Collaborative
Research: CICI: Secure and Resilient Architecture: NetSecOps
- Policy-driven, Knowledge-centric, Holistic Network Security Operations
Architecture
Period of
Performance:
9/01/2016 – 8/31/2019
Summary:
University campus infrastructures count
among the most complex and sophisticated information technology (IT)
deployments; often combining a mix of enterprise, academic, research, and healthcare
environments, each having their own distinct security, privacy, and priority
policies. Dealing with the security of this complex and highly dynamic environment
is extremely challenging, particularly since Campus IT infrastructures are
increasingly under attack both from external Internet sources, and often
unknowingly, from internal campus devices. Different segments of the campus
have very different policies and regulations that govern its treatment of
sensitive data (e.g., private student/employee information, health care data,
financial transactions etc.). Further, the unique requirements of
data-intensive scientific research traffic often require exceptions to
conventional IT policies, which typically result in ad-hoc solutions that
bypass standard operational methods and procedures, thus leaving both the
scientific workflow and the campus as a whole vulnerable to attack. In short,
state-of-the-art campus security operations still heavily rely on human domain
experts to interpret high level policy documents, attempt to implement those
policies through low level mechanisms, manually implement exceptions to these
policies to accommodate scientific workflow requirements, interpret reports and
alerts from a variety of security point solutions, and be able to react to
security events in near real time on a 24-by-7 basis. This state of affairs is
clearly untenable.
Research
questions
How can we realize the NETSECOPS Knowledge and Control Framework?
Can NETSECOPS be used for knowledge capture and knowledge discovery?
Can high level security policies be systematically captured?
Are low level mechanisms accurately enforcing high level policies?
- our
work falls here
Can systematic policies be auto-generated?
- our
work falls here
Can general campus access and
connectivity control be policy-driven?
Can policy exceptions be made for traffic used in (scientific) research
computing?
Exemplary products:
TBD