ACSRC Research Highlights 2016
Specific Research Projects
Cloud Data Storage Security Techniques and their Application to Securing Patient Records in Cloud Data Centres
We have developed a new role based encryption (RBE) technique that combines role based access control with cryptographic techniques to secure data storage in public cloud. We have demonstrated this scheme for securing patient records in Person Centric Electronic Health Records (PCEHR) System.
Cloud Services Security
The core aspect of our research involves the design of a policy based secure virtualisation model and architecture enhanced with trusted computing, which can achieve secure and dynamic sharing of virtual resources among co-operating virtual machines in a large scale distributed environment. The feedback between anomaly detection, trust management and access control services enables the ability to dynamically adapt to changes in security attacks and trust levels, improving resiliency.
Metadata based Techniques for Securely Engineering Big Data Applications
We are developing metadata based security policy models for moving data in the Internet by specifying metadata based access permissions in a secure manner and their trusted enforcement in a large scale distributed environment.
Security in Software Defined Networks
We are developing a security model and an integrated trust enhanced security architecture for counteracting attacks and as well as policy driven enforcement for achieving secure end to end SDN services.
Access Control Architecture for Large Scale Internet of Things (IoT)
In this work, we are developing a practical access control architecture for a large scale IoT system using a hybrid capability-based and role based access control system. A significant advantage of such a hybrid model is that it helps to achieve efficient security management, which is an important requirement in large scale IoT systems
Feature Distributed Malware Attacks and their Application to Smart Grids
In this work, we are developing a new technique called Feature Distributed Malware (FDM) that dynamically distributes its features to multiple software components in order to bypass various security mechanisms such as application whitelisting and anti-virus' behavioural detection. Then we have applied the proposed FDM technique to smart grid infrastructures by manipulating various physical field devices as well as cyber systems to illustrate how a blackout is possible even under the security-improved smart grid environment.
A New Data Transformation Method: Feature Dependent Kernel Principal Component Analysis - and its Application to Image Recognition
In this work, we propose a new method for data transformation and dimensionality reduction, where the data is mapped into the kernel space feature-wise, which gives the ability to extract valuable feature vectors. A unique property of this scheme is that the dimension of the feature space is now dependent on the dimension of the input data, and not the size of the input data. This means that no matter how much data one has to analyse, the dimension of kernel matrix (and kernel feature space) is fixed. We are demonstrating the computational efficiency of this technique FDKPCA in image recognition applications.
Significant Publications 2016
Malware and Secure Systems Research
A new security mechanism for software systems that extends integrity mechanism and code signing technique has been developed. It prevents a wide range of attacks such as DLL hijacking and DLL injection, and mitigates the impact of shellcode that is executed by successful software vulnerability exploitation. It also prevents the use of untrusted plugins such as web browser add-ons. Second, it achieves developer- enforced security at the software component level so that components cannot be abused by malware. Third, it ensures a flexible environment where untrusted applications and software components are allowed to be loaded/executed at a low integrity level with restricted access permissions to system resources.
- B.Min and V.Varadharajan, “Rethinking Software Component Security: Software Component Level Integrity and Cross Verification", The Computer Journal, Accepted May 2016.
- B.Min, V.Varadharajan, "A Novel Malware for Subversion of Self Protection in Anti Virus" Software: Practice and Experience, March 2016.
Cloud Data Security Research
We propose a novel role-base encryption technique to build a secure and flexible large-scale electronic health record system where role-based access control policies are enforced in a cloud environment. We discuss a practical electronic health record system called the Personally Controlled Electronic Health Record (PCEHR) System recently developed by the Australian Government and show how the security weaknesses in the PCEHR system can be addressed by our proposed scheme. The proposed system has the potential to be useful in commercial healthcare systems as it captures practical access policies based on roles in a flexible manner and provides secure data storage in the cloud enforcing these access policies.
- L.Zhou, V.Varadharajan and K.Gopinath, “A Secure Role-based Cloud Storage System for Encrypted Patient Centric Health Records”, The Computer Journal, Accepted Mar 2016.
Cloud Services Security
We have proposed an integrated security architecture which combines policy based access control with intrusion detection techniques and trusted computing technologies for securing distributed applications running on virtualised systems. We have implemented the developed architecture and show how the architecture can counteract attack scenarios involving malicious users exploiting vulnerabilities to achieve privilege escalation and then using the compromised machines to generate further attacks.
- V.Varadharajan, U.Tupakula, On the Design and Implementation of an Integrated Security Architecture for Cloud with Improved Resilience, Accepted for Publication in IEEE Transactions in Cloud Computing, 2016
- V.Varadharajan, U.Tupakula, "Securing Services in Networked Cloud Infrastructures", Accepted for Publication in IEEE Transactions in Cloud Computing, May 2016.
Location Privacy Techniques
We have proposed a solution for mobile users to preserve their location and query privacy. Our technique is more efficient and can be applied to multiple discrete type attributes of private location-based queries.
- X.Yi, E.Bertino, V.Varadharajan, “Practical Approximate k Nearest Neighbor Queries with Location and Query Privacy”, Accepted for Publication in IEEE Transactions in Knowledge and Data Engineering, Jan 2016.
Software Defined Networks Security
In this work, we propose a policy driven security architecture for securing end to end services across multiple autonomous domain based SDN environment. We have developed a language based approach to designing a range of security policies that are relevant for SDN services and communications. The security architecture enables secure routing of packets based on the specified security policies in the SDN Controller.
- K. K. Karmakar, V. Varadharajan, U. Tupakula “On the Design and Implementation of a Security Architecture for Software Defined Networks”, Proceedings of the 18th IEEE International Conferences on High Performance Computing and Communications, Dec 2016.
- U.Tupakula, V.Varadhaajan, “Securing SDN Controller and Switches from Attacks”, Accepted for Publication in the 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, IEEE TrustCom-16, 2016
- K Karmakar, V Varadharajan, U Tupakula, "On the Design and Implementation of a Secure End to End Services in Software Defined Networks" Proceedings of the 41st IEEE International Conference on Local Area Networks, LCN 2016.
Big Data Security
In this paper, we propose techniques for securing big data environments. Our approach makes use of fine granular monitoring of the tenant resources in large scale data centres to detect service specific attacks and offline traffic analysis of multiple tenants to detect attacks such as botnets.
- U.Tupakula and V.Varadharajan, "Securing Big Data Environments from Attacks", Proc IEEE International Conference on Big Data Security on Cloud, April 2016.
- Professor Varadharajan appointed as Visiting Professor - Mercator Fellow by DFG German Research Foundation – 2016 -2022 with Technical University of Darmstadt.
- Professor Varadharajan member of Prime Ministerial Cyber Security Task Force (CSTF) India in May 2015. CSTF created upon the recommendation of the Prime Minister of India by NASSCOM (the peak body for Indian Technology Sector)
- Professor Varadharajan was Visiting Professor at the National Institute of Trichi (NITT) India during 2016.
PhD Thesis Completions
- Byungho Min: Feature based Security Techniques for Attacking and Protecting Software Systems, Submitted 2016. Accepted 2016. (Supervisor: Professor Vijay Varadharajan)
- Dilshan Jayaratna: Security Techniques for Virtual Machine based Systems, Submitted 2016. Accepted 2017. (Supervisors: Professor Vijay Varadharajan and Dr Uday Tupakula)
- Sepehr Damavandinejadmonfared: Improved PCA-based Techniques for Face and Finger-Vein Recognition Systems, PhD Thesis, Submitted 2016. Accepted 2017. (Supervisor: Professor Vijay Varadharajan)
- CSIRO Postgraduate Scholarship: PhD Student – Kallol Krishna Karmakar – Software Defined Networks Security 2016
Invited Speeches and Panels
- Annual CSO Perspectives Roadshow, Invited Panel on IoT Security, Mar 2017 – Professor Varadharajan
- Industry Security Roundtable at Sydney, Gemalto, Mar 2017 – Professor Varadharajan
- Industry Security Event - Anticipate 2016 - The Past, The Present, and the Future of IT Security, Nov 2016 – Professsor Varadharajan
- International Conference Keynote Speech – Security and Privacy Week SPW 2016 (IFIP TM, WiSec and PETS), July 2016 - Professor Varadharajan
- Keynote Speech at NITT and at Security and Cryptography Conference, May 2016, India – Professor Varadharajan
- Invited Speech on Cloud Computing Security, Anna University, May 2016, - Professor Varadharajan
- Internet of Things Security:
- Internet of Things Security:
- Cloud Data Security: https://www.youtube.com/watch?v=u0khmw_NXas