Stanford joins multi-institution center to protect computers from cyberattacks

John Mitchell

John Mitchell

The National Science Foundation (NSF) announced on April 11 that the University of California-Berkeley will lead a multi-institution center to protect the nation’s computer infrastructure from cyberattacks while improving its reliability. Collaborators from eight universities around the country, including Stanford, will form the new Team for Research in Ubiquitous Secure Technology (TRUST).

The TRUST center is expected to receive nearly $19 million over five years, with the possibility of a 5-year, $20 million extension at the end of the initial term.

The announcement comes amid mounting concerns over the security of the nation’s information and data systems. A report released last month by President Bush’s Information Technology Advisory Committee said the “information infrastructure of the United States is highly vulnerable to disruptive domestic and international attacks,” and recommended increased support for fundamental research in cybersecurity.

The TRUST researchers say that through the prevalence of information technologies, modern society has become increasingly dependent upon properly functioning computer systems that control such critical infrastructures as finance, energy distribution, telecommunications and transportation.

“The cybersecurity community has long feared that it would take an electronic Pearl Harbor for people to realize the scale of disruptions possible from a concerted attack by terrorists,” said S. Shankar Sastry, UC-Berkeley professor of electrical engineering and computer sciences, and the principal investigator and director of the TRUST center.

Partners in TRUST

Besides Stanford and UC-Berkeley, the academic partners in this effort are Carnegie Mellon University, Cornell University, Mills College, San Jose State University, Smith College and Vanderbilt University. The initiative also brings together industrial and other affiliates, including Bellsouth, Cisco Systems, ESCHER (a research consortium that includes Boeing, General Motors and Raytheon), Hewlett Packard, IBM, Intel, Microsoft, Oak Ridge National Laboratory, Qualcomm, Sun Microsystems and Symantec.

“This is an exciting opportunity to bring trust and computer security efforts on Stanford campus together and an exciting opportunity to collaborate with leaders at other universities and major companies,” said Stanford computer scientist John Mitchell, the Mary and Gordon Crary Family Professor in the School of Engineering and a co-principal investigator of TRUST. “Stanford has been a prominent center in computer security since [Whitfield] Diffie and [Martin] Hellman’s ground-breaking work on public-key cryptography more than 25 years ago.”

In the last decade, scholars at Stanford’s Computer Security Lab, co-directed by Mitchell and Dan Boneh, an associate professor of computer science and of electrical engineering, have done research in applied cryptography, access control, data privacy, mobile code and programming language-based security, network security, and trusted platforms and virtualization.

“Our efforts involve nine Stanford faculty, postdocs, graduate students and collaborators at other universities and companies,” said Mitchell. “Within TRUST, Stanford faculty bring expertise in the three main thrusts of the center—security science, system science and social science.”

In addition to TRUST, the Stanford Security Lab leads the NSF-sponsored Privacy, Obligations, and Rights in Technologies of Information Assessment (PORTIA) project on privacy and computer security. Boneh and Mitchell also lead a project on preventing web “phishing” and identity theft, funded by the Department of Homeland Security and conducted in conjunction with the U.S. Secret Service.

Stanford faculty members bring several strengths to the TRUST collaboration. In the area of software science and engineering, Alex Aiken is an expert in software quality and assurance. David Dill is renowned for work on automated methods and national leadership in the debate on electronic voting machines. Dawson Engler develops tools for software analysis and assurance and Monica Lam brings expertise on static analysis, compilation methods and software architecture. Stanford experts on data privacy are Hector Garcia-Molina, whose research includes peer-to-peer systems, and Rajeev Motwani, whose research includes database mining, information retrieval and web searching. Mendel Rosenblum, founder of the successful company VMWare, studies “virtual machines” and operating systems and their application to security. Boneh works on cryptography and its applications, whereas Mitchell’s research interests include access control, language-based methods and network security.

Beyond protection

TRUST researchers have set their sights on developing new technologies that will radically transform the ability of organizations—from private software vendors to local and federal agencies—to design, build and operate trustworthy information systems that control critical infrastructure. They will go beyond research into how to protect networks from attacks and develop ways to keep systems running properly even when intrusions occur—a concept known as “degrading gracefully under attack.”

The center will look at systems problems through modeling and analysis, development of secure embedded systems, and integration of trusted components and secure information management software tools.

The researchers emphasize that the mantra for the center is TRUST, going far beyond cybersecurity research alone. They pointed out that the center relies upon close, interdisciplinary collaboration with experts in economics, public policy, social science and, significantly, human-computer interface.

Sastry pointed out that system design to date has not sufficiently accommodated human users and the usability of systems, which can often be the weakest link in information assurance.

TRUST also involves an education and outreach component, geared to K-12 schools, undergraduate students and institutions serving underrepresented populations. Sigurd Meldal, chair of the Computer Engineering Department at San Jose State University, serves as TRUST’s education coordinator. Ruzena Bajcsy, a professor of electrical engineering and computer sciences at UC-Berkeley, is its outreach coordinator.

Sarah Yang is a science writer at the University of California-Berkeley.