Enterprise Security
Network Attack Modeling and Visualization
Distributed agents synthesize vulnerability models and real time information from network discovery and intrusion detection systems. The prototype integrates the Starlight visualization system developed at Pacific Northwest National Laboratories to support interactive data association and model manipulation.
..............................................................................................................................
Network Vulnerability Analysis
Students involved in network vulnerability analysis develop tools for scanning converged (IP-telephone) networks. The scanned information is then integrated with an attack model database to support real-time vulnerability analysis.
..............................................................................................................................
Policy Mediation
iSec researchers are focusing on using formal logic and mediator technology to implement meta policies for access control in federated database environments. In addition, they collaborate with National Institute of Standards and Technology scientists who have developed universal policy machines for generic authorization services.
..............................................................................................................................
Cryptographic Protocol Verification
Researchers have developed a formalism that integrates logic and process calculus components to support formal proofs about the knowledge and behavior of communicating principals and about the properties of cryptographic protocols. The formalism also has applications to model and verify security properties of distributed systems.
..............................................................................................................................
Programmable Security
Researchers develop program languages with constructs for programmable security. A primitive ticket-based model is used to implement a spectrum of access control models, while supporting efficient security is checking at compile time and run time. The Java language has been augmented with constructs for programmable security at the package, class and object levels. The project is also developing a coordination language with programmable mechanisms for orchestrating secure interoperation of software components, including legacy systems.
..............................................................................................................................
Security Enhanced Linux (SELinux)
Researchers investigate strategies for effective SELinux access control policy management. Tools are under development to support SELinux system installation and administration. One effort engages information flow theory to establish techniques for access control policy configuration analysis. Another supports SELinux application development through syntax-directed analysis of source code to derive complementary SELinux policy expressions.
Distributed agents synthesize vulnerability models and real time information from network discovery and intrusion detection systems. The prototype integrates the Starlight visualization system developed at Pacific Northwest National Laboratories to support interactive data association and model manipulation.
..............................................................................................................................
Network Vulnerability Analysis
Students involved in network vulnerability analysis develop tools for scanning converged (IP-telephone) networks. The scanned information is then integrated with an attack model database to support real-time vulnerability analysis.
..............................................................................................................................
Policy Mediation
iSec researchers are focusing on using formal logic and mediator technology to implement meta policies for access control in federated database environments. In addition, they collaborate with National Institute of Standards and Technology scientists who have developed universal policy machines for generic authorization services.
..............................................................................................................................
Cryptographic Protocol Verification
Researchers have developed a formalism that integrates logic and process calculus components to support formal proofs about the knowledge and behavior of communicating principals and about the properties of cryptographic protocols. The formalism also has applications to model and verify security properties of distributed systems.
..............................................................................................................................
Programmable Security
Researchers develop program languages with constructs for programmable security. A primitive ticket-based model is used to implement a spectrum of access control models, while supporting efficient security is checking at compile time and run time. The Java language has been augmented with constructs for programmable security at the package, class and object levels. The project is also developing a coordination language with programmable mechanisms for orchestrating secure interoperation of software components, including legacy systems.
..............................................................................................................................
Security Enhanced Linux (SELinux)
Researchers investigate strategies for effective SELinux access control policy management. Tools are under development to support SELinux system installation and administration. One effort engages information flow theory to establish techniques for access control policy configuration analysis. Another supports SELinux application development through syntax-directed analysis of source code to derive complementary SELinux policy expressions.
| Featured Personnel
|
|
Ask an expert. Dr. John Hale, director of iSec. 
Bio .............. .............. |
| Security Links
National Institute of Standards and Technology
......................................................... International Information Systems Security Certification Consortium ......................................................... Information Systems Security Association ......................................................... Computing Technology Industry Association ......................................................... |