Your search keyword '"Matt Bishop"' showing total 26 results

1. Case Study: Mapping an E-Voting Based Curriculum to CSEC2017

Author

Muwei Zheng, Nathan Swearingen, Steven Mills, Croix Gyurek, Matt Bishop, and Xukai Zou

Published

2023

2. Trust-Based Security; Or, Trust Considered Harmful

Author

Matt Bishop and Abe Singer

Subjects

Risk analysis, Computer science, business.industry, Compromise, media_common.quotation_subject, Best practice, 05 social sciences, Internet privacy, Vulnerability, 020207 software engineering, 02 engineering and technology, Trusted Computing, Trusted third party, Considered harmful, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, Risk assessment, business, 050107 human factors, media_common

Abstract

Our review of common, popular risk analysis frameworks finds that they are very homogenous in their approach. These are considered IT Security Industry ”best practices.” However, one wonders if they are indeed ”best”, as evinced by the almost daily news of large companies suffering major compromises. Embedded in these ”best practices” is the notion that ”trust” is ”good”, i.e. is a desirable feature: ”trusted computing,” ”trusted third party,” etc. We argue for the opposite: that vulnerabilities stem from trust relationships. We propose a a paradigm for risk analysis centered around identifying and minimizing trust relationships. We argue that by bringing trust relationships to the foreground, we can identify paths to compromise that would otherwise go undetected; a more comprehensive assessment of vulnerability, from which one can better prioritize and reduce risk.

Published

2020

3. Augmenting Machine Learning with Argumentation

Author

Karl Levitt, Carrie Gates, and Matt Bishop

Subjects

021110 strategic, defence & security studies, Human intelligence, business.industry, Computer science, 0211 other engineering and technologies, Access control, 06 humanities and the arts, 02 engineering and technology, Information security, 0603 philosophy, ethics and religion, Machine learning, computer.software_genre, Disease control, Argumentation theory, Unexpected events, Leverage (negotiation), 060301 applied ethics, Artificial intelligence, business, computer, Problem space

Abstract

The information security community is haunted by the failure of an appropriate break-the-glass access control at the United States Center for Disease Control that led to an estimated additional 1.2 million deaths in North America in 2036. In this paper we review what caused the security failures in this system and argue that, by combining human intelligence with multiple technological approaches to create a system that emphasizes human approaches to guide analysis, the failures that occurred will not recur. We also leverage people and technologies to identify and fill gaps in the training data to minimize the threat of unexpected events. While we use this scenario as our running example, we note that our approach is generalizable to a broader problem space where machine learning approaches have been deployed to make decisions.

Published

2018

4. Special Session

Author

Scott Buck, Diana L. Burley, Allen Parrish, Siddharth Kaza, David S. Gibson, Herb Mattord, and Matt Bishop

Subjects

Body of knowledge, ComputingMilieux_THECOMPUTINGPROFESSION, Computer science, Task force, ComputingMilieux_COMPUTERSANDEDUCATION, Joint (building), Session (computer science), Computer security, computer.software_genre, computer, Curriculum, Panel discussion

Abstract

In this special session, members of the Joint Task Force (JTF) on Cybersecurity Education will provide an overview of the CSEC2017 curricular guidelines (finalized in December 2017) and engage session participants in a discussion of the curricular framework and body of knowledge. The session will conclude with an interactive panel discussion on implementing the curricular guidance.

Published

2018

5. ACM Joint Task Force on Cybersecurity Education

Author

Elizabeth K. Hawthorne, Siddharth Kaza, David S. Gibson, Scott Buck, Matt Bishop, and Diana L. Burley

Subjects

ComputingMilieux_THECOMPUTINGPROFESSION, Computer science, Task force, Process (engineering), 05 social sciences, 050301 education, 02 engineering and technology, Computer security, computer.software_genre, 020204 information systems, ComputingMilieux_COMPUTERSANDEDUCATION, 0202 electrical engineering, electronic engineering, information engineering, Joint (building), Session (computer science), 0503 education, computer, Curriculum

Abstract

In this special session, members of the ACM Joint Task Force (JTF) on Cybersecurity Education will provide an overview of the task force mission, objectives, and release a draft of the curricular guidelines. After the overview, task force members will engage session participants in the curricular development process and solicit feedback on the draft guidelines.

Published

2017

6. I'm not sure if we're okay

Author

Richard Ford, Mark E. Fioravanti, and Matt Bishop

Subjects

0301 basic medicine, Computer science, As is, media_common.quotation_subject, 030106 microbiology, Context (language use), Space (commercial competition), Certainty, Computer security, computer.software_genre, System protection, 03 medical and health sciences, Ask price, Malware, Enhanced Data Rates for GSM Evolution, computer, media_common

Abstract

Asymmetry and uncertainty have been written about at length in the context of computer security. Indeed, many cutting edge defensive techniques provide system protection by relying on attacker uncertainty about certain aspects of the system. However, with these defensive countermeasures, typically the defender has the ability to derive full knowledge of the system (as is the case in, for example, Instruction Set Randomization), but the attacker has limited knowledge.In this paper, we concern ourselves with the case in which neither the attacker nor the defender have perfect knowledge of the system, but where the level of uncertainty tolerable to both parties is different. In particular, we explore scenarios where the attacker's need for certainty is lower than that of the defender, and ask if non-determinism can be used as a weapon. We provide an example in the malware arena, demonstrating the use of quorum sensing as a potential application of this technique. We argue that this idea of mutual uncertainty is a new paradigm which opens the way to novel solutions in the space.

Published

2016

7. Special Session

Author

Siddharth Kaza, Diana L. Burley, Elizabeth K. Hawthorne, Matt Bishop, Lynn Futcher, and Scott Buck

Subjects

Engineering management, Multimedia, Process (engineering), Computer science, Task force, ComputingMilieux_COMPUTERSANDEDUCATION, Joint (building), Session (computer science), computer.software_genre, Curriculum, computer

Abstract

In this special session, members of the ACM Joint Task Force on Cyber Education to Develop Undergraduate Curricular Guidance will provide an overview of the task force mission, objectives, and work plan. After the overview, task force members will engage session participants in the curricular development process.

Published

2016

8. Information behaving badly

Author

Matt Bishop, Julie Boxwell Ard, Carrie Gates, and Michael Xin Sun

Subjects

Information behavior, Workflow, Flow (mathematics), Action (philosophy), Computer science, Insider threat, Leakage (economics), Computer security, computer.software_genre, computer

Abstract

Traditionally, insider threat detection has focused on observing human actors -- or, more precisely, computer accounts and processes acting on behalf of those actors -- to model their "normal" behavior, then determine if they have performed some anomalous action and, further, if that action is malicious. In this paper, we shift the paradigm from observing human behavior to observing information behavior by modeling how documents flow through an organization. We hypothesize that similar types of documents will exhibit similar workflows, and that a document deviating from its expected workflow indicates potential data leakage.

Published

2013

9. Forgive and forget

Author

Steven L. Greenspan, Emily Rine Butler, Matt Bishop, Kevin R. B. Butler, and Carrie Gates

Subjects

Forgiveness, Forgetting, business.industry, Computer science, media_common.quotation_subject, Internet privacy, Social pressure, Cryptography, Access control, Computer security, computer.software_genre, Fresh Start, The Internet, business, computer, media_common

Abstract

Traditionally, if someone did some act that required forgiveness, there were social norms in place for such forgiveness to happen. Over time, the act is also typically forgotten. And, should the person not be forgiven and the social pressure become too great, he had the option of moving to a new location for a fresh start. Yet with the Internet, these options are no longer available. Worse, activities which traditionally did not even require forgiveness are now impacting lives in unexpected ways, and are never forgotten. There are, however, technical approaches that could be applied to the problem, such as (1) controlling dissemination through new access control models or cryptographic approaches, (2) flooding the web with contrary information, (3) leading users to believe the information applies to someone else, (4) changing the semantics of what was written, and (5) finding a way to take advantage of the inconvenient information. In this paper we discuss the social act of forgiveness, and go into detail on the possible technical approaches to "forgetting" without deleting.

Published

2013

10. Teaching secure coding

Author

Elizabeth K. Hawthorne, Blair Taylor, Kara Nance, and Matt Bishop

Subjects

Knowledge management, Software, business.industry, Computer science, ComputingMilieux_COMPUTERSANDEDUCATION, Engineering ethics, Mythology, Information assurance, business, Secure coding

Abstract

Teaching secure coding has never been more important. The CS2013 Ironman draft includes Information Assurance and Security as a new Knowledge Area and recommends that security be cross-cutting across all undergraduate computer science curricula. The Summit on Education in Secure Software recommended: 1) increasing the number of faculty who understand the importance of secure programming principles, and will require students to practice them; 2) integrating computer security content into existing technical and non-technical courses; and 3) using innovative teaching methods to strengthen the foundation of computer security knowledge. In this panel, we will speak to these recommendations and the new curricular guidelines and discuss the importance and challenges of teaching secure coding.

Published

2013

11. Introducing secure coding in CS0 and CS1 (abstract only)

Author

Elizabeth K. Hawthorne, Siddharth Kaza, Matt Bishop, Diana L. Burley, and Blair Taylor

Subjects

Syllabus, Multimedia, Computer science, ComputingMilieux_COMPUTERSANDEDUCATION, Attendance, Computer security, computer.software_genre, Information assurance, computer, Curriculum, Secure coding

Abstract

The CS 2013 curriculum includes Information Assurance and Security as a pervasive knowledge area. However, introducing security in lower level courses is challenging because of lack of appropriate teaching resources and training. This workshop will provide a well-tested strategy for introducing secure coding concepts in CS0, CS1, and CS2. We will introduce attendees to secure coding through hands-on exercises, and provide self-contained, lab-based modules designed to be injected into CS0-CS2 with minimal impact on the course (www.towson.edu/securityinjections). Participants will be encouraged to bring in their own syllabus and labs to modify to include secure coding concepts. The first 15 participants will be reimbursed for the workshop cost on attendance. Laptop recommended.

Published

2013

12. Turtles all the way down

Author

Ed Talbot, Matt Bishop, and Sean Peisert

Subjects

formal methods, Computer science, first principles, Computer security, computer.software_genre, Mathematical proof, Security policy, metrics, Engineering, security policy, Order (exchange), perfect privacy, Implementation, Assurance, identity binding, Fault tolerance, continuous authentication, insiders, Formal methods, Replication (computing), Collusion, dynamic access control, fault tolerance, probabilistic computing, computer, trust negotiation

Abstract

In this paper, we present a set of security requirements for critical systems, fundamental premises that those requirements would entail, and ideas for implementations that would instantiate those premises. We discuss the overriding requirement guiding our paradigm: that "first principles" reflects the only real security strategy, where first principles are ideally provable, often measurable; and at minimum, possible to order and bound. These principles allow us to take into account that many security policies may be even be in conflict, and as such, proofs, measures, and ordering gives an analyst (or even better, an automated system) the metrics that one needs in order to make informed decisions about how to resolve conflicts. We demonstrate several metrics that enable this, including state replication, data slicing, collusion, and information theory.

Published

2012

13. Teaching secure coding

Author

Ron Dodge, Blair Taylor, Steve Cooper, Robert C. Seacord, Matt Bishop, and Diana L. Burley

Subjects

geography, Government, Summit, geography.geographical_feature_category, Exploit, business.industry, Computer science, Vulnerability, Information and Computer Science, Computer security, computer.software_genre, Software, Session (computer science), Human resources, business, computer, Curriculum, Secure coding

Abstract

Software is critical to life in the 21st century. It drives financial, medical, and government computer systems as well as systems that provide critical infrastructures in areas such as transportation, energy, networking, and telecommunications. As the number and severity of attacks that exploit software vulnerabilities increase, writing reliable, robust, and secure programs will substantially improve the ability of systems and infrastructure to resist such attacks. Education plays a critical role in addressing cybersecurity challenges of the future, such as designing curricula that integrate principles and practices of secure programming into educational programs. To help guide this process, the National Science Foundation Directorates of Computer and Information Science and Engineering (CISE) and Education and Human Resources (EHR) jointly sponsored the Summit on Education in Secure Software (SESS), held in Washington, DC in October, 2010. The goal of this session is to share some of the key findings and challenges identified by the summit and to actively engage the community in the discussions. Each of the speakers participated in the summit and brings a unique viewpoint to the session.

Published

2012

14. Facebook goes to the doctor

Author

Gabriel M. Silberman, Matt Bishop, Peter Mackinlay Yellowlees, and Carrie Gates

Subjects

Social network, business.industry, Health care, Medicine, Current technology, Eavesdropping, Computer security, computer.software_genre, Set (psychology), business, computer

Abstract

The use of computer-based social networks for health care changes the privacy paradigm of face-to-face treatment. For example, in an office, a patient can be reasonably sure that the physician or therapist is the only one present, and is who has been providing treatment. On a computer-based social network, communications travel over the World Wide Web, raising the possibility of eavesdropping, delay, and other problems. Further, verification of the party with whom the patient is communicating is more difficult, and to many less credible, than in-person verification. This paper describes the privacy paradigm, presents a set of requirements for effective use of computer-based social networks in health care, discusses what current technology can provide, and what gaps must be closed to meet the rest of the requirements.

Published

2011

15. Resilience is more than availability

Author

Richard Ford, Matt Bishop, Marco Carvalho, and Liam M. Mayron

Subjects

Computer science, Existential quantification, Survivability, Information assurance, Computer security, computer.software_genre, Data science, Terminology, Robustness (computer science), medicine, Confidentiality, Applied science, medicine.symptom, computer, Confusion

Abstract

In applied sciences there is a tendency to rely on terminology that is either ill-defined or applied inconsistently across areas of research and application domains. Examples in information assurance include the terms resilience, robustness and survivability, where there exists subtle shades of meaning between researchers. These nuances can result in confusion and misinterpretations of goals and results, hampering communication and complicating collaboration. In this paper, we propose security-related definitions for these terms. Using this terminology, we argue that research in these areas must consider the functionality of the system holistically, beginning with a careful examination of what we actually want the system to do. We note that much of the published research focuses on a single aspect of a system -- availability -- as opposed to the system's ability to complete its function without disclosing confidential information or, to a lesser extent, with the correct output. Finally, we discuss ways in which researchers can explore resilience with respect to integrity, availability and confidentiality.

Published

2011

16. Trust of medical devices, applications, and users in pervasive healthcare

Author

Michael Clifford and Matt Bishop

Subjects

Ubiquitous computing, business.industry, Computer science, Control (management), Internet privacy, Patient data, Emergency treatment, Computer security, computer.software_genre, Pervasive healthcare, Trustworthiness, Health care, business, computer

Abstract

In the future, patients may be able to receive health care through the use of pervasive medical devices, sensors, and applications, even outside of hospitals. These data sources monitor and assist patients, aid in treatment, and notify doctors of problems as they develop, allowing them to send help and prepare for emergency treatment faster than otherwise possible. But such data sources are subject to attack or failure. Current trust models guarantee control over access to patient data, but not to determine the trustworthiness of the sources of that data, or of the data itself. This paper shows how the Solar Trust Model can be used to evaluate the trustworthiness of data and data sources in networks of pervasive healthcare devices, sensors, and applications.

Published

2011

17. Relationships and data sanitization

Author

Deb Agarwal, Sean Peisert, Bhume Bhumiratana, Michael Hogarth, Deborah A. Frincke, Anhad Singh, Matt Bishop, and Justin Cummins

Subjects

Data anonymization, Exploit, business.industry, Computer science, Internet privacy, Other Public Affairs, Public Policy and Public Administration, data anonymization, Adversary, privacy, Data set, Work (electrical), Data sanitization, Order (exchange), Ontology, sanitization, ComputingMilieux_COMPUTERSANDSOCIETY, ontology, business, Other Computer Sciences

Abstract

Research in data sanitization (including anonymization) emphasizes ways to prevent an adversary from desanitizing data. Most work focuses on using mathematical mappings to sanitize data. A few papers examine incorporation of privacy requirements, either in the guise of templates or prioritization. Essentially these approaches reduce the information that can be gleaned from a data set. In contrast, this paper considers both the need to ``desanitize'' and the need to support privacy. We consider conflicts between privacy requirements and the needs of analysts examining the redacted data. Our goal is to enable an informed decision about the effects of redacting, and failing to redact data. We begin with relationships among the data being examined, including relationships with a known data set and other, additional, external data. By capturing these relationships, desanitization techniques that exploit them can be identified, and the information that must be concealed in order to thwart them can be determined. Knowing that, a realistic assessment of whether the information and relationships are already widely known or available will enable the sanitizers to assess whether irreversible sanitization is possible, and if so, what to conceal to prevent desanitization.

Published

2010

18. The security and privacy implications of using social networks to deliver healthcare

Author

Matt Bishop and Carrie Gates

Subjects

Information privacy, business.industry, Computer science, medicine.medical_treatment, Internet privacy, Health records, Computer security, computer.software_genre, Group psychotherapy, InformationSystems_GENERAL, Health care, medicine, business, computer, Mobile device

Abstract

Healthcare technologies have tended to focus on electronic health records and devices (e.g., devices within the home for patients or handheld devices for nurses and physicians), and the interaction between the two. However, no one to date has investigated how social networking technologies might be used to provide an assistive environment for patients who participate in group therapy. In this paper we propose such an environment and go on to discuss the privacy requirements and security implications in developing an appropriate support mechanism.

Published

2010

19. Quis Custodiet ipsos Custodes?

Author

Sean Peisert, Laura Corriss, Steven J. Greenwald, and Matt Bishop

Subjects

Notice, business.industry, Computer science, media_common.quotation_subject, Internet privacy, Information security, Computer security, computer.software_genre, Order (exchange), restrict, Voting, Perception, Security community, business, computer, Composition (language), media_common

Abstract

Do you believe that more than one single security paradigm exists? We do.We also believe that we have a major problem because of all these security paradigms: until we find a way to identify and understand how these paradigms restrict our analyses we will never have the ability to do a good job identifying risks and threats, let alone protect ourselves from them.We also believe that the majority of people working in the security community use only one paradigm without recognizing that self-imposed constraint. The paradigm they use may change or even expand based on new data and experiences, but it still continues to limit their approaches and analyses, and therefore limit their effectiveness.At NSPW 2009 we presented a panel simulation using four analysts in order to demonstrate how security paradigms constrain perceptions and points of view, and how the combination of the different paradigms confuses the analysts' conclusions. Our panel used real-time, interactive exploration to investigate how individuals in the security community work together within their different paradigms and how they often lack awareness of their particular paradigms while working in the same way that a fish does not notice the water in which it swims.We presented a provocative, live scenario followed by an intensive analysis with NSPW audience participation. We hoped that this would illustrate the misunderstandings and erroneous conclusions that can emerge from the inadvertent and often faulty composition of differing universes of discourse.Ultimately this led to a new paradigm for dealing with the compositions of the paradigms held by various individuals that we call "Multi-Paradigm Composition Analysis."

Published

2009

20. Privacy aware data sharing

Author

Bhume Bhumiratana and Matt Bishop

Subjects

Information privacy, Data anonymization, Privacy by Design, Computer science, business.industry, Privacy software, Internet privacy, Usability, Information security, Security policy, Computer security, computer.software_genre, Data sharing, business, computer

Abstract

Existing models of privacy assume that the set of data to be held confidential is immutable. Unfortunately, that is often not the case. The need for privacy is balanced against the need to use the data, and the benefits that will accrue from the use of the data. We propose a model to balance privacy and utility of data. This model allows both the data provider and the data user to negotiate both requirements until a satisfactory balance is reached, or one (or both) determine such a balance cannot be reached. Thus, this model enables less than perfect privacy, or less than complete utility, as is appropriate for the particular circumstances under which the dat a was gathered and is being held, and the specific use to which it is to be put.

Published

2009

21. We have met the enemy and he is us

Author

Sean Whalen, Carrie Gates, Sean Peisert, Matt Bishop, and Sophie Engle

Subjects

Hierarchy, Process (engineering), business.industry, Computer science, Insider threat, Access control, Adversary, Security policy, Computer security, computer.software_genre, Insider, Abstraction layer, business, computer

Abstract

The insider threat has long been considered one of the most serious threats in computer security, and one of the most difficult to combat. But the problem has never been defined precisely, and that lack of precise definition inhibits solutions. This paper presents a precise definition of insider threat, and shows how the definition enables an analysis of the set of problems traditionally lumped into \the insider threat". It introduces a hierarchy of policy abstractions, and argues that the discrepancies between the different layers of abstraction expose the potential for insider threat. It also presents a methodology for analyzing the threat based upon our definitions. In the process, we introduce Attribute-Based Group Access Control, a generalization of the Role-Based Access Control model that allows any attributes to define a group. We apply this to the insider threat by defining groups based on access capabilities, and using that to identify users with a high level of threat with respect to high-risk resources.

Published

2008

22. Defining the insider threat

Author

Carrie Gates and Matt Bishop

Subjects

Government, business.industry, Computer science, media_common.quotation_subject, Insider threat, Public relations, Computer security, computer.software_genre, Insider, Service (economics), business, computer, media_common, Financial sector

Abstract

Many diverse groups have studied the insider threat problem, including government organizations such as the Secret Service, federally-funded research organizations such as RAND and CERT, and university researchers. In addition, many industry participants are interested in the problem, such as those in the financial sector. However, despite this interest, no consistent definition of an insider has emerged.

Published

2008

23. Inconsistency in deception for defense

Author

Vicentiu Neagoe and Matt Bishop

Subjects

Computer science, media_common.quotation_subject, Internal consistency, Cornerstone, Deception, Computer security, computer.software_genre, computer, media_common

Abstract

The use of deception is one of many defensive techniques being explored today. In the past, defenders of systems have used deception haphazardly, but now researchers are developing systematic methods of deception. The cornerstone of these methods is internal consistency: projecting a "false reality", or "fiction", that the attacker is to accept as reality. We challenge the necessity of this cornerstone, and explore the nature and possible uses of inconsistency in deception as a defense.

Published

2006

24. Sanitization models and their limitations

Author

Bhume Bhumiratana, R. Crawford, Matt Bishop, L. Clark, and Karl Levitt

Subjects

Closed-world assumption, Work (electrical), Computer science, Data sanitization, Management science, Control (management), Problem statement, Inference, Social environment, Ethical values

Abstract

This work explores issues of computational disclosure control. We examine assumptions in the foundations of traditional problem statements and abstract models. We offer a comprehensive framework, based on the notion of an inference game, that unifies various inference problems by parameterizing their problem spaces. This work raises questions regarding the significance of intractability results. We analyze common structural aspects of inference problems via case studies; these emphasize why explicit policies are needed to specify all social context and ethical values relevant to a problem instance.

Published

2006

25. Proceedings of the New Security Paradigms Workshop, NSPW 2018, Windsor, UK, August 28-31, 2018

Author

Marco Carvalho 0001, Matt Bishop, Anil Somayaji, Wolter Pieters, and Mohammad Mannan

Published

2018

26. Proceedings of the 2008 Workshop on New Security Paradigms, Lake Tahoe, CA, USA, September 22-25, 2008

Author

Matt Bishop, Christian W. Probst, Angelos D. Keromytis, and Anil Somayaji

Published

2008