![Page 1: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/1.jpg)
1
Cyber Security Research:A Personal Perspective
Prof. Ravi SandhuExecutive Director and Endowed Chair
January 18, 2013
© Ravi Sandhu World-Leading Research with Real-World Impact!
CS 6393 Lecture 1
![Page 2: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/2.jpg)
Cyberspace will become orders of magnitude more complex and confused very quickly
Overall this is a very positive development and will enrich human society
It will be messy but need not be chaotic!
Cyber security research and practice are loosing ground
© Ravi Sandhu 2World-Leading Research with Real-World Impact!
Prognosis
![Page 3: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/3.jpg)
© Ravi Sandhu 3World-Leading Research with Real-World Impact!
Security Objectives
INTEGRITYmodification
AVAILABILITYaccess
CONFIDENTIALITYdisclosure
![Page 4: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/4.jpg)
© Ravi Sandhu 4World-Leading Research with Real-World Impact!
Security Objectives
INTEGRITYmodification
AVAILABILITYaccess
CONFIDENTIALITYdisclosure
USAGEpurpose
![Page 5: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/5.jpg)
© Ravi Sandhu 5World-Leading Research with Real-World Impact!
Security Objectives
INTEGRITYmodification
AVAILABILITYaccess
CONFIDENTIALITYdisclosure
USAGEpurpose
USAGE
![Page 6: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/6.jpg)
© Ravi Sandhu 6World-Leading Research with Real-World Impact!
Security Objectives
Single Enterprise• owns all the information• employs all the users
Multiple Interacting Parties• no one owns all the
information• no one can unilaterally
impose policy on all the users
![Page 7: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/7.jpg)
Computer security Information security =
Computer security + Communications security Information assurance Mission assurance
Includes cyber physical
© Ravi Sandhu 7World-Leading Research with Real-World Impact!
Cyber Security Scope
![Page 8: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/8.jpg)
What is fundamental to cyber security? Where are the boundaries of a cyber system? What are the goals of cyber security?
© Ravi Sandhu 8World-Leading Research with Real-World Impact!
Fundamental Challenge
![Page 9: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/9.jpg)
Enable system designers and operators to say:
This system is secure
© Ravi Sandhu 9World-Leading Research with Real-World Impact!
Cyber Security Goal
![Page 10: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/10.jpg)
Enable system designers and operators to say:
This system is secure
There is an infinite supply of attacks
© Ravi Sandhu 10World-Leading Research with Real-World Impact!
Cyber Security Goal
Not attainable
![Page 11: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/11.jpg)
Enable system designers and operators to say:
This system is secure enough
© Ravi Sandhu 11World-Leading Research with Real-World Impact!
Cyber Security Goal
Many successful examples
![Page 12: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/12.jpg)
The ATM (Automatic Teller Machine) system is secure enough global in scope
Not attainable via current cyber security science, engineering, doctrine not studied as a success story
Similar paradoxes apply to on-line banking e-commerce payments
© Ravi Sandhu 12World-Leading Research with Real-World Impact!
The ATM Paradox
![Page 13: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/13.jpg)
US President’s nuclear football
© Ravi Sandhu 13World-Leading Research with Real-World Impact!
High Assurance Cyber Security
![Page 14: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/14.jpg)
Enable system designers and operators to say:
This system is secure enough
In an innovative ecosystem the innovation drive will ensure that the bar for enough will be fairly low
© Ravi Sandhu 14World-Leading Research with Real-World Impact!
Cyber Security Goal
![Page 15: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/15.jpg)
Productivity-Security
Cyber Security is all about tradeoffs
© Ravi Sandhu 15World-Leading Research with Real-World Impact!
Productivity Security
Let’s build itCash out the benefitsNext generation can secure it
Let’s not build itLet’s bake in super-security tomake it unusable/unaffordableLet’s sell unproven solutions
There is a middle groundWe don’t know how to predictably find it
![Page 16: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/16.jpg)
Develop a scientific discipline
to predictably find the sweet spots for different application and mission contexts
to predictably find, incentivize and deploy microsec that leads to desirable macrosec outcomes
that can be meaningfully taught in Universities at all levels: BS, MS, PhD
Prognosiswe shall succeed (we have no choice)but we need to change to succeed
© Ravi Sandhu 16World-Leading Research with Real-World Impact!
Grand Challenges
![Page 17: 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu](https://reader034.vdocuments.net/reader034/viewer/2022051515/5518d510550346b31f8b5e99/html5/thumbnails/17.jpg)
Computer scientists could never have designed the web because they would have tried to make it work. But the Web does “work.” What does it mean for the Web to “work”?
Security geeks could never have designed the ATM network because they would have tried to make it secure. But the ATM network is “secure.” What does it mean for the ATM network to be
“secure”?
© Ravi Sandhu 17World-Leading Research with Real-World Impact!
Butler Lampson Paraphrased (I think)