FEATURES
Cyber warriors
Computer scientists and engineers at NC State are winning the battle against hackers.
The headlines are ominous — and numerous.
There are many more just like them — warnings that personal data may be stolen, national security may be compromised, corporate information may fall into the wrong hands.
It’s the state of the world we live in today, and it’s for these reasons that NC State computer scientists and engineers are at the forefront of efforts to combat cyber-security threats. Through initiatives with government organizations, the military, health care providers and other industry partners, NC State works to keep us safe from hackers and train the next generation of computer security experts.
“This is a growth industry,” said Dennis Kekas, executive director of NC State’s Institute for Next Generation IT Systems. “There are going to be a lot of new jobs created in this new environment.”
To some degree, everyone who works with computers is involved with security. Even the most casual user has account passwords and firewall protection. And since the advent of networking, computer scientists and engineers have made huge efforts to prevent enormous amounts of information — much of it confidential — from being stolen, deleted or used maliciously.
But computers and the networks connecting them have become more omnipresent and advanced. Now, many systems use open source technology, which allows outsiders to improve the software or change it to fit different needs.
A pattern has emerged: Computer scientists develop a new system. Hackers find ways to compromise it. Computer scientists work to defeat those attacks and develop better security measures. Hackers find ways to defeat them. The cycle continues.
“This is an arms race,” said Dr. Douglas Reeves, professor of computer science.
Cyber attackers can take many forms, but the threats many people in the field are most worried about are called “botnets.” These attackers break into a computer, or a group of thousands of computers, and use the machines to commit a crime, all without the computer’s owner knowing what’s happened. It’s as if someone used a stolen vehicle as a getaway car after robbing a store. A botnet called ZeuS, for example, has been getting plenty of national media attention because it is used to steal bank account usernames and passwords.
But as botnets and other attack programs gain attention, Reeves and others at NC State are working to fight them. Among Reeves’ projects is an effort to help systems recognize when they’re being attacked and build better defenses that don’t inhibit the computer’s performance. Likewise, Dr. Xuxian Jiang, an assistant professor of computer science, is working to better understand how botnets communicate with each other, which could help researchers design systems to stop them.
Much of the security work at NC State is done with the help of the Virtual Computing Laboratory (VCL). When it was introduced at NC State in 2004, the VCL was one of the first large-scale examples of “cloud computing” operating in an educational setting. The technology lets users run software on high-powered servers accessed through their personal computers. This lowers hardware and software costs because it shares resources among its users and readapts itself when new users want to use different sets of applications.
The VCL is an extremely secure system, but NC State computer scientists want to push its boundaries further. Through the new Secure Open Systems Initiative (SOSI), which is supported by the U.S. Army Research Office, researchers are working to develop a hyper-secure version of the VCL that conforms to strict military and governmental regulations.
The VCL’s security research can also serve the private sector. SOSI develops techniques and tools to secure open systems and helps industry collaborators assess these systems, including trustworthy deployment testbeds. The results, researchers say, will foster economic growth. Partners in the venture include Cisco, IBM, MC Dean, Red Hat and Tekelec.