Cynthia E. Irvine

A sound type system for secure flow analysis

Ensuring secure information flow within programs in the context of multiple sensitivity levels has been widely studied. Especially noteworthy is Denning’s work in secure flow analysis and the lattice model [6][7]. Until now, however, the soundness of Denning’s analysis has not been established satisfactorily. We formulate Denning’s approach as a type system and present a notion of soundness for the system that can be viewed as a form of noninterference. Soundness is established by proving, with respect to a standard programming language semantics, that all well-typed programs have this noninterference property.

A video game for cyber security training and awareness

Although many of the concepts included in cyber security awareness training are universal, such training often must be tailored to address the policies and requirements of a particular organization. In addition, many forms of training fail because they are rote and do not require users to think about and apply security concepts. A flexible, highly interactive video game, CyberCIEGE, is described as a security awareness tool that can support organizational security training objectives while engaging typical users in an engaging security adventure. The game is now being successfully utilized for information assurance education and training by a variety of organizations. Preliminary results indicate the game can also be an effective addition to basic information awareness training programs for general computer users (e.g., annual awareness training.)

Quality of security service

Abstract : We examine the concept of security as a dimension of Quality of Service in distributed systems. Implicit to the concept of Quality of Service is the notion of choice or variation. Security services also offer a range of choice both from the user perspective and among the underlying resources. We provide a discussion and examples of user-specified security variables and show how the range of service levels associated with these variables can support the provision of Quality of Security Service, whereby security is a constructive network management tool rather than a performance obstacle. We also discuss various design implications regarding security ranges provided in a QoS-aware distributed system.

Toward a taxonomy and costing method for security services

A wide range of security services may be available to applications in a heterogeneous computer network environment. Resource management systems (RMSs) responsible for assigning computing and network resources to tasks need to know the resource-utilization costs associated with the various network security services. In order to understand the range of security services all RMS needs to manage, a preliminary security service taxonomy is defined. The taxonomy is used as a framework for defining the costs associated with network security services.

An overview of MSHN: the Management System for Heterogeneous Networks

The Management System for Heterogeneous Networks (MSHN) is a resource management system for use in heterogeneous environments. This paper describes the goals of MSHN, its architecture, and both completed and ongoing research experiments. MSHNs main goal is to determine the best way to support the execution of many different applications, each with its own quality of service (QoS) requirements, in a distributed, heterogeneous environment. MSHNs architecture consists of seven distributed, potentially replicated components that communicate with one another using CORBA (Common Object Request Broker Architecture). MSHNs experimental investigations include: the accurate, transparent determination of the end-to-end status of resources; the identification of optimization criteria and how non-determinism and the granularity of models affect the performance of various scheduling heuristics that optimize those criteria; the determination of how security should be incorporated between components as well as how to account for security as a QoS attribute; and the identification of problems inherent in application and system characterization.

The Trusted Computing Exemplar project

We describe the Trusted Computing Exemplar project, which is producing an openly distributed worked example of how high assurance trusted computing components can be built. The TCX project encompasses four related activities: creation of a prototype framework for rapid high assurance system development; development of a reference-implementation trusted computing component; evaluation of the component for high assurance; and open dissemination of results related to the first three activities. The projects open development methodology provides widespread availability of key high assurance enabling technologies and ensures transfer of knowledge and capabilities for trusted computing to the next generation of developers, evaluators and educators.

CyberCIEGE: gaming for information assurance

CyberCIEGE is a high-end, commercial-quality video game developed jointly by Rivermind and the Naval Postgraduate Schools Center for Information Systems Security Studies and Research. This dynamic, extensible game adheres to information assurance principles to help teach key concepts and practices. CyberCIEGE is a resource management simulation in which the player assumes the role of a decision maker for an IT dependent organization. The objective is to keep the organizations virtual users happy and productive while providing the necessary security measures to protect valuable information assets.

Calculating costs for quality of security service

Presents a quality-of-security-service (QoSS) costing framework and a demonstration of it. A method for quantifying costs related to the security service and for storing and retrieving security information is illustrated. We describe a security model for tasks, which incorporates the ideas of variant security services invoked by the task, dynamic network modes, abstract security level choices and resource utilization costs. The estimated costs can be fed into a resource management system to facilitate the process of estimating efficient task schedules. Integration and scalability issues have been taken into account during the design of the QoSS costing demonstration, which we believe is suitable for incorporation into a resource management system research prototype.

Overview of a high assurance architecture for distributed multilevel security

A high assurance architecture is described for the protection of distributed multilevel secure computing environments from malicious code and other attacks. Component security services and mechanisms extend and interoperate with commodity PCs, commodity client software, applications, trusted components, and legacy single level networks, providing new capabilities for composing secure, distributed multilevel security. This architecture results from the realization that unless a secure system offers users comfortable and familiar interfaces for handling routine information, it will fail due to lack of user acceptability.

A 3-D Split Manufacturing Approach to Trustworthy System Development

Securing the supply chain of integrated circuits is of utmost importance to computer security. In addition to counterfeit microelectronics, the theft or malicious modification of designs in the foundry can result in catastrophic damage to critical systems and large projects. In this letter, we describe a 3-D architecture that splits a design into two separate tiers: one tier that contains critical security functions is manufactured in a trusted foundry; another tier is manufactured in an unsecured foundry. We argue that a split manufacturing approach to hardware trust based on 3-D integration is viable and provides several advantages over other approaches.