our papers on this topic has appeared in the prestigious Journal <strong>of</strong> Web Semantics. A book on Buildingand Securing the Cloud is expected to be published in early 2012.1. Selective and Authentic Third-Party Distribution <strong>of</strong> XML Documents, IEEE Transactions onKnowledge and D<strong>at</strong>a Engineering, Vol. 16, No. 10, p. 1263-1278, 2004 (co-authors: ElisaBertino, Barbara Carmin<strong>at</strong>i, et al) Co-AuthorMy Contribution: I initi<strong>at</strong>ed the ideas in this paper. <strong>The</strong> detailed design was carried out bycolleagues and students <strong>at</strong> the <strong>University</strong> <strong>of</strong> Insubria. <strong>The</strong> paper was part <strong>of</strong> the student’s (MsCarmin<strong>at</strong>i) PhD thesis. I commented on the design and the paper.2. PP-trust-X: A system for privacy preserving trust negoti<strong>at</strong>ions. ACM Transactions onInform<strong>at</strong>ion Systems Security (TISSEC), Vol. 10, No. 3, 2007 (co-authors: Anna CinziaSquicciarini, Elisa Bertino, et al) Co-AuthorMy Contribution: This was the second <strong>of</strong> two papers th<strong>at</strong> I collabor<strong>at</strong>ed with colleagues andstudents <strong>at</strong> the <strong>University</strong> <strong>of</strong> Milan. <strong>The</strong> detailed design was carried out by the student (Ms.Squicciarini) as part <strong>of</strong> her thesis. I commented on the paper and wrote some <strong>of</strong> the introductoryand conclusion sections.3. Security Standards for Semantic Web, Computer Standards and Interface Journal, March 2005,Vol. 27 (North Holland). Sole AuthorMy Contribution: This is 100% my work.4. Using RDF for Policy Specific<strong>at</strong>ion and Enforcement, Proceedings <strong>of</strong> the IEEE DEXA Workshopon Web Semantics, Spain, August 2004 (co-authors: B. Carmin<strong>at</strong>i, E. Ferrari). Co-AuthorMy Contribution: I initi<strong>at</strong>ed the ideas in this paper. <strong>The</strong> details were carried by colleagues <strong>at</strong> the<strong>University</strong> <strong>of</strong> Insubria. <strong>The</strong> paper was written jointly.5. A Rel<strong>at</strong>ional Wrapper for RDF Reific<strong>at</strong>ion, Third IFIP WG 11.11 Intern<strong>at</strong>ional Conference onTrust Management (IFIPTM), West Lafayette, USA, June 15-19, 2009, (co-authors: S.Ramanujam, A. Gupta, L. Khan, and S. Seida). Co-AuthorMy Contribution: This is a team effort and is part <strong>of</strong> the student’s (Ms. Ramanujan) thesis. <strong>The</strong>student wrote the paper and I gave comments. Mr. Gupta carried out the implement<strong>at</strong>ion. Pr<strong>of</strong>.Khan jointly supervised the students with me and Mr. Seida funded this effort from Raytheon.Ms. Ramanujan wrote much <strong>of</strong> the paper with comments from the others.6. Scalable and Efficient Reasoning for Enforcing Role-Based Access Control, Proceedings <strong>of</strong> IFIP11.3, Rome, Italy, June 2010 (co-authors: T. Cadenhead, M. Kantarcioglu, and B. Thuraisingham)Co-AuthorMy Contribution: I conceived the ideas and the student carried out the detailed design andimplement<strong>at</strong>ion. <strong>The</strong> student wrote much <strong>of</strong> the paper with comments from Pr<strong>of</strong>. Kantarcioglu andme.7. Design and Implement<strong>at</strong>ion <strong>of</strong> a Framework for Assured Inform<strong>at</strong>ion Sharing AcrossOrganiz<strong>at</strong>ional Boundaries, Intern<strong>at</strong>ional Journal <strong>of</strong> Inform<strong>at</strong>ion Security and Privacy, Vol. 2,No. 4, 2008. (Y. Harsha Kumar et al). Lead AuthorMy Contribution: I carried out the initial design. My student (Ms. Harsha Kumar) carried out theimplement<strong>at</strong>ion. I wrote the paper from the technical report.8. Geosp<strong>at</strong>ial Resource Description Framework (GRDF) and Security Constructs, ComputerStandards and Interfaces Journal, Vol. 33, No. 1, p. 35 – 41, January 2011 (special issuefrom IEEE ICDE conference workshop) (co-authors: A. Alam, L. Khan). Co-AuthorMy Contribution: I conceived the initial ideas. My student Mr. Alam carried out the detaileddesign and wrote much <strong>of</strong> the paper.108
9. A Semantic Web Based Framework for Social Network Access Control, Proceedings <strong>of</strong> ACMSymposium on Access Control Models and Technologies (SACMAT 2009), p. 177-186, (coauthors:B. Carmin<strong>at</strong>i, E. Ferrari, R. He<strong>at</strong>herly, M Kantarcioglu). Co-AuthorMy Contribution: I conceived the idea. Much <strong>of</strong> the design was carried out by Pr<strong>of</strong>. Kantarciogluand Pr<strong>of</strong>. Carmin<strong>at</strong>i. <strong>The</strong> student (Mr. He<strong>at</strong>herly) carried out the implement<strong>at</strong>ion. <strong>The</strong> paper waswritten by all.10. <strong>The</strong> SCIFC Model for Inform<strong>at</strong>ion Flow Control in Web Service Composition, ProceedingsIEEE Intern<strong>at</strong>ional Conference on Web Services (ICWS 2009) (co-authors: W. She, I. Yen,E. Bertino). Co-AuthorMy Contribution: I conceived the initial ideas. Our student carried out the detailed designand implement<strong>at</strong>ion. Much <strong>of</strong> the paper was written by Pr<strong>of</strong>. Yen.11. Security Issues for Cloud Computing, Intern<strong>at</strong>ional Journal <strong>of</strong> Inform<strong>at</strong>ion Security and Privacy,Vol. 4, No. 2, 2010, p. 36 – 48 (co-authors: K. Hamlen, L. Khan, M. Kantarcioglu). Lead AuthorMy Contribution: I conceived the ideas and the high level design. My colleagues contributed todetails <strong>of</strong> the design. I wrote the paper.17.5 DATA MINING FOR MALWARE DETECTIONI gave several keynote present<strong>at</strong>ions on D<strong>at</strong>a Mining, Security, Privacy and Civil Liberties starting in1996 and wrote a position paper while <strong>at</strong> NSF th<strong>at</strong> resulted in significant emphasis on privacy research.However, I also continued with d<strong>at</strong>a mining for security applic<strong>at</strong>ions research both for n<strong>at</strong>ional securityand cyber security. When I joined <strong>The</strong> <strong>University</strong> <strong>of</strong> <strong>Texas</strong> <strong>at</strong> <strong>Dallas</strong>, I collabor<strong>at</strong>ed with a pr<strong>of</strong>essor andstudents and together we designed and developed a number <strong>of</strong> d<strong>at</strong>a mining algorithms for malwaredetection. We have also developed a d<strong>at</strong>a mining toolkit based on our algorithm.D<strong>at</strong>a Mining for Intrusion Detection: Our initial focus was on applying d<strong>at</strong>a mining for intrusiondetection. We applied various d<strong>at</strong>a mining techniques based on Support Vector Machines (SVM) as wellas developed a novel technique called dynamical growing self-organizing tree (DGSOT) and comparedthe results to the work <strong>of</strong> others. This research was published in Paper #1 th<strong>at</strong> appeared in the prestigiousVery Large D<strong>at</strong>abase Journal. We also included this paper as part <strong>of</strong> a book th<strong>at</strong> we published in 2009 onthe Design and Implement<strong>at</strong>ion <strong>of</strong> D<strong>at</strong>a Mining Tools.D<strong>at</strong>a Mining for Malware Detection: We then started a focused research program on d<strong>at</strong>a miningapplic<strong>at</strong>ions in cyber security funded by the Air Force. In Paper #2 (ICC), we developed a hybrid modelth<strong>at</strong> examined both byte code and assembly code for detecting malicious code. This was a novel approach<strong>at</strong> th<strong>at</strong> time. <strong>The</strong>n in Paper #3 (Inform<strong>at</strong>ion Systems Frontiers), we developed scalable solutions to fe<strong>at</strong>ureextraction for detecting buffer overflow as well as malicious executables.Stream Mining for Fault Detection: <strong>The</strong> research for the last two papers are jointly carried out with the<strong>University</strong> <strong>of</strong> Illinois <strong>at</strong> Urbana Champaign and funded by NASA. Here our goal was to develop d<strong>at</strong>amining techniques for fault detection. D<strong>at</strong>a is eman<strong>at</strong>ing from multiple sources in the form <strong>of</strong> streams. Wehave developed novel stream mining techniques for classifying d<strong>at</strong>a streams. Our approach is based onexamining multiple and hierarchical chunks <strong>of</strong> d<strong>at</strong>a. <strong>The</strong> results are published in Paper #4 (ICDM).However, with our previous approach, new faults cannot be detected. <strong>The</strong>refore, we have come up with abreakthrough technique where novel classes can be detected with high accuracy. This result is publishedin Paper #5 (IEEE Transactions on Knowledge and D<strong>at</strong>a Engineering).Active Defense: <strong>The</strong> results in Papers #2 and #3 focus on defensive detection mechanisms. <strong>The</strong> challengewe face now is th<strong>at</strong> the malicious code will change its p<strong>at</strong>terns, thereby making it very difficult to detect.<strong>The</strong>refore, we have developed a breakthrough approach to be able to detect the malicious code before thevirus is detected. Our results are published in Paper #6 (Computer Standards and Interface Journal).109
- Page 1:
Curriculum VitaeBhavani Thuraisingh
- Page 5 and 6:
EXTERNALSection 2: MAJOR AWARDSBest
- Page 7 and 8:
Section 3: SYNOPSIS OF RESEARCHMy r
- Page 9 and 10:
the concepts in semantic nets and c
- Page 11 and 12:
secure query processing for cloud.
- Page 13 and 14:
Section 4: RESEARCH LEADERSHIPhttp:
- Page 15 and 16:
Section 5: RESUME SUMMARYName:Dr. B
- Page 17 and 18:
Army, NSA, and CIA as well as consu
- Page 19 and 20:
Section 6: INDUSTRY/GOVERNMENT EXPE
- Page 21 and 22:
management to discuss projects as w
- Page 23 and 24:
Current (2004 - Present)The Univers
- Page 25 and 26:
Object Databases (1 day course taug
- Page 27 and 28:
Section 8: ACADEMIC RESEARCH SUPERV
- Page 29 and 30:
Thesis Committees: Serving/served o
- Page 31 and 32:
Section 9: RESEARCH FUNDINGI have o
- Page 33 and 34:
PI: L. KhanAmount: $260,00020. Nati
- Page 35 and 36:
3. CIA: As manager of fifteen resea
- Page 37 and 38:
15. Multilevel Security Issues in D
- Page 39 and 40:
48. E-Mail Worm Detection Using Dat
- Page 41 and 42:
79. Information Demands Drive Data
- Page 43 and 44:
2. Foundations of Multilevel Databa
- Page 45 and 46:
32. Parallel Processing and Trusted
- Page 47 and 48:
66. Privacy Preserving Data Mining,
- Page 49 and 50:
99. Data Mining for Cyber Security
- Page 51 and 52:
130. Object-oriented Implementation
- Page 53 and 54:
161. XIMKON- An Expert Simulation a
- Page 55 and 56:
194. Ontology Alignment Using Multi
- Page 57 and 58: 225. RETRO: A Framework for Semanti
- Page 59 and 60: 5. Inference Problem in Database Se
- Page 61 and 62: I. JOURNAL SPECIAL ISSUES EDITEDSec
- Page 63 and 64: 12. Proceedings ISI Conference, IEE
- Page 65 and 66: Bhavani ThuraisinghamUTDCS-45-06UTD
- Page 67 and 68: UTDCS-32-08A Practical Approach to
- Page 69 and 70: UTDCS-27-11Towards the Design and I
- Page 71 and 72: 29. A Seminar on Real-time Database
- Page 73 and 74: 14. Concurrency Control in Real-tim
- Page 75 and 76: 17. Data Management Systems Evoluti
- Page 77 and 78: 54. Data Mining for National Securi
- Page 79 and 80: 5. Recent Developments in Some Trus
- Page 81 and 82: 44. Data Engineering Directions, IE
- Page 83 and 84: 6. Towards a Global Multilevel Data
- Page 85 and 86: 19. Object Technology for C4I Appli
- Page 87 and 88: 59. Assured Cloud Computing, AFOSR
- Page 89 and 90: 2. A Seminar on Secure Database Sys
- Page 91 and 92: VIII. The University of Texas at Da
- Page 93 and 94: 5. Secure Distributed Query Process
- Page 95 and 96: Simulated algorithms for informatio
- Page 97 and 98: 1. Geospatial Proximity Algorithm,
- Page 99 and 100: Section 16: INTELLECTUAL PROPERTY A
- Page 101 and 102: Section 17: DISCUSSION OF PUBLISHED
- Page 103 and 104: conceptual structures (e.g., semant
- Page 105 and 106: 1990s, we designed and implemented
- Page 107: inference problem. Back in the earl
- Page 111 and 112: Policy management: While discretion
- Page 113 and 114: Section 18: DISCUSSION OF COMPLETE
- Page 115 and 116: Publications: Several journal publi
- Page 117 and 118: Research and Technology Transfer in
- Page 119 and 120: 13. IEEE WORDS Workshop, Santa Barb
- Page 121 and 122: 82. AAAI, Vancouver, BC, Canada, Ju
- Page 123 and 124: http://findarticles.com/p/articles/
- Page 125 and 126: NSF Grants to Help Create Next-Gene
- Page 127: SECTION 21. CYBER SECURITY RESEARCH