Professor Anup Kumar from the University of Louisville is set to release his keynote speech at the IEEE Big Data Summit (Nanjing, China) this October, 2017. Thanks to IEEE Big Data Initiative, IEEE Software Defined Networks (SDN) Initiative, IEEE Technical Committee on Big Data for supporting this event.
Prof. Kumar is an Associate Editor of IEEE Transactions on Services Computing. He is also the Associate Editor of Internal Journal of Web Services Research and International Society of Computers and Their Application Journal. He is a member of IEEE Distinguished Visitor Program and was the Chair of IEEE Computer Society Technical committee on Simulation (TCSIM) (2004-2007). He has also edited special issues in IEEE Internet Magazine, and International Journal on Computers and Operations Research.
Prof. Kumar will give a talk on Access Control Security. Specifically, SDN/NFV, cloud, and many other online systems rely on Access Control (AC) Systems to protect secret financial, enterprise, organization, healthcare, defense, and various IT resources/services. In order to protect these classified resources, security specialists compose AC policies (e.g., XACML) to prevent unintended access. However, currently AC policies are composed and deployed into an AC system without comprehensive security testing and verification. This results in the potential for the presence of AC flaws (e.g., information or service leaks) in the systems. Due to the verbose nature of XACML policies, these AC flaws are typically well hidden until observable damages (e.g., data leakage) occur. This paves the way for cybersecurity hackers or insiders to steal the IT assets by exploiting access control weaknesses.
Recently NIST has released several specifications in order to help government and enterprises to enhance the nation's critical access control security, such as NIST SP 800-192: Verification and Test Methods for Access Control Policies/Models. As stated by NIST, many of the access control incidents (e.g., data breaches, insider attacks) are caused by misconfigured access control policies. These specifications describe the AC security requirements to avoid these incidents and recommend to thoroughly and automatically check the syntactic and semantic faults of AC policies before deploying them for operation.
Prof. Anup Kumar will explore the state-of-the-art access control policy testing and verification approaches:
These two methods respectively deliver a solution for testing, analyzing, inspecting, and correcting access control flaws. The talk will demonstrate several common AC flaws that can occur in online systems. The development of these solutions is conducted with the goal of instilling confidence that classified assets in the SDN/VFV, Big Data, Cloud, IoT, Cybersecurity, and other access control systems are protected at the level your organization intends them to be.
Primary information can be found at http://csrc.nist.gov/groups/SNS/acpt/acpt-beta.html and https://securitypolicytool.com/.
Please visit http://bigdatasummit.cyberc.org/keynotes.html more information.