Tuesday, December 1, 2009

Report from the Launch of the Northrop Grumman Cybersecurity Research Consortium

"We require leap-ahead technology developments to improve the position of defenders. Our NGCRC is all about creating leap-ahead technologies to implement on a large-scale."

Report from the Launch of the Northrop Grumman Cybersecurity Research Consortium

By Richard Power

At the National Press Club in Washington, D.C., Northrop Grumman announced the formation of its Cybersecurity Research Consortium (NGCRC), which involves three of the leading programs in the field: Carnegie Mellon's CyLab as well as Purdue University's CERIAS and M.I.T.'s CSAIL.

In his remarks, Robert F. Brammer, VP for Advanced Technology and CTO for Northrop Grumman Information Systems cited the motivating factors behind the Consortium:

"First, the values of information systems and networks have never been greater. Second, cybersecurity threats have never been greater."

"We are moving from an internet of people and computers to an internet of things. This technology will transform electric power, automobiles, real estate, home appliances, health care, and other industries."

"We require leap-ahead technology developments to improve the position of defenders. Our NGCRC is all about creating leap-ahead technologies t0 implement on a large-scale."

Following Brammer's opening statement, representatives from the three academic research programs offered glimpses into what some of that "leap-ahead" technology will look like.

Dr. Howard Shrobe, Principal Research Scientist at M.I.T. CSAIL (Computer Science and Artificial Intelligence Lab) spoke on his "Meta-Computing" project:

"Computers are vulnerable because they have no idea what they're doing; they can't tell right from wrong ... Our fix to this is to design a new style of computer architecture ..."

Dr. Adrian Perrig, CyLab's Technical Director briefly outlined the seven major CyLab research thrusts and then highlighted work being done in the area of Trustworthy Computing Platforms & Devices.

This research focuses on the Trusted Platform Module (TPM). In 2008, over 100 million laptops & desktops shipped with TPM; in 2010, it is estimated to be over 200 million. But, as of today, it is an under-utilized opportunity to deepen security. CyLab is working on numerous projects that provide means to establish trustworthy computing in an insecure environment. The challenge is in an increasingly virtual world, how can we obtain assurance WHO and WHICH DEVICE we are communicating with? CyLab is developing easy-to-understand and intuitive mechanisms for secure device pairing and personal trust setup mechanisms: e.g., Perspectives, TrustVisor, Flicker and SPATE.

Perrig also offered a brief overview of three research projects CyLab will be pursuing as its contribution to the NGCRC:

"Detection Mechanisms for Integrity Attacks on Sensing & Control Software Systems" will be led by Dr. Bruno Sinopli. The work is aimed at detecting integrity attacks on distributed control software systems. Has software on embedded devices been modified? Are there discrepancies between sensed & expected behavior? What do they indicate?

"Towards Minimizing the Attack Window for Exploitable Bugs" will be led by Dr. David Brumley. It aims at developing techniques, attack models, & theoretical foundations for finding new bugs, for prioritizing bugs by their exploitability, & for safely distributing patches that fix exploitable bugs

"Real-Time Execution Trace Recording & Analysis" is led by Dr. Perrig himself along with Amit Vasudevan. It aims at enabling real-time forensics, which would otherwise be impossible. Did attackers exploit vulnerability to compromise systems; if yes, what operations did they perform?

Dr. Eugene Spafford Executive Director of CERIAS (Center for Education and Research in Information Assurance and Security) spoke of four NGCRC projects:

"Fast Forensics"

"Watermarking and Provenance of Data Streams for the Cyber-Range"

"Partitioning Network Experiments for the Cyber-Range"

"Context-Based, Adaptable Defense Against Collaborative Attacks in Service-Oriented Architectures"

"In the Fast Forensics," Spafford explained, "we will be investigating how to provide investigators in the field with timely support to examine cellphones, PDAs, and other portable devices containing evidence of criminal activity."

Spafford described the NGCRC as a "unique opportunity for the community to work together looking ahead to the future for a change instead of being reactive serve as an example for other organizations to step forward and take the threat more seriously."

As a long-time champion of academic research into cybersecurity, I concur.

Academic research into cybersecurity is vital to national security and global security.

Partnerships with industry and government are vital to the success of academic research into cybersecurity.

Bringing Northrop-Grumman, CyLab, CERIAS & MIT together in this consortium is an opportunity to advance both of these vital agendas.

The aim of all such collaborations is to accelerate the development of security technologies and strategies.Our work can make such technologies and strategies available sooner than they would have been otherwise.

Related Links:

Carnegie Mellon University Press Release

Northrop Grumman Press Release