[ISN] Information Security Under Scrutiny By Researchers

From: mea culpa (jerichoat_private)
Date: Thu Mar 18 1999 - 02:18:38 PST

  • Next message: mea culpa: "[ISN] Teenager charged with hacking into AOL"

    Source: Georgia Institute Of Technology 
    <http://www.gtri.gatech.edu/rco.html>
    Posted 3/17/99 
    
    Information Security Under Scrutiny By Researchers 
    
    While the security of the average consumer's online transactions grabs the
    public's attention, researchers at the Georgia Institute of Technology are
    studying electronic commerce with more far-reaching consequences.
    
    "The largest chunk of electronic commerce, an estimated $800 billion a
    year by 2003, is conducted business to business," said Dr. Blaine Burnham,
    director of the Georgia Tech Information Security Center (GTISC). "That's
    where the consequences of information system failure are highest and where
    GTISC can make the largest contributions."
    
    Burnham believes business-to-business electronic commerce deserves the
    attention of researchers because breaches in its information security
    could greatly affect everything from airline and rail travel to power
    generation to manufacturing. And the same technologies that affect
    security of business-to-business online transactions also apply to the
    consumer world.
    
    "As businesses become more reliant on electronic commerce, they are
    becoming very susceptible to failure in their information systems," he
    warned. "These disruptions could have a fairly significant effect." 
    
    For example, manufacturers adopting lean manufacturing practices are
    moving away from warehousing large stocks of parts. They order parts
    electronically for "just in time" delivery to assembly lines. Disruption
    of the information system would halt assembly lines and cost factories
    millions of dollars.
    
    "Historically, information security meant to protect and confine
    information," Burnham said. "Now, the emphasis is on making sure the
    information is correct, or authentic, and timely."
    
    GTISC researchers are addressing technical issues related to this shift in
    emphasis, developing programs to detect external attacks and manage the
    tradeoff between system performance and security. Policy studies address
    sources of information security breaches and the importance of information
    security to economic growth.
    
    "We want to make information systems more reliable,"  Burnham said. "They
    must be more robust and able to deal with malicious, as well as
    accidental, disruptions."
    
    
    Detecting Attacks with Neural Networks
    
    While internal attacks on information security are actually more
    widespread, the threat of external attacks by hackers is very real and
    quite complex.
    
    "The individual creativity of attackers, the wide range of computer
    hardware and operating systems, and the ever- changing nature of the
    overall threat to targeted systems have contributed to the difficulty in
    identifying network system intrusions," said Jim Cannady, a research
    scientist at the Georgia Tech Research Institute (GTRI).
    
    Cannady is using the power and flexibility of artificial neural networks
    -- which are capable of learning from their experiences -- to detect both
    known and new types of external attacks. Neural networks consist of
    collections of processing elements that are highly interconnected, each
    transforming a set of inputs to a set of desired outputs.
    
    In a neural network demonstration project called SENTINEL, Cannady is
    developing an intrusion detection system that identifies not only previous
    types of attacks, but new ones -- something current rule-based systems
    cannot do. The system gains experience with each effort so that it
    "learns" the characteristics of attacks. That should allow the system to
    eventually predict attacks and monitor activities, collecting information
    for responses to attacks and the prosecution of those behind them.
    
    
    Information Security Trade-offs
    
    Tradeoffs must be made between information security needs and application
    performance. Security computations consume processing resources, affecting
    the performance of shared, collaborative, real-time and electronic
    commerce programs.  As a result, host computers often cannot handle
    Internet applications that require high levels of security.
    
    Dr. Karsten Schwan, a professor in the College of Computing, and Ph.D.
    student Phyllis Schneck have addressed the problem with adaptive security
    protocols that adjust to changes in security requirements and computing
    resources.
    
    "Our mission is to address performance versus security tradeoffs by
    adapting to the constantly changing availability of computation and
    communication resources," Schneck said. She and Schwan conducted the
    research with Dr. Santosh Chokhani, president and CEO of CygnaCom
    Solutions, an information security company in McLean, Va.
    
    "We want to provide an on-line management of these resources over time,"
    Schwan explained. "The goal is to reduce overall risk by borrowing
    available security processing resources on one communication stream to
    "lend" to other application streams that may currently be lacking." 
    
    Schwan and colleagues have developed a suite of dynamic authentication
    heuristics (exploratory problem-solving techniques) to help achieve high
    levels of security with scarce computation resources. The suite optimizes
    use of host computer resources, while providing appropriate levels of
    security and providing feedback to users when changes are made.
    
    A Georgia Tech Research Corporation patent is pending on the suite. The
    technology will be licensed to a company that Schneck is starting.
    
    
    Economic Impact & Policy Studies
    
    Issues such as defining the standard for information security represent
    the theoretical side of the problem, said Dr. Philip Enslow, a professor
    in the College of Computing.
    
    "Security systems operate in an environment created by government
    regulation, criminal law and the mores of society," he said. "These are
    political issues that are important to business, society and government."
    
    Educating stakeholders about security issues is Enslow's focus. He wants
    to emphasize the importance of information security to economic growth.
    
    "There's been a lot of focus on the Y2K problem, but after it is dealt
    with, I think more businesses will start to realize that their economic
    survival depends on the security of their information," he added.
    
    
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:21:14 PDT