CIS 890, Spring 2009

Research Topics in Security

Course Goals

Computer and information security is having an ever-increasing impact on people's day-to-day life. However, the current cyber warfare is highly tilted towards the attackers' advantage. It is extremely difficult to secure a large complex system. And an attacker only needs to get lucky once. Significant improvement is needed in today's state of the art for cyber defense technologies. In this course we will study several of the most pressing security problems in this area, and try to find solutions to them. These problems include security configuration management, intrusion detection and response, security metrics, and cyber forensics. The course is research-oriented and students are expected to present papers in the literature as well as their own work. We will have both periodic meetings and individual appointments. The purpose of the meetings is to foster discussion among students with the expectation that promising solutions be identified and formulated. The goal of the course is to facilitate students in starting independent research in computer security.

Course Schedule

Jan 16: Organizational meeting.
Jan 23: Nataraj's presentation (Slides) on A Multi-Sensor Model to Improve Automated Attack Detection.
Reading:
Detectors should be characterized by likelihood ratios, not posterior probabilities.
The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection.
Jan 26: Nataraj's presentation (continued).
Jan 28 in CIS conference room (Note the non-standard time and place):
Hussain's presentation (Slides) on A practical approach to modeling uncertainty in intrusion analysis.
Jan 30: Su's presentation (Slides) on An Artificial Intelligence Based Approach for Risk Management Using Attack Graph.
Feb 2: Loai's presentation (Slides) on Fang: A firewall analysis engine and Architecting the Lumeta firewall analyzer .
Feb 9: Guest lecture by John Homer
Feb 13: Presentation by Nataraj (Slides).
Feb 16: Presentation by Hussain ( Slides).
Feb 20: Presentation by Hussain (continued).
Feb 23: Presentation by Loai ( Slides).
March 2: Presentation by Loai (continued).

Instructor and course meeting times

Instructor: Xinming (Simon) Ou.
Meeting time and place: Monday 3:30-5:10 and Friday 3:30-4:20 in Nichols 127
Office hours: by appointment

Prerequisites

CIS751: Computer and Information Security, or instructor permission.

Contact

Questions can be emailed to xou (put some stuff here) ksu (a little dot) edu.