About this event
Lecturer: Peng Liu, Assistant Professor at Pennsylvania State University
Abstract
An information system can face a variety of security threats during its lifetime and many of them could result in successful attacks, or intrusions. Cyber security must include not only the ability to prevent attacks but also the ability to recover from and operate through attacks. Next generation secure systems must be attack resilient.
Because they focus on prevention, traditional "secure" information systems often perform poorly in surviving intrusions. In this research, we develop an intrusion tolerant database system framework called ITDB for the purpose of using it as an example to explore the principles of survivable systems. While traditional secure database systems rely on preventive controls, ITDB can detect intrusions, isolate attacks, contain, assess, and repair the damage caused by intrusions in a timely manner such that a self-stabilized level of data integrity and availability can be provided to applications in face of attacks. We have implemented an ITDB prototype. Preliminary testing measurements suggest that when the accuracy of the intrusion detector is satisfactory, ITDB is cost-effective. Moreover, a preliminary study of the characteristics and the limitations of ITDB shows the need and the merits of QoIA (Quality of Information Assurance) management in survivable systems where a QoIA service is a service associated with a specific level of information assurance, and the goal of IA is to enable people to get the QoIA services they have subscribed for even in face of attacks.
About the Lecturer:
Peng Liu is an assistant professor in the School of Information Sciences and Technology at the Pennsylvania State University in University Park, Pennsylvania. He was a professor at UMBC. He received his BS and MS degrees from the University of Science and Technology of China, and his PhD from George Mason University. His current research interests are in security & survivability, distributed & mobile computing, and economic computing. He has published a book and more than 20 refereed technical papers. He is a member of IEEE, ACM, and IFIP WG11.3.
Archived Webcast Link
*Alternate Link, please copy and paste the following URL into your browser location bar http://www.ngi-supernet.org/conferences.html.
In order to view this Webcast, you must have RealPlayer installed on your computer. For more information on Realplayer, check out Real.com or click on the links below to download the player.
You can download and install the FREE version of RealPlayer 8 Basic from Download.com: Macintosh | Windows (All versions)
Abstract
An information system can face a variety of security threats during its lifetime and many of them could result in successful attacks, or intrusions. Cyber security must include not only the ability to prevent attacks but also the ability to recover from and operate through attacks. Next generation secure systems must be attack resilient.
Because they focus on prevention, traditional "secure" information systems often perform poorly in surviving intrusions. In this research, we develop an intrusion tolerant database system framework called ITDB for the purpose of using it as an example to explore the principles of survivable systems. While traditional secure database systems rely on preventive controls, ITDB can detect intrusions, isolate attacks, contain, assess, and repair the damage caused by intrusions in a timely manner such that a self-stabilized level of data integrity and availability can be provided to applications in face of attacks. We have implemented an ITDB prototype. Preliminary testing measurements suggest that when the accuracy of the intrusion detector is satisfactory, ITDB is cost-effective. Moreover, a preliminary study of the characteristics and the limitations of ITDB shows the need and the merits of QoIA (Quality of Information Assurance) management in survivable systems where a QoIA service is a service associated with a specific level of information assurance, and the goal of IA is to enable people to get the QoIA services they have subscribed for even in face of attacks.
About the Lecturer:
Peng Liu is an assistant professor in the School of Information Sciences and Technology at the Pennsylvania State University in University Park, Pennsylvania. He was a professor at UMBC. He received his BS and MS degrees from the University of Science and Technology of China, and his PhD from George Mason University. His current research interests are in security & survivability, distributed & mobile computing, and economic computing. He has published a book and more than 20 refereed technical papers. He is a member of IEEE, ACM, and IFIP WG11.3.
Archived Webcast Link
*Alternate Link, please copy and paste the following URL into your browser location bar http://www.ngi-supernet.org/conferences.html.
In order to view this Webcast, you must have RealPlayer installed on your computer. For more information on Realplayer, check out Real.com or click on the links below to download the player.
You can download and install the FREE version of RealPlayer 8 Basic from Download.com: Macintosh | Windows (All versions)