Dr. Elisa Bertino, Cyber Center Director, publishes new book
July 18, 2012
As data represent a key asset for today's organizations, the problem of how to protect this data from theft and misuse is at the forefront of these organizations' minds. Even though today several data security techniques are available to protect data and computing infrastructures, many such techniques -- such as firewalls and network security tools -- are unable to protect data from attacks posed by those working on an organization's "inside." These "insiders" usually have authorized access to relevant information systems, making it extremely challenging to block the misuse of information while still allowing them to do their jobs. This book discusses several techniques that can provide effective protection against attacks posed by people working on the inside of an organization.
Chapter One introduces the notion of insider threat and reports some data about data breaches due to insider threats. Chapter Two covers authentication and access control techniques, and Chapter Three shows how these general security techniques can be extended and used in the context of protection from insider threats. Chapter Four addresses anomaly detection techniques that are used to determine anomalies in data accesses by insiders. These anomalies are often indicative of potential insider data attacks and therefore play an important role in protection from these attacks.
Security information and event management (SIEM) tools and fine-grained auditing are discussed in Chapter Five. These tools aim at collecting, analyzing, and correlating -- in real-time -- any information and event that may be relevant for the security of an organization. As such, they can be a key element in finding a solution to such undesirable insider threats. Chapter Six goes on to provide a survey of techniques for separation-of-duty (SoD). SoD is an important principle that, when implemented in systems and tools, can strengthen data protection from malicious insiders. However, to date, very few approaches have been proposed for implementing SoD in systems. In Chapter Seven, a short survey of a commercial product is presented, which provides different techniques for protection from malicious users with system privileges -- such as a DBA in database management systems. Finally, in Chapter Eight, the book concludes with a few remarks and additional research directions.
July 29, 2014
Michael Ladisch, distinguished professor of agricultural and biological engineering at Purdue University, has been appointed to the board of directors of the newly created Foundation for Food and Agricultural Research, which Congress authorized in the 2014 farm bill. Ladisch, who also is director of Purdue's Laboratory of Renewable Resources Engineering and holds a joint appointment in the Weldon School of Biomedical Engineering, is one of 15 board members appointed by U.S. agriculture Secretary Tom Vilsack on July 23.Read Full Story
July 29, 2014
Seven Purdue faculty members have been selected to the New York-based Thomson Reuters Corp's. list of "The World's Most Influential Scientific Minds: 2014" The honor recognizes researchers around the world who have earned distinction by publishing the highest number of articles that rank among the most frequently cited by fellow researchers, according to Thomson Reuters. Purdue scientists on the list include David J. Love, professor of electrical and computer engineering; Mark S. Lundstrom, the Don and Carol Scifres Distinguished Professor of Electrical and Computer Engineering; Kinam Park, the Showalter Distinguished Professor of Biomedical Engineering; Zhixiang Chen, professor of botany and plant pathology; R. Graham Cooks, the Henry B. Hass Distinguished Professor of Analytical Chemistry; Jian-Kang Zhu, Distinguished Professor of PlanRead Full Story
July 25, 2014
A Purdue Research Park-based company whose one-step, patent-pending technology could improve the efficiency of alternative fuels and the production of fragrance products has received funding from the National Science Foundation. Spero Energy Inc. has received a six-month SBIR Phase I grant from the NSF worth $150,000. Its technology is based on Purdue University intellectual property.Read Full Story