Control System Security: This project investigates security issues in control systems that are part of a critical infrastructure. We are currently working on a domain specific language to specify "policy compliance monitors" during control system operations. In addition, we are investigating control system honeynets to provide virtual testbeds for control systems that cannot be pen tested. http://faculty.ist.unomaha.edu/rgandhi/stealth/scada.htm

Studying Software Vulnerabilities: This research combines the information sources from these two communities in a way that facilitates the study of vulnerabilities recorded in large software repositories. We introduce the notion of a semantic template to integrate the scattered information relevant to understand and discover vulnerabilities. We evaluate the use of semantic templates by applying it to analyze vulnerabilities, both reported and hidden, as recorded in the software repositories from the Apache Web Server project. We refer to software repositories in a general sense that includes source code, version control data, bug reports, developer mailing lists and project development websites. We derive semantic templates from community standards such as the Common Weaknesses Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE). We rely on standards in order to facilitate the adoption, sharing and interoperability of semantic templates. http://faculty.ist.unomaha.edu/rgandhi/st/

Cyberattack Forecasting: Cyberspace is a massive socio-technical system of systems, with a significant component being the human system. Current anomaly detection models focus primarily on analyzing network traffic to prevent malicious activities, but it has been shown that such approaches fail to account for human behaviors behind the anomalies. Evidence is growing that more cyber attacks are associated with social, political, economic, and cultural (SPEC) conflicts. It is also known that the socio-technological status of the cyber attackers, their backgrounds and motivations are essential elements in predicting, preventing and tracing cyber attacks. Thus, SPEC factors have the potential to be early predictors for outbreaks of anomalous activities, hostile attacks, and other security breaches in cyberspace. We believe analyzing potential correlations between historical/current SPEC events and cyber attacks may provide valuable insights regarding the origin, agents, means, motive, and potential targets of future cyber attacks. http://kewi.unomaha.edu/cycast/

http://maverickland.unomaha.edu/?p=2493

Integrated Software Assurance Tools Environment: The identification, enhancement and development of software assurance tools. This project explores the current automation tools available to analyze software dependability properties and attempts to correlate their results for meaningful analysis.

Regulatory Requirements-driven Risk Assessment: Security breaches most often occur due to a cascading effect of failure among security constraints that collectively address risk in a socio-technical environment. Therefore, while assessing risk during software system certification activities, analysts must systematically take into account the nexus of causal chains that exist among security constraints imposed by regulatory security requirements. Numerous regulatory requirements specified in natural language documents or listed in spreadsheets/databases do not facilitate such analysis. Moreover, a mere checklist of requirements most certainly fails to consider the interdependencies among them in the system context, their cross-cutting impact across several system properties, and the understanding of risk in terms of their compliance level.
Our current research outlines a step-wise methodology to discover and understand the multi-dimensional correlations among regulatory requirements for the purpose of risk assessment. Our lattice algebraic computational model helps estimate the collective adequacy of diverse security constraints imposed by regulatory requirements and their interdependencies with each other to address risks in a bounded scenario of investigation. Abstractions and visual metaphors combine human intuition with metrics available from the methodology to improve the understanding of risks. In addition, a problem domain ontology that classifies and categorizes regulatory requirements from multiple dimensions of a socio-technical environment promotes a common understanding among stakeholders during risk assessment.  

Security Aspects in Service Oriented Architectures (SOA): Exploring the possibilities to separate cross-cutting concerns related to access control, logging, and business process. These are all important cross-cutting concerns while composing an application based on SOA.

Certification and Accreditation in a Net-Centric Environment: A net-centric environment requires faster access to current C&A information, at a reduced cost, and delivered simultaneously to a variety of devices in different locations. In this project we explore the challenges with C&A in a net-centric and dynamic environment.

Vulnerability Models: Current semantic web technologies allow representing and modeling rich information which can support complex problem solving. In this project we investigate the use of an interconnected web of information about common vulnerabilities to provide insights on possible attack vectors in a given system operational context.

Structured compliance requirements: In this research we tackle the challenging problem of formalizing the specification of regulatory software security requirements. We follow a scenario-driven approach, where a sequence of activities performed by the software system are modeled and then tested using automated verification techniques to prove that the mandated security properties are preserved in the early system conceptualization