North Carolina State University, the University of Illinois at Urbana-Champaign and Carnegie Mellon University are each receiving an initial $2.5 million in grant funds from the U.S. National Security Agency (NSA) to stimulate the creation of a more scientific basis for the design and analysis of trusted systems.
The co-principal investigators for the NC State Science of Security Lablet are Dr. Laurie Williams, professor of computer science, and Dr. Michael Rappa, director of the Institute of Advanced Analytics and professor of computer science.
It is widely understood that critical cyber systems must inspire trust and confidence, protect the privacy and integrity of data resources, and perform reliably. To tackle the ongoing challenges of securing tomorrow’s systems, the NSA concluded that a collaborative community of researchers from government, industry and academia is a must.
To that end, the NSA grant has seeded academic “lablets” focused on the development of a Science of Security (SoS) and a broad, self-sustaining community effort to advance it. A major goal is the creation of a unified body of knowledge and analytics methods and tools that can serve as the basis of a trust engineering discipline, curriculum, and rigorous design methodologies. The results of SoS lablet research are to be extensively documented and widely distributed through the use of a new, network-based collaboration environment. The intention is for that environment to be the primary resource for learning about ongoing work in security science, and to be a place to participate with others in advancing the state of the art.
The NC State lablet, which will be housed in the Institute for Next Generation IT Systems (ITng), will contribute broadly to the development of Security Science while leveraging NC State’s expertise and experience in analytics, including the extensive expertise available in the NC State Institute of Advanced Analytics.
“The security fortification technique of data encryption has a sound mathematical basis, providing a predictable and quantifiable level of security based upon the strength of the encryption algorithm,” Williams says. “Conversely, the science behind other security techniques that provide vulnerability prevention, detection and fortification is either rudimentary or does not exist. As a result, the principles of designing trustworthy systems often are not rooted in science. The three SoS lablets established by the NSA will research techniques to provide this scientific basis.”
The lablet’s work will draw on several fundamental areas of computing research and on the related analytics. Some ideas from fault-tolerant computing can be adapted to the context of security. Strategies from control theory will be extended to account for the high variation and uncertainty that may be present in systems when they are under attack. Game theory and decision theory principles will be used to explore the interplay between attack and defense. Formal methods will be applied to develop formal notions of security resiliency. End-to-end system analysis will be employed to investigate resiliency of large systems against cyber attack. The lablet’s work will draw upon ideas from other areas of mathematics, statistics and engineering as well.
Established in 2007, the Institute for Advanced Analytics provides graduate education and promotes research in the emerging field of analytics. It serves as a focal point for collaboration among faculty is applied mathematics, statistics, and computer science, among other areas. Core to its mission is to prepare students for the challenging task of deriving insights from vast quantities of structured and semi-structured data. The institute’s flagship educational program is the nation’s first and pre-eminent Master of Science in Analytics (MSA) degree. The MSA is an intensive, full-time, 10-month learning experience with an innovative curriculum and 5-year track record of exceptional student outcomes.
The ITng is a research organization located within NC State’s College of Engineering. Its mission is to provide a forum for collaboration between government, industrial and university partners, faculty and students to research and implement solutions that address current IT challenges. Working at the intersection of research, practice and policy, ITng focuses on next generation information technology challenges in the domains of health and well being, educational innovation, energy and environment, and security. Other large government-sponsored projects housed in ITng are the Secure Open Systems Initiative (SOSI) sponsored by the Army Research Office and the National Collaborative for Bio-Preparedness (NCB-Prepared) sponsored by the Department of Homeland Security.