Cornell University will be part of a nationwide initiative to develop long-term solutions to computer security problems, the National Science Foundation (NSF) has announced. The NSF expects to provide almost $19 million in funding for the program over five years, with about $3 million coming to Cornell.
The plan creates a new Science and Technology Center that will bring together researchers with a strong background in security research from eight academic institutions along with industrial and government partners. Fred Schneider, Cornell professor of computer science, will be chief scientist; S. Shankar Sastry, professor of electrical engineering and computer sciences at the University of California-Berkeley, will be principal investigator and director of the new center. Stephen Wicker, Cornell professor of electrical and computer engineering, leads the participating team of Cornell faculty and will be a member of the center's governing board.
The researchers have named the consortium TRUST, for Team for Research in Ubiquitous Secure Technology. The aim of TRUST's research is to create new technologies – and perhaps even new social institutions – that will make it possible to build computer software and networks that are inherently secure. "Security" here means not only protection against outside attacks, but also reliability of service and preservation of data.
"It's an extremely strong group, and it's going to be very exciting working with them. I expect to see some great work resulting from this collaboration. I expect to learn a lot, too," said Schneider, who is director of the Information Assurance Institute, a joint project of Cornell and U.S. Air Force researchers. He also is a founder and board member of the Griffiss Institute, a New York state security consortium. From 1998 to 2000, Schneider chaired the National Academy of Sciences' study committee on information systems trustworthiness. The committee's work led to the publication of the book Trust in Cyberspace, which Schneider edited.
Four other Cornell faculty members also will participate in the effort. They are: Kenneth Birman, professor of computer science; Rajit Manohar, associate professor of electrical and computer engineering; Emin Gun Sirer, assistant professor of computer science; and Lang Tong, professor of electrical and computer engineering.
The funding comes from NSF's Science and Technology Centers: Integrative Partnerships program, which creates collaborations among academic institutions, national laboratories, industrial organizations and others for research and education projects of national importance. Although funding for new centers under the program was scheduled to be cut, Congressman Sherwood Boehlert (R-N.Y.), chairman of the House Science Committee, worked to have it reinstated.
"This is wonderful news for Cornell University and for upstate New York, proving once again that our region is on the forefront of information security research," Boehlert said. "I congratulate Dr. Fred Schneider, Dr. Shankar Sastry and the all the members of the TRUST consortium for winning this award. They represent the dream team of information assurance and complex systems research, and their partnership is exactly the type of collaboration that was envisioned by the Cybersecurity Research and Development Act of 2002 that I authored. I am also pleased that the TRUST consortium will be working closely with the Air Force Research Laboratory -- Information Directorate at Rome, N.Y., to develop the next generation of secure, robust and reliable information systems."
As computing and communication become ever more important to the nation's financial, energy distribution, telecommunication and transportation infrastructures, attacks on computer systems have rapidly increased at all levels, the researchers point out. Since the essence of most attacks is to fool a computer into running a program surreptitiously loaded by an outsider, Schneider and others have proposed new software technology that would allow computers to determine whether a program is trustworthy and will do what it claims to do.
In addition to protecting computers against attacks, TRUST will consider ways to ensure that stored data remains intact and computer networks operate smoothly. Businesses increasingly rely on distributed sensors and controls to monitor and direct manufacturing and shipment of goods, but the networks used today remain vulnerable to breakdowns and intrusion. The electric power grid is a prime example and will be a key test bed for the research. "We need to learn how lightning storms in Ohio can lead to lights going out at JFK airport," Wicker explained.
Privacy, legal, societal and usability issues will be built into the technology as it is developed rather than added on as an afterthought, the researchers said in their proposal. "The best security in the world is useless unless you have a protocol for making sure people don't do something stupid," Wicker said. "We also plan to put more societal issues into our technical courses so students will understand how user behavior affects security."
The team's long-term approach includes creating programming languages and other tools with which secure systems can be built in the future and educating today's students in the use of those tools. The team will create courses in security and in building trustworthy systems, which will first be taught at the affiliated institutions and later made available to schools outside the team.
The other academic institutions involved are Carnegie Mellon University, Mills College, San Jose State University, Smith College, Stanford University and Vanderbilt University. Industrial and other partners are Bellsouth, Cisco Systems, ESCHER (a research consortium that includes Boeing, General Motors and Raytheon), Hewlett-Packard, IBM, Intel, Microsoft, Oak Ridge National Laboratory, Qualcomm, Sun Microsystems and Symantec.