With research initiatives in digital forensics, critical infrastructure protection, security engineering and enterprise security, iSec is developing some of the most innovative solutions available for today’s emerging information security challenges. Whether using Event Data Recorders to analyze and reconstruct accidents or using Process Control Systems to monitor and control the nation’s critical infrastructures, iSec applies cutting-edge approaches to address real world problems and develop novel solutions.
Vehicle Network Security
The University of Tulsa’s Crash Reconstruction Research Consortium, TU-CRRC, is a non-profit cooperative industry-government-university research project focused on conducting basic and applied research for the advancement of crash reconstruction practices. The function is to provide member driven research and technology development, and to provide student education to implement such technology. The focus of the Consortium is to better understand crash causation, explore physical and digital evidence interpretation, improve the overall education of first responders, and motivate Science Technology, Engineering, and Mathematics (STEM) education though a vibrant outreach program.
Event Data Recorder (EDR)
Researchers are focusing on downloading EDRs, devices in automobiles similar to the “black box” found on an airplane, and other vehicle computer systems in a forensically sound manner. Once downloaded, this data is analyzed and used for accident reconstruction and investigation.
Digital forensics is the process of collecting, analyzing and extracting evidence from electronic devices. Immersed in a technological world, the spectrum of devices that can be investigated is extensive, including computers, cell phones, networks, PDAs and even automobiles. The examination of these types of devices is a crucial component of government, legal and business investigations. Through digital forensics, specialists have the ability to uncover a document’s entire history, including changes made, access dates and hacking activities.
Human-Computer Interaction (HCI) is the field of study where interactions between people and technology are examined. It encompasses a number of disciplines including computer, social, and behavioral sciences. iSec researchers have developed programs and curriculum in human-computer interaction centered around innovative, unobtrusive, and intuitive user interfaces for traditional desktop computers, small handheld devices and large-scale multi-user systems. These interfaces will enable and encourage collaboration between users, and will produce interfaces that allow the user to focus on interacting with the information being presented on multi-touch, multi-user devices.
Collaborative Analytical Visualization Environment (CAVE)
iSec researchers are exploring techniques for creating an immersive collaborative environment with the goal of platform independence. To achieve this, a unique Human-Computer Interaction (HCI) laboratory was created. This laboratory contains hardware research platforms centered around innovative, unobtrusive, and intuitive user interfaces for traditional desktop computers, small handheld devices and large-scale multi-user systems. Researchers in the lab have access to advanced hardware such as multi-touch surfaces, spatial sensors (cameras, RFID, etc.), smart phones, tablets or slates, a Microsoft Surface and a custom-built research platform called the Collaborative Analytical Visualization Environment (CAVE) multi-touch wall. This 4 x 10 ft. multi-touch wall not only allows researchers to test collaborative software, but also provides a means to test hardware and software interoperability, as well as provide a platform to advance multi-touch hardware solutions.
Spatial Access Control (SAC)
In an environment designed for collaboration, it is important to know who and what objects are being interacted with. Tracking multiple users in a three dimensional space and mapping unique identities to a shared user interface are critical components to create a user friendly and effective multi-user interface. The rate of technological progress in tracking hardware / software sensors allows for the capture of spatial features (e.g. location of head, shoulder, elbow, etc.) of users in an environment and enables the association of those features with interfaces in that environment. Researchers have developed and are exploring techniques for tracking and mapping multiple users/identities over a shared user interface. This opens research to developing creative access control policies which are shared across both digital and physical realms.
Gesture-Oriented Data Sharing (GODS)
To prove the merit of using multi-touch interfaces for collaboration, researchers are developing a gesture-oriented platform that allows users to interact and collaborate with one another, independent of platform. GODS “removes” the physical medium (e.g. USB flash drives) and gives users the illusion that their data is traveling with them by storing information in a private cloud. It uses the spatial access control framework for mapping identities with this data, allowing for seamless interaction across GODS-enabled devices.
Collaborative Educational Experience
The field of Human-Computer Interaction is interdisciplinary by definition. iSec researchers with computer science and psychology backgrounds are currently exploring creative ways to provide for a collaborative training experience using multi-touch surfaces, near field communication, and a number of other technologies. These researcher are developing collaborative interfaces that have many promising applications in group learning and training. This project aims to provide early child education tools that will promote social interactions while learning key concepts, and will serve a secondary purpose of introducing children to emerging technologies. Another target realm is in collaborative training applications that focus on information presentation and portability, where the interface is a channel through which the user is presented information and can interact with other users, whether they are using a large multi-user system or small handheld devices.
Tracking and Routing Global Environment Tool (TARGET)
Situational awareness and management thereof is crucial in our technologically advanced world. TARGET is a Command and Control platform developed to demonstrate the ability of bidirectional information exchange across multiple devices; more specifically, embedded devices. Researchers are utilizing this platform to write software applicable to public, private, and military sectors.
This state-of-the art facility supports educational and research efforts directed at securing process control systems (PCS) or SCADA systems. The laboratory houses a PCS test bed incorporating multiple types of remote telemetry units (RTUs), master terminal units (MTUs) and communications protocols (DNP3 and Modbus/TCP).
The test bed accommodates emerging technologies and supports the execution and analysis of diverse attack and defense tasks. This facility also has HMI components where processes can be controlled and visualized in a manner similar to what is seen in control room centers.
A scaled-down electric power substation in this laboratory can be used to test and validate security tools. The design of the substation closely reflects the topology of a ring-type substation with redundant lines as well as inductive and resistive loads. Input power levels is limited to voltage availability in the lab building. The substation uses three-phase 208V input voltage (dual inputs) and was designed for an estimated power consumption of 3KVA. The substation uses two controllers, also known as programmable logic controllers that communicate over an Ethernet network using the DNP3 protocol.
iSec researchers are pioneering an objective way of refining risk assessment via adversarial profiling. This approach quantitatively models the tendencies and characteristics of various adversary classes and instances to illuminate the likelihood of specific attack patterns and vectors. The scheme integrates seamlessly within standard risk assessment methodologies.
Dynamic Risk Assessment Access Control
Mandatory access control (MAC) has played a central role in the development of trusted operating systems but is often complex and obtrusive on the user experience. Dynamic Risk Assessment Access Control (DRAAC) offers an alternative access control system that uses the concept of risk to make access decisions, examining both the likelihood of compromise in the context of the access request as well as the impact such access could have on the system.
Transparent Emergency Data Destruction
iSec researchers are exploring ways in which to protect data at risk from adversaries creating duress for users and operators of information systems. Tools that offer users the ability to encrypt their sensitive information with pass-phrases or key files do not alleviate the situation, rather, they place the burden on the user to produce the pass phrase or key file. The solution suite developed at iSec allows users to discreetly and securely destroy a large volume of data in what appears to be course of a normal boot sequence.
Static Analysis and Dynamic Testing
Researchers at iSec are pursuing investigations into extracting more insight from conventional software security analysis tools. Static analysis and dynamic testing are two branches of security analysis that contain powerful tools for discovering weaknesses and flaws in software. By fusing the results of each under a common analytical framework, more light can be shed on the state of exposure of a piece of software.
Network Attack Modeling and Visualization
Distributed agents synthesize vulnerability models and real time information from network discovery and intrusion detection systems. The prototype integrates the Starlight visualization system developed at Pacific Northwest National Laboratories to support interactive data association and model manipulation.
Real Time Network Vulnerability Analysis
Researchers are exploring techniques to support real time network vulnerability analysis using a combination of deep packet inspection, passive network model acquisition, and intelligent attack attack graph generation. The effort supports cognitive scalability through collaborative interfaces for data visualization and manipulation.
iSec researchers are focusing on using formal logic and mediator technology to implement meta policies for access control in federated database environments. In addition, they collaborate with National Institute of Standards and Technology scientists who have developed universal policy machines for generic authorization services.
Cryptographic Protocol Verification
Researchers have developed a formalism that integrates logic and process calculus components to support formal proofs about the knowledge and behavior of communicating principals and about the properties of cryptographic protocols. The formalism also has applications to model and verify security properties of distributed systems.
Researchers develop program languages with constructs for programmable security. A primitive ticket-based model is used to implement a spectrum of access control models, while supporting efficient security is checking at compile time and run time. The Java language has been augmented with constructs for programmable security at the package, class and object levels. The project is also developing a coordination language with programmable mechanisms for orchestrating secure interoperation of software components, including legacy systems.
Security Enhanced Linux (SELinux)
Researchers investigate strategies for effective SELinux access control policy management. Tools are under development to support SELinux system installation and administration. One effort engages information flow theory to establish techniques for access control policy configuration analysis. Another supports SELinux application development through syntax-directed analysis of source code to derive complementary SELinux policy expressions.
Economics puts the challenges facing information security into perspective better than a purely technical approach does. Systems often fail because the organizations that defend them do not bear the full costs of failure. In order to solve the problems of growing vulnerability and increasing crime, solutions must coherently allocate responsibilities and liabilities so that the parties in a position to fix problems have an incentive to do so. This requires a technical comprehension of security threats combined with an economic perspective to uncover the strategies employed by attackers and defenders.
The security economics lab conducts research measuring various forms cybercrime in order to improve our understanding of how attackers and defenders behave. We emphasize empirical analysis of security incidents that can be directly observed, driven by the belief that security failures must be studied from the concrete, not the hypothetical. We also attempt to quantify the costs and benefits of security mechanisms where possible.
We collaborate with researchers at institutions across the US and internationally, including Carnegie Mellon University, SMU, Delft University of Technology, the University of Cambridge, Tel Aviv University, and the University of Innsbruck.
For more information, please visit the Security Economics Laboratory website.
Funded by the Dept. of Energy Nuclear Engineering University Program (NEUP) to develop procedures and best-practices guidelines for nuclear research reactors to convert their instrumentation and control (I&C) systems from analog to digital systems. This research will result in a cyber-simulation of the I&C systems of an actual nuclear research reactor that can be used for teaching and research purposes in cyber-security of our critical infrastructure and upgrades at existing nuclear power plants. The results from this research will help users to make informed decisions and plans for the transition from analog to digital I&C systems.