Tag: mayo

Improving Cyber Security—Education and Application

Most cyber attacks aren’t new. Rather, they are new to the administrators encountering them. “The workforce isn’t well trained in these complex issues,” Jean Mayo explains. “One problem we encounter in education is that we cannot allow students to modify the software that controls an actual system—they can cause real damage.”

Our goal is to keep the data safe not only by controlling who has access, but by ensuring file integrity.

With support from the National Science Foundation, a team of Michigan Tech computer scientists teaches modern models of access control using visualization systems within user-level software.

Mayo and her team are also taking a fresh look at teaching students how to code securely. “The system we developed will detect when security is compromised and provide students with an explanation of what went wrong and how to fix it,” she adds.

42

File System Enhancement for Emerging Computer System Concerns

Mayo is applying existing firewall technology to file system access control. In her core research, she’s providing greater flexibility for administrators to determine when access is granted. “Using the firewall model to filter traffic content—like a guard standing by a door—we can add more variables to control file access, like time of day or location. It is more flexible, but also more complex—firewalls are familiar and help administrators navigate the complexity.”

Mayo is also developing a language for guaranteeing file security. “Our goal is to keep the data safe not only by controlling who has access, but by ensuring file integrity.” This system will disallow changes made to a file when the change doesn’t meet file specifications. “This helps to prevent users from entering incorrect data.”

Continue Reading


NSF award for Drs. Mayo, Shene, Wang of MTU and Dr. Carr of WMU

Drs. Jean Mayo, Ching-Kuang Shene and Chaoli Wang of MTU and Dr. Steven Carr of Western Michigan University, have been awarded $199,164 from the National Science Foundation to develop materials to educate students on modern access control models and systems.

Educating students in this area is important for keeping the nation’s computer resources secure.  Access control is a last line of defense for protecting system resources from a compromised process.  This is a primary motivation for the principle of least privilege, which requires that a process be given access to exactly those resources it requires.  Yet enforcement of this principle is difficult.  A strict access control policy can contain tens of thousands of rules, while errors in the policy can interrupt service and put system resources at risk unnecessarily.

This project will develop materials that facilitate education on modern access control models and systems.  A policy development system leverages visualization to enhance student learning.  The policy development system allows graphical development and analysis of access control policies.  It runs at the user-level, so that student work does not impact operation of the underlying system and so that access to a specific operating system is not required.  A set of web-based tutorials is being developed that are suitable for study outside of the classroom. These materials will increase the number of institutions that are able to offer deep coverage of access control and will facilitate expertise among workers who are not able to pursue formal education.

Continue Reading