Science of Security "Lablet" Established at the University of Illinois

11/16/2011 10:00:00 AM

The University of Illinois at Urbana-Champaign will receive an initial $1 million in grant funds from the U.S. National Security Agency (NSA) to stimulate the creation of a more scientific basis for the design and analysis of trusted systems.

It is widely understood that critical cyber systems must inspire trust and confidence, protect the privacy and integrity of data resources, and perform reliably. To tackle the ongoing challenges of securing tomorrow's systems, the NSA concluded that a collaborative community of researchers from government, industry, and academia is a must.

Illinois computer science professor Jose Meseguer
Illinois computer science professor Jose Meseguer
Illinois computer science professor Jose Meseguer

To that end, the NSA grant will seed an academic “Lablet” focused on the development of a Science of Security (SoS) and a broad, self-sustaining community effort to advance it. A major goal is the creation of a unified body of knowledge that can serve as the basis of a trust engineering discipline, curriculum, and rigorous design methodologies. The results of SoS Lablet research are to be extensively documented and widely distributed through the use of a new, network-based collaboration environment. The intention is for that environment to be the primary resource for learning about ongoing work in security science, and to be a place to participate with others in advancing the state of the art.

The Illinois Lablet, which will be housed in the Information Trust Institute at Illinois, will contribute broadly to the development of security science while leveraging Illinois expertise in resiliency, which in this context means a system’s demonstrable ability to maintain security properties even during ongoing cyber attacks. David M. Nicol, the Illinois Lablet’s principal investigator, explains, “The complexity of software systems guarantees that there will almost always be errors that can be exploited by attackers. We have a critical need for foundational design principles that anticipate penetrations, contain them, and limit their effects, even if the penetration isn’t detected.”

The Lablet’s work will draw on several fundamental areas of computing research. Some ideas from fault-tolerant computing can be adapted to the context of security. Strategies from control theory will be extended to account for the high variation and uncertainty that may be present in systems when they are under attack. Game theory and decision theory principles will be used to explore the interplay between attack and defense. Formal methods will be applied to develop formal notions of resiliency. End-to-end system analysis will be employed to investigate resiliency of large systems against cyber attack. The Lablet’s work will draw upon ideas from other areas of mathematics and engineering as well.

Nicol, the project’s principal investigator, is a professor of Electrical and Computer Engineering (ECE) at Illinois and the director of the Information Trust Institute. The Lablet’s leadership is shared with co-principal investigators William H. Sanders, who is an ECE professor and director of the Coordinated Science Laboratory at Illinois, and José Meseguer, a professor of Computer Science.

About the Information Trust Institute (ITI)
The Information Trust Institute is a multidisciplinary cross-campus research unit housed in the College of Engineering at the University of Illinois at Urbana-Champaign. It is an international leader combining research and education with industrial outreach in trustworthy and secure information systems. ITI brings together over 100 faculty, many senior and graduate student researchers, and industry partners to conduct foundational and applied research to enable the creation of critical applications and cyber infrastructures. In doing so, ITI is creating computer systems, software, and networks that society can depend on to be trustworthy, that is, secure, dependable (reliable and available), correct, safe, private, and survivable. Instead of concentrating on narrow and focused technical solutions, ITI aims to create a new paradigm for designing trustworthy systems from the ground up and validating systems that are intended to be trustworthy.