GOVERNMENT
K-State designated a National Center of Academic Excellence in Information Assurance Research
Kansas State University's Center for Information and Systems Assurance has been named a National Center of Academic Excellence in Information Assurance Research. The designation is made by the U.S. Department of Homeland Security and National Security Agency and is effective through 2015.
"This designation speaks volumes about the cybersecurity and high-assurance software research taking place at K-State," said Kirk Schulz, K-State president. "Our researchers are among the best minds in the country when it comes to information and computer security."
K-State's designation as a National Center of Academic Excellence in Information Assurance Research -- or CAE-R -- became official at a ceremony June 8 at the National Electronics Museum in Baltimore, Md.
Research in K-State's Center for Information and Systems Assurance – also known as CISA – falls into two categories: cybersecurity and secure software system construction. Xinming Ou, assistant professor of computing and information sciences, led K-State's effort in applying for the designation.
"Most of the causes of cybersecurity problems have to do with software vulnerabilities, which are mistakes made by software developers," he said. "We've been investigating and exploring scientific methods for improving software quality by developing automated program verification techniques and language concepts that can be applied to improve software security."
K-State research on secure software system construction falls under John Hatcliff, professor of computing and information sciences and director of the laboratory for specification, analysis and transformation of software, also known as the SAnToS laboratory. Hatcliff's research involves creating mathematical and logical models that can be used by special computer-based auditing programs to guarantee that information is shared with the right people at the right time and that leaks are prevented.
"We're moving beyond conventional quality assurance techniques in common use, like testing and systematic inspection, to using both logic and different types of math to model software," Hatcliff said. "Once we have these more rigorous ways of describing software behavior, we are then able to systematically establish -- using mathematical reasoning and logical reasoning -- whether the software is correct."
K-State's work in this area netted the university a $3 million grant from the Air Force Office of Scientific Research in 2009. With the grant, K-State researchers are collaborating with researchers at Princeton University to develop tools to secure information systems so that when information is transferred across large systems, there is confidence that nothing is accidentally revealed.
On the cybersecurity side, Ou's Argus research group is formulating scientific methods for managing the security of complex network systems.
"Cybersecurity is an asymmetric warfare," he said. "The attackers only need to find one hole to compromise a system, whereas the defenders have to plug them all. Without automated reasoning, cyberspace will continue to be the Wild West, where bad guys will wreak havoc."
Ou's work seeks to improve cybersecurity by providing automated reasoning that a network administrator can use to reach a conclusion about what security breaches have happened and how they happened, as well as quantitative metrics to determine how secure a system is. This line of work has been supported by a number of federal and industrial grants, including a $430,000 National Science Foundation CAREER grant awarded to Ou earlier this year.
"This national designation is a recognition of the expertise K-State has built in this area over the last 20 years," said Gurdip Singh, head of the department of computing and information sciences. "We had one of the world's earliest scientific works in the area of secure information flow back in the 1980's. Today, the SAnToS laboratory and Argus group are taking that research to new heights.
"Cybersecurity research is a strategic area for our department as we build a strong educational program to train the next generation of leaders in the field of cybersecurity," he said.
The Center of Academic Excellence in Research program is in its third year, and K-State is the only university in Kansas that has received the research designation.