The following research projects have been completed. Please note that if any final reports, informational sheets or posters are available, links are provided. Feel free to contact the researchers directly for further information not found on this site.
Topological Vulnerability Analysis (TVA)
S. Jajodia (GMU), S. Redwine |
|
Certificate Management in Public Key Infrastructure
R. Mukkamala (ODU), H. Heydari |
|
Data Mining for Detecting Intrusion Events
D. Barbara (GMH), J. Couto |
|
Dynamic Update of Crypto Keys
X. Wang |
|
Local Electric Power System Assessment
J. Taylor, M. Papadakis, G. Baker,
To learn more about assessment services, see the Research Poster presented at the recent 2006 Spring Resarch Symposium.
|
A small town electrical distribution system was studied. The immediate goal was to understand the system and to identify the possible failure modes that could cause interruptions of power. Recommendations were made to reduce the risks or to mitigate them. The information from this part of the study is being incorporated into concurrent work on modeling risks and creating guidelines for community self-assessment. |
National Park Service Information Sharing Evaluation
G. Baker, S. Frysinger |
|
Secure Ad-hoc User Collaboration in Grid Environments
D. Kafura (VT), M. Lorch (VT) |
We propose to develop a security architecture that will allow users of the same and of separate administrative domains to collaborate by trading access rights and privaleges in a secure manner without the need to involve system administrators at the resources in question. The architecture will allow for synchronous collaboration, where users work together in real time, as well as asynchronous collaboration, where users grant each other a subset of their rights to allow collaborators to access their resources at or for a pre-defined time in the future. A popular tool for providing security in a grid environment is the grid security infrastructure (GSI) developed at Argonne National Labs. The GSI is a public key infrastructure using standard X.509 certificates to mutually authenticate users and resources. A GSI was first implemented as a component of the Globus Medicomputing Toolkit but is a separate tool today and is being used in other distributed environments to provide a high level of security to both users and resource owners. Unfortunately, the GSI does not easily support collaboration as it focuses on authenticating users and processes but has no mechanism to carry and trade authorization information. For group support the GSI relies on the security mechanisms of the underlying operating systems. This approach is not flexible enough to support the requirements of dynamic user collaboration, as it requires site administrator intervention to set up and dissolve user groups. Support for roles, in which a user has a different set of privaleges depending on the users' current set of tasks (the users' role) is also not directly supported in GSI and can only be realized through "tricks" in the lower operating system security mechanisms. We propose to extend the GSI to overcome its drawbacks with respect to group collaboration and role support through the addition of authorization mechanisms based on attribute certificates. This approach is a low impact solution that will remain compatible with the original GSI architecture and protocals while providing the addition features to systems that are aware of our extensions. To demonstrate the feasability of the security architecture we plan to implement and deploy the resulting system in a campus-wide grid to be constructed at Virginia Tech. While progress will be made toward this goal, the full implementation and deployment of this system is likely beyond the timeframe of the current proposal. |
Security and Privacy in Digital Government
A. Bouguettaya (VT), M. Eltoweissy |
The objective of this project is to developn ew models, approachesa, nd techniquest hat preserve the privacy of sensitive information in Digital Government (DG) applications. Our research has evolved significantly during the last two years. As the vision of the semanticW eb steadilyc oncretizes,o ur researchr elatedt o this project has now converged towards considering semantic Web-enabled DG infrastructures. Specifically, we are developing solutions that preserve privacy in tomorrow's semantic Web-enabled DG infrastructures. The semantic Web provides greater automation and less human involvement. This improves users'e xperiencein using the Web. This also translatest o less control of Web users over how their personal information is manipulated by Web agents and Web services. The challenge is to build a semantic Web infrastructure that
protectsp rivacy by ensuringt hat no Web transactiong eneratesa n information flow that violates privacy. During the last six months, we focused on using the concept of reputation to enablet rust-basedin teractionsi n semanticW eb-enabledD G environments. Thesee nvironmentsw ill enablec itizens and their semanticW eb agentst o conduct" safe" transactionsw hile still benefiting from the abundanceo f Web resources. At the core of our work is the development of a reputation management system that supports privacy preservation in the semantic Web. Web entities may rely on that system in determining to which extent they may have confidence when interacting with other entities. We expect the results of our research to contribute to building semantic Web-enabled DG infrastructures where users, agents, services, and resources interoperate within a verifiably privacy preserving environment. |
Transnational Threats to Critical Infrastructure
S. Bowers |
|
Visual Impact Analysis for Common Criteria Security Evaluations
S. Bohner (VT), D. Gracanin (VT) |
|
Community Shielding
G. Saathoff (UVA) |
During a crisis period, our society requires dedication and skills of individuals who are committed to repairing and maintaining our critical infrastructure. This is only possible if basic survival needs are met, and citizens maintain adequate trust in government. The success of critical infrastructure within a community requires that the community remain stable with regard to population numbers and function. If a spontaneous evacuation were to take place, this would disrupt medical, educational, economic and social functioning by impairing the ability of critical infrastructure to meet the complex needs of its citizens. The operation of critical infrastructure is only successful to the extent that essential personnel are in a position to maintain its functioning. Through a system of interdisciplinary problem solving, the Critical Incident Analysis Group (CIAG) at the University of Virginia proposes to develop implementation steps for a Community Shielding policy. This will attempt to address the public response issues inherent in successful critical infrastructure operation. In order to do this, the CIAG will continue to build relationships as well as to enter and maintain partnerships with other institutions of higher education government organizations and the business community. This interdisciplinary, collaborative process will be necessary to facilitate implementation of Community Shielding. |
Intrusion Tolerant Systems
X. Wang |
|
Securing Wireless Sensor Networks
S. Olariu (ODU), A. Wadaa (ODU), L. Wilson (ODU) |
|
Conventional Explosive RF Signature Analysis
G. Baker |
|
Info Sec Education Curriculum Development
B. Willis (Hampton U.) |
The Department of Computer Science at Hampton University proposed a grant to improve the quality and increase the production of Information Assurance and Computer Security (IACS) professionals via information assurance faculty and program development. Hampton University participates in a partnership (as a subcontractor) with James Madison University (JMU). JMU is a certified CAE/IAE designee. Under the provisions of this RFP JMU is deignated the "lead institution" and meets all required criteria. JMU will request funding for $100,000 per year and will provide high levels of assitance and leadership in faculty training, student advisement and curriculum building of the sort not provided under any other agreement. The Department of Computer Science at Hampton University will build upon the framework (estabilished by its initial partnership with JMU) to effectively enable all faculty to provide its students with a viable education in Information Assurance and Computer Security. Hampton University will request additional funding for $100,000 per year as provided in RFP for minority-serving institutions. Faculty within the Department of Computer Science will become fully capable of providing instruction that will enable it to meet the expected outcomes of the program. The Department of Computer Science will also be fully prepared to apply for CAE/IAE designation. Hampton University's proposal while initially aimed at improving Information Assurance and Computer Security expertise to the Department of Computer Science and building a curriculum with strong Information Assurance elements will also result in the transfer of Information ASsurance and Computer Security technology elements to its industrial and governmental partners in the Tidewater area. |
