CERIAS Weekly Security Seminar – Purdue University
Vipin Swarup, Research Challenges in Assured Information Sharing
Assured information sharing has been a "grand challenge" problem ofinformation security for several decades. Currently, there is broadconsensus that the state-of-practice of information sharing isinadequate. One primary problem is that people on the field (e.g.,soldiers, firefighters) have mission-critical need for sensitiveinformation but are often among the least trusted principals in theirorganizations and hence do not receive the information. Anotherproblem is that data producers claim ownership of the data theyproduce and place sharing constraints on that data despite thecompeting interests of multiple parties over that data. In this talk,we highlight these and other problems and discuss a wide range oftechnical solutions that are needed. We elaborate on the need tobalance the risks of sharing data with the risks of not sharing dataand present several proposed approaches for doing so. We alsodescribe how obligation policies play an important role in addressingsome information sharing issues. About the speaker: Vipin Swarup is a Principal Scientist in the Information SecurityDivision at The MITRE Corporation. He received a B.Tech. degree inComputer Science and Engineering from IIT Bombay, and M.S. andPh.D. degrees in Computer Science from the University of Illinois atUrbana-Champaign. His doctoral work was in the area of type theoryand dealt with adding assignments to applicative programminglanguages. In 1991, he developed techniques to formally verifyvirtual machines, and he applied those techniques to an interpreterfor the Pre-Scheme programming language. In 1993, he created ahigh-assurance domain-specific programming language system called Feltfor security guard filters -- Felt has been used to express andenforce cross-domain message filtering policies in commercial securityguard products. In 1996, he co-authored a widely cited paper onmobile agent security. In 2003, he was a co-founder of the ACMWorkshop on Security of Ad Hoc and Sensor Networks.Dr. Swarup has been the principal investigator of numerous researchprojects in information security, including projects on mobile agentsecurity, security guards, intrusion detection, trust management,location-based security, and web services security. He has alsoparticipated in several other research projects including programverification, fingerprinting relational data, topologicalvulnerability analysis, network security risk management, securitypatch management, data sharing agreements, sharing models forneuroimagery, insider threat detection, etc. He currently leads aMITRE IR&D project that is investigating techniques to enhancecross-boundary information sharing.
Senaste avsnitt
En liten tjänst av I'm With Friends. Finns även på engelska.