Projects and Grants per year
Grants and Contracts Details
Description
University campus infrastructures count among the most complex and sophisticated information technology
(IT) deployments; often combining a mix of enterprise, retail and healthcare environments with
IT requirements derived from the university’s teaching and research mission. Dealing with the security of
this environment is particularly challenging. Like other networked environments campus IT infrastructures
are constantly under attack from the Internet and subject to malware infections and susceptible to software
and hardware vulnerabilities. In addition, different campus environments have very different policies and
regulations that govern its treatment of sensitive data (e.g., private personal information, health care data,
financial transactions etc.). Further, the unique requirements of data-intensive scientific workflows often do
not fit enterprise centric IT approaches. This typically results in ad-hoc exceptions which bypass standard
operational methods and procedures, thus leaving both the scientific workflow and the campus as a whole
vulnerable to attack. In short, state-of-the-art campus security operations still heavily rely on human domains
experts to interpret high level policy documents and attempt to implement those policies through low level
mechanisms, to manually implement exceptions to these policies to accommodate scientific workflow requirements,
to interpret reports and alerts from a variety of security point solutions, and to be at the center of
all IT security operations, attempting to react to security events in near real time on a 24 by 7 basis. Given
the constant increase in cyber security threats, this state of affairs is clearly untenable.
We propose to address these challenges through a collaborative research effort between the University of
Utah and the University of Kentucky. We propose the realization of NetSecOps, a policy-driven, knowledgecentric,
holistic network security operations architecture. NetSecOps is policy-driven in that high level human
readable policies are encoded into systematic policy specifications that drive the actual configuration and
operation of the IT infrastructure. NetSecOps is knowledge-centric in that data, information and knowledge
about the infrastructure is captured and maintained in a knowledge store, allowing IT operational tasks to be
realized on and informed by this knowledge. NetSecOps is holistic in that we envision that ultimately all
operational tasks be performed through the architecture and that all aspects of the environment be captured
in it. We propose to do research that would endow the NetSecOps architecture with the following unique
capabilities: (i) The ability to capture campus network security policies systematically.(ii) Fine-grained
network control abstractions that can implement the security characteristics demanded by these policies.
(Including policies related to both scientific workflows and IT domains.) (iii) Policy traceability tools to allow
verifying whether high-level policies are maintained by these network abstractions. (iv) Knowledge-discovery
tools that enable reasoning across data from existing security point-solutions. (Including security monitoring
tools and authentication and authorization frameworks.) (v) The ability to automatically adjust the network’s
security posture based on detected security events by applying policy-driven network control abstractions.
We will ground our work in real world context by partnering with IT and security domain experts at both the
University of Utah and the University of Kentucky and will evaluate our approach by deploying NetSecOps
on selected parts of the campus infrastructures at both institutions.
Our proposed work addresses a critical problem faced by all university campuses. It is our contention
that the makeup of our team, academic researchers, together with IT systems and security professionals,
uniquely position us to have impact in this space. We will release into the public domain the software of our
architecture, the policy traceability tools, the network control abstractions and knowledge-discovery tools,
as well as the systematic polices derived from security policy documents. We expect these resources to be
broadly adopted by universities as part of their best-practice IT security operations. This will be especially
true for smaller universities who might be lacking in security expertise. We expect that our approach will
similarly be applicable to and be adopted by other domains with complex IT environments. We plan to
disseminate our work through publications at high quality security conferences. The PIs will include research
tasks from this proposal as course research projects for graduate level courses they teach. Together with the
graduate students who will be directly involved in the research, the students doing these course projects will
benefit from being exposed to real world data and problems by working with the PIs and domain experts.
Status | Finished |
---|---|
Effective start/end date | 9/1/16 → 8/31/21 |
Funding
- National Science Foundation: $515,925.00
Fingerprint
Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.
Projects
- 1 Finished