Alaska Chapter - Status Report 2010-2011

ORGANIZATION
1. Members are Brian Hay (chapter lead, full member), Kara Nance (full member), and Chris Hecker.

DEPLOYMENTS
1. One current Honeeebox deployment
2. Recently purchased 15 additional Honeeeboxes for deployment at geographically distributed locations.
3. Periodic Dionaea deployments in both public and private clouds for student and demonstration use.

RESEARCH AND DEVELOPMENT

1. Ongoing development of hypervisor-based honeypot monitoring using virtual machine introspection (VMI) on Xen and KVM platforms.
2. Tools for deployment and management of virtual machines
3. Ongoing development of automated deployment and configuration of low-interaction honeynets to match the characteristics of a deployment environment.
4. Working with GSoC student to develop a visualization dashboard for various datasets that will minimize efforts required for data preparation, conversions, etc., and will allow flexibility in data presentation.

PAPERS AND PRESENTATIONS

1. Numerous conference and workshop presentations related to national security.
2. Honeynet Project Annual Workshop 2011 (Paris) – “Virtual Machine introspection for data acquisition”
3. Honeynet Project Annual Workshop 2011 (Paris) – “Funding Opportunitites”
4. Chaired 2011 HICSS Conference Minitrack on Digital Forensics and coordinated paper submission and participation of HP members at the conference.
5. Nance, K. and R. Marty. Identifying and Visualizing the Malicious Insider Threat Using Bipartite Graphs. Information Security and Cyber Crime Minitrack of the Decision Technology, Mobile Technologies and Service Science Track of the 44th Hawaii International Conference on Systems Sciences. January 2011.
6. Bishop, M., B. Hay, and K. Nance. Applying Formal Methods Informally. Assurance Research for Dependable Software Systems Minitrack of the Software Technology Track of the 44th Hawaii International Conference on Systems Sciences. January 2011.
7. Hay, B., K. Nance, and M. Bishop. Storm Clouds Rising: Security Challenges for IaaS Cloud Computing. Cloud Computing Minitrack of the Software Technology Track of the 44th Hawaii International Conference on Systems Sciences. January 2011.
8. Nance, K. and D. Ryan. Legal Aspects of Digital Forensics: A Research Agenda. Digital Forensics Minitrack of the Software Technology Track of the 44th Hawaii International Conference on Systems Sciences. January 2011.
9. Tricaud, S., K. Nance, and P. Saade. Visualizing Network Activity using Parallel Coordinates. Security and Critical Infrastructure of the Electronic Government Track of the 44th Hawaii International Conference on Systems Sciences. January 2011.
10. Nance, K. and R. Marty. Using Link Graphs to Improve Visualization of the Malicious Insider Threat. Proceedings of the 2010 CAE Workshop on Insider Threat, November 2010. ISBN 1-933510-96-10 © 2010 CAE-WIT

GOALS

1. To continue current research in the application of virtualization and visualization to the honeynet domain.
2. To provide a honeynet resource for Alaskan organizations and institutions.
3. To provide students with an opportunity to gain exposure to honeynets.
4. To seek funding opportunities for the HP

MISC ACTIVITIES

1. Submission of several proposals to fund HP activities, including some that are still under consideration by funding agencies.
2. Provided HP GSoC Mentors (2010, 2011) and GSoC Administrator (2011).
3. Interaction with law enforcement agencies, corporations, and utilities regarding honeynet deployments.
4. Building partnerships outside of Alaska to further HP research potential.