North Carolina State University has again been awarded a Science of Security Lablet by the National Security Agency (NSA) to continue its work in developing the cybersecurity and privacy breakthroughs needed to safe guard cyberspace.
The Science of Security Lablet at NC State was established in 2012. NSA this spring announced that NC State would again host a Lablet for an additional five years under a new contract.
Science of Security Lablets are small multi-disciplinary labs at leading U.S. research institutions that are part of NSA’s Science of Security and Privacy (SoS) Initiative. Launched in 2012, SoS promotes security and privacy science as a recognized field of research and encourages rigorous research methodologies.
Under the latest contract, the University of Kansas, Vanderbilt University and the International Computer Science Institute will join three of the original SoS Lablets established in 2012: Carnegie-Mellon University, University of Illinois-Champaign and NC State.
The NC State Lablet was tasked with working on five “hard problems” when it was established in 2012.
Scalability and Composability: The challenge of this problem is to develop methods enabling the construction of secure systems with known security properties.
Policy-Governed Secure Collaboration: Projects addressing this hard problem seek to develop methods to express and enforce normative requirements and policies for handling data with differing usage needs and among users in different authority domains.
Predictive Security Metrics: The challenge of this problem is to develop security metrics and models capable of predicting whether or confirming that a given cyber system preserves a given set of security properties (deterministically or probabilistically), in a given context.
Resilient Architectures: The challenge of developing the means to design and analyze system architectures that deliver required service in the face of compromised components.
Human Behavior: Modeling human behavior is a daunting task, and projects addressing this hard problem seek to develop models of human behavior (of both users and adversaries) that enable the design, modeling, and analysis of systems with specified security properties.
Those same five problems will continue as the focus for the next five years, said Dr. Laurie Williams, professor and interim department head in the Department of Computer Science and principal investigator of the NC State Lablet.
Three projects have been selected for work in the NC State Lablet in the first year of the new five-year contract.
- Dr. Xiaohui (Helen) Gu (NC State)
Coordinated Machine Learning-Based Vulnerability & Security Patching for Resilient Virtual Computing Infrastructure
- Dr. Ninghui Li (Purdue University)
Principals of Secure BootStrapping for IoT
- Dr. Laurie Williams (NC State) and Dr. Andy Meneely (Rochester Institute of Technology)
Predicting the Difficulty of Compromise through How Attackers Discover Vulnerabilities
The SoS Lablets will focus on the discovery of formal underpinnings of the design of trusted systems, which spans the disciplines of computer science, electrical engineering, mathematics, behavioral science, statistics, philosophy, public policy and physics. Lablet researchers are free to work with other institutions as needed. The Lablets are starting 20 projects in the following research areas: Challenges in Cyber-Physical Systems, Cybersecurity Metrics, Policy-Governed Secure Collaboration, Privacy, Resilient Architectures, Scalability and Composability and Understanding and Accounting for Human Behavior.
The Lablets were competitively selected from a solicitation of nearly 300 universities across the United States. The criteria for selection included scientific rigor of research projects, applicability to current challenges and efforts to grow a scientific community in security and privacy.
Learn more about the NC State Lablet at https://research.csc.ncsu.edu/security/lablet.