Nicol leads new Science of Security "Lablet" at Illinois

The University of Illinois at Urbana-Champaign, Carnegie Mellon University, and North Carolina State University are each receiving an initial $1 million in grant funds from the U.S. National Security Agency (NSA) to stimulate the creation of a more scientific basis for the design and analysis of trusted systems.

It is widely understood that critical cyber systems must inspire trust and confidence, protect the privacy and integrity of data resources, and perform reliably. To tackle the ongoing challenges of securing tomorrow's systems, the NSA concluded that a collaborative community of researchers from government, industry, and academia is a must.

To that end, the NSA grant will seed an academic “Lablet” focused on the development of a Science of Security (SoS) and a broad, self-sustaining community effort to advance it. A major goal is the creation of a unified body of knowledge that can serve as the basis of a trust engineering discipline, curriculum, and rigorous design methodologies. The results of SoS Lablet research are to be extensively documented and widely distributed through the use of a new, network-based collaboration environment. The intention is for that environment to be the primary resource for learning about ongoing work in security science, and to be a place to participate with others in advancing the state of the art.

The Illinois Lablet, which will be housed in the Information Trust Institute at Illinois, will contribute broadly to the development of security science while leveraging Illinois expertise in resiliency, which in this context means a system’s demonstrable ability to maintain security properties even during ongoing cyber attacks. ECE Professor David Malcolm Nicol, the Illinois Lablet’s principal investigator, explains, “The complexity of software systems guarantees that there will almost always be errors that can be exploited by attackers. We have a critical need for foundational design principles that anticipate penetrations, contain them, and limit their effects, even if the penetration isn’t detected.”

The Lablet’s work will draw on several fundamental areas of computing research. Some ideas from fault-tolerant computing can be adapted to the context of security. Strategies from control theory will be extended to account for the high variation and uncertainty that may be present in systems when they are under attack. Game theory and decision theory principles will be used to explore the interplay between attack and defense. Formal methods will be applied to develop formal notions of resiliency. End-to-end system analysis will be employed to investigate resiliency of large systems against cyber attack. The Lablet’s work will draw upon ideas from other areas of mathematics and engineering as well.

Nicol is the director of the Information Trust Institute. The Lablet’s leadership is shared with co-principal investigators ECE Professor William H Sanders, director of the Coordinated Science Laboratory, and Computer Science Professor José Meseguer.