion detection and national security; Privacy;
Dependable data management; Secure knowledge management
and collaboration
Developments in Data and Applications
Security: Multilevel Secure Databases - I
 Air Force Summer Study in 1982
 Early systems based on Integrity Lock approach
 Systems in the mid to late 1980s, early 90s

- E.g., Seaview by SRI, Lock Data Views by Honeywell, ASD and

ASD Views by TRW
- Prototypes and commercial products
- Trusted Database Interpretation and Evaluation of Commercial
Products
 Secure Distributed Databases (late 80s to mid 90s)

- Architectures; Algorithms and Prototype for distributed query

processing; Simulation of distributed transaction management
and concurrency control algorithms; Secure federated data
management
Developments in Data and Applications
Security: Multilevel Secure Databases - II
 Inference Problem (mid 80s to mid 90s)

- Unsolvability of the inference problem; Security constraint

processing during query, update and database design
operations; Semantic models and conceptual structures
 Secure Object Databases and Systems (late 80s to mid 90s)

- Secure object models; Distributed object systems security;

Object modeling for designing secure applications; Secure
multimedia data management
 Secure Transactions (1990s)

- Single Level/ Multilevel Transactions; Secure recovery and

commit protocols
Some Directions and Challenges for Data and
Applications Security - I
 Secure semantic web

- Single/multiple security models?

- Different application domains
 Secure Information Integration

- How do you securely integrate numerous and heterogeneous

data sources on the web and otherwise
 Secure Sensor Information Management

- Fusing and managing data/information from distributed and

autonomous sensors
 Secure Dependable Information Management

- Integrating Security, Real-time Processing and Fault Tolerance

 Data Sharing vs. Privacy

- Federated database architectures?

Some Directions and Challenges for Data and
Applications Security - II
 Data mining and knowledge discovery for intrusion detection

- Need realistic models; real-time data mining

 Secure knowledge management

- Protect the assets and intellectual rights of an organization

 Information assurance, Infrastructure protection, Access
Control
- Insider cyber-threat analysis, Protecting national databases,
Role-based access control for emerging applications
 Security for emerging applications

- Geospatial, Biomedical, E-Commerce, etc.

 Other Directions

- Trust and Economics, Trust Management/Negotiation, Secure

Peer-to-peer computing,
Layered Architecture for Dependable
Semantic Web
0Adapted from Tim Berners Lee’s description of the Semantic Web

S P Logic, Proof and Trust

E R
C I Rules/Query
U V Other
R A Services
I C RDF, Ontologies
T Y
Y XML, XML Schemas

URI, UNICODE

0 Some Challenges: Security and Privacy cut across all layers;

Integration of Services; Composability
Secure Sensor Information Management:
Directions for Research
 Individual sensors may be compromised and attacked; need
techniques for detecting, managing and recovering from such
attacks
 Aggregated sensor data may be sensitive; need secure storage sites
for aggregated data; variation of the inference and aggregation
problem?
 Security has to be incorporated into sensor database management

- Policies, models, architectures, queries, etc.

 Evaluate costs for incorporating security especially when the sensor
data has to be fused, aggregated and perhaps mined in real-time
 Need secure dependable information management for sensor data
Secure Dependable Information Management
 Dependable information management includes

- secure information management

- fault tolerant information
- High integrity and high assurance computing
- Real-time computing
 Conflicts between different features

- Security, Integrity, Fault Tolerance, Real-time Processing

- E.g., A process may miss real-time deadlines when access
control checks are made
- Trade-offs between real-time processing and security
- Need flexible security policies; real-time processing may be
critical during a mission while security may be critical during
non-operational times
Secure Dependable Information Management
Example: Next Generation AWACS

Navigation
Data Analysis Programming Display Consoles
Data Links Processor (14)
Group (DAPG) &
Sensors Refresh
Channels

Sensor Multi-Sensor
Detections Tracks •Security being considered after
Technology
Technology the system has been designed
Future Future Future
provided
providedby
by App App App and prototypes implemented
the
theproject
project •Challenge: Integrating real-time
Data MSI processing, security and
Mgmt. Data
Xchg.
App fault tolerance
Infrastructure Services

Real-time Operating System

Hardware
Research Directions for Privacy
 Why this interest now on privacy?
- Data Mining for National Security
- Data Mining is a threat to privacy
- Balance between data sharing/mining and privacy
 Privacy Preserving Data Mining
 Inference Problem as a Privacy Problem
 Data Sharing Across Coalitions
Data Mining to Handle Security Problems
 Data mining tools could be used to examine audit data and flag
abnormal behavior
 Much recent work in Intrusion detection

- e.g., Neural networks to detect abnormal patterns

 Tools are being examined to determine abnormal patterns for
national security
- Classification techniques, Link analysis
 Fraud detection

- Credit cards, calling cards, identity theft etc.

What can we do?:
Privacy Preserving Data Mining
 Prevent useful results from mining

- limit data access to ensure low confidence and support

- Extra data (“cover stories”) to give “false” results with Providing
only samples of data can lower confidence in mining results;
 Idea: If adversary is unable to learn a good classifier from the data,
then adversary will be unable to learn good
- rules, predictive functions
 Approach: Only make a sample of data available

- Limits ability to learn good classifier

 Several recent research efforts have been reported
Inference Problem as a Privacy Problem:
Privacy Constraint Processing

User Interface Manager

Privacy Constraint Database Design

Constraints Manager Tool
Constraints during
database design
Query Processor: Update operation
Processor:
Constraints during
query and release Constraints
operations during update
operation

DBMS Database
Secure Data Sharing Across Coalitions

Data/Policy for Coalition

Export Export
Data/Policy Data/Policy

Export
Data/Policy
Component Component
Data/Policy for Data/Policy for
Agency A Agency C

Component
Data/Policy for
Agency B