Science of Security Lablet established at the University of Illinois

The University of Illinois at Urbana-Champaign, Carnegie Mellon University, and North Carolina State University are each receiving an initial $1 million in grant funds from the U.S. National Security Agency (NSA) to stimulate the creation of a more scientific basis for the design and analysis of trusted systems.

.

It is widely understood that critical cyber systems must inspire trust and confidence, protect the privacy and integrity of data resources, and perform reliably. To tackle the ongoing challenges of securing tomorrow's systems, the NSA concluded that a collaborative community of researchers from government, industry, and academia is a must.

To that end, the NSA grant will seed an academic “Lablet” focused on the development of a Science of Security (SoS) and a broad, self-sustaining community effort to advance it. A major goal is the creation of a unified body of knowledge that can serve as the basis of a trust engineering discipline, curriculum, and rigorous design methodologies. The results of SoS Lablet research are to be extensively documented and widely distributed through the use of a new, network-based collaboration environment. The intention is for that environment to be the primary resource for learning about ongoing work in security science, and to be a place to participate with others in advancing the state of the art.

The Illinois Lablet, which will be housed in the Information Trust Institute at Illinois, will contribute broadly to the development of security science while leveraging Illinois expertise in resiliency, which in this context means a system’s demonstrable ability to maintain security properties even during ongoing cyber attacks. David M. Nicol, the Illinois Lablet’s principal investigator, explains, “The complexity of software systems guarantees that there will almost always be errors that can be exploited by attackers. We have a critical need for foundational design principles that anticipate penetrations, contain them, and limit their effects, even if the penetration isn’t detected.”

The Lablet’s work will draw on several fundamental areas of computing research. Some ideas from fault-tolerant computing can be adapted to the context of security. Strategies from control theory will be extended to account for the high variation and uncertainty that may be present in systems when they are under attack. Game theory and decision theory principles will be used to explore the interplay between attack and defense. Formal methods will be applied to develop formal notions of resiliency. End-to-end system analysis will be employed to investigate resiliency of large systems against cyber attack. The Lablet’s work will draw upon ideas from other areas of mathematics and engineering as well.

Nicol, the project’s principal investigator, is a professor of Electrical and Computer Engineering (ECE) at Illinois and the director of the Information Trust Institute. The Lablet’s leadership is shared with co-principal investigators William H. Sanders, who is an ECE professor and director of the Coordinated Science Laboratory at Illinois, and José Meseguer, a professor of Computer Science.