Organization:
Center for Information Systems Security Studies and Research (CISR)

Description

Integrated education and research in intelligent systems (artificial intelligence, machine learning, and data science) to ensure the U.S. Navy and Marine Corps are prepared to fight and win in the 21st century.

Website of the organization

https://nps.edu/web/ciser

Full item page

Publication Search Results

Now showing 1 - 10 of 174

A Case Study in Security Requirements Engineering for a High Assurance System
(2001) Irvine, Cynthia E.; Levin, Timothy; Wilson, Jeffery D.; Shifflett, David; Pereira, Bereira; Center for Information Systems Security Studies and Research (CISR); Computer Science (CS)
Requirements specifications for high assurance secure systems are rare in the open literature. This paper presents a case study in the development of a requirements document for a multilevel secure system that must meet stringent assurance and evaluation requirements. The system is secure, yet combines popular commercial components with specialized high assurance ones. Functional and non-functional requirements pertinent to security are discussed. A multi-dimensional threat model is presented. The threat model accounts for the developmental and operational phases of system evolution and for each phase accounts for both physical and non-physical threats. We describe our team-based method for developing a requirements document and relate that process to techniques in requirements engineering. The system requirements document presents a calibration point for future security requirements engineering techniques intended to meet both functional and assurance goals.
Challenges in Computer Security Education
(News, IEEE, 1997-00-00) Irvine, Cynthia E.; Center for Information Systems Security Studies and Research (CISR)
For three days last January, an international group met to discuss some of the issues at the First ACM Workshop on Education in Computer Security, held in Monterey, California. Representatives from 20 universities and a sprinkling of information systems security employers from industry and government were invited to attend based on position papers they had written. The group�s task was to discuss ways to address the impending crisis in information security education. Among the questions addressed were articulating the diversity of information security education requirements for different careers and the need for training and retaining security experts in education.
Calculating Costs for Quality of Security Service
(Proceedings of the 16th Computer Security Applications Conference, 2000-00-00) Sypropoulou, Evdoxia; Levin, Timothy E.; Irvine, Cynthia E.; Center for Information Systems Security Studies and Research (CISR); Computer Science (CS); Anteon Corporation
This paper presents a Quality of Security Service (QoSS) costing framework and demonstration. A method for quantifying costs related to the security service and for storing and retrieving security information is illustrated. We describe a security model for tasks, which incorporates the ideas of variant security services invoked by the task, dynamic network modes, abstract security level choices and resource utilization costs. The estimated costs can be fed into a resource management system to facilitate the process of estimating efficient task schedules. Integration and scalability issues have been taken into account during the design of the QoSS costing demonstration, which we believe is suitable for incorporation into a resource management system research prototype1.
SmartNet: A Scheduling Framework for Heterogeneous Computing
(1996) Freund, Richard; Kidd, Taylor; Moore, Lantz; Hensgen, Debbie; Center for Information Systems Security Studies and Research (CISR)
SmartNet is a scheduling framework for heterogeneous systems. Preliminary conservative simulation results for one of the optimization criteria, show a 1.21 improvement over Load Balancing and a 25.9 improvement over Limited Best Assignment, the two policies that evolved from homogeneous environments. SmartNet achieves these improvements through the implementation of several innovations. It recognizes and capitalizes on the inherent heterogeneity of computers in today’s distributed environments; it recognizes and accounts for the underlying non-determinism of the distributed environment; it implements an original partitioning approach, making runtime prediction more accurate and useful; it effectively schedules based on all shared resource usage, including network characteristics; and it uses statistical and filtering techniques, making a greater amount of prediction information available to the scheduling engine. In this paper, the issues associated with automatically managing a heterogeneous environment are reviewed, SmartNet’s architecture and implementation are described, and performance data is summarized.
A Security Domain Model to Assess Software for Exploitable Covert Channels
(Association for Computing Machinery (ACM), 2005-06-30) Auguston, Mikhail; Levin, Timothy; Shaffer, Alan; Irvine, Cynthia E.; Center for Information Systems Security Studies and Research (CISR); Computer Science (CS)
Within a multilevel secure (MLS) system, trusted subjects are granted privileges to perform operations that are not possible by ordinary subjects controlled by mandatory access control (MAC) policy enforcement mechanisms. These subjects are trusted not to conduct malicious activity or degrade system security. We present a formal definition for trusted subject behaviors, which depends upon a representation of information flow and control dependencies generated during a program execution. We describe a security Domain Model (DM) designed in the Alloy specification language for conducting static analysis of programs to identify illicit information flows, access control flaws and covert channel vulnerabilities. The DM is compiled from a representation of a target program, written in an intermediate Implementation Modeling Language (IML), and a specification of the security policy written in Alloy. The Alloy Analyzer tool is used to perform static analysis of the DM to detect potential security policy violations in the target program. In particular, since the operating system upon which the trusted subject runs has limited ability to control its actions, static analysis of trusted subject operations can contribute to the security of the system.
Language Issues in Mobile Program Security
(Springer Verag, 1998-00-00) Volpano, Dennis; Smith, Geoffrey; Center for Information Systems Security Studies and Research (CISR); Computer Science (CS); Florida International University
Many programming languages have been developed and implemented for mobile code environments They are typically quite expressive. But while security is an important aspect of any mobile code technology, it is often treated after the fundamental design is complete, in ad hoc ways. In the end, it is unclear what security guarantees can be made for the system. We argue that mobile programming languages should be designed around certain security properties that hold for all well formed programs This requires a better understanding of the relationship between programming language design and security Appropriate security properties must be identi ed Some of these properties and related issues are explored.
Threats and Challenges in Reconfigurable Hardware Security
(International Conference on Engineering of Reconfigurable Systems and Algorithms (ERSA'08), 2008-07-01) Kastner, Ryan; Huffmire, Ted; Center for Information Systems Security Studies and Research (CISR); Computer Science (CS); University of California, San Diego
Computing systems designed using reconfigurable hardware are now used in many sensitive applications, where security is of utmost importance. Unfortunately, a strong notion of security is not currently present in FPGA hardware and software design flows. In the following, we discuss the security implications of using reconfigurable hardware in sensitive applications, and outline problems, attacks, solutions and topics for future research.
Building Trust Into A Multilevel File System
(Proceedings, 13th National Computer Security Conference, 1990-00-00) Irvine, Cynthia E.; Center for Information Systems Security Studies and Research (CISR); Computer Science (CS)
File systems are an intrinsic part of any operating system providing support for a general application environment. To help provide general operating system functionality, a multilevel file system is being built to run on the GEMSOS TCB. The process of designing a file system for a multilevel environment, although similar in many respects to that for its untrusted counterpart, should include consideration of factors which will render its structure consistent with the trusted environment upon which it is built. The file system should take advantage of the security mechanisms available from the TCB. In this paper, two techniques are described which contribute to building trust into a file system design. The first is the use of mandatory access controls as a constraining design guide, and the second is the use of the intended discretionary access control policy as a driver for design choices.
Moats and drawbridges: An isolation primitive for reconfigurable hardware based systems
(IEEE Symposium on Security and Privacy, (Oakland, CA), May 2007., 2007-05-01) Huffmire, Ted; Brotherton, Brett; Wang, Gang; Sherwood, Timothy; Kastner, Ryan; Levin, Timothy; Nguyen, Thuy D.; Irvine, Cynthia E.; Center for Information Systems Security Studies and Research (CISR)
Blurring the line between software and hardware, reconfigurable devices strike a balance between the raw high speed of custom silicon and the post-fabrication flexibility of general-purpose processors. While this flexibility is a boon for embedded system developers, who can now rapidly prototype and deploy solutions with performance approaching custom designs, this results in a system development methodology where functionality is stitched together from a variety of soft IP cores, often provided by multiple vendors with different levels of trust. Unlike traditional software where resources are managed by an operating system, soft IP cores necessarily have very fine grain control over the underlying hardware. To address this problem, the embedded systems community requires novel security primitives which address the realities of modern reconfigurable hardware. We propose an isolation primitive, moats and drawbridges, that are built around four design properties: logical isolation, interconnect traceability, secure reconfigurable broadcast, and configuration scrubbing. Each of these is a fundamental operation with easily understood formal properties, yet maps cleanly and efficiently to a wide variety of reconfigurable devices. We carefully quantify the required overheads on real FPGAs and demonstrate the utility of our methods by applying them to the practical problem of memory protection.
The NPS CISR Graduate Program in INFOSEC Education: Six Years of Experience
(Monterey, California. Naval Postgraduate School, 1997-10) Irvine, Cynthia E.; Warren, Daniel F.; Clark, Paul C.; Center for Information Systems Security Studies and Research (CISR); Computer Science (CS)
The Naval Postgraduate School Center for Information Systems Security (INFOSEC) Studies and Research (NPS CISR) is developing a comprehensive program in INFOSEC education and research that can become a resource for DoN/DoD and U.S Government in terms of educational materials and research. A security track within the Computer Science curriculum at the Naval Postgraduate School has been established. Building upon a foundation of computer science laid by the departments core curriculum, the security track conveys vital concepts and techniques associated with INFOSEC today.