http://www.cylab.cmu.edu/research/chronicles/chronicles_all.html Cylab Chronicles is a series of articles that provide insight into the research conducted in CyLab at Carnegie Mellon University. From smartphones to network configuration protocols, face-recognition applications to privacy policy, the details come to light in the Chronicles. The series is written by Richard Power, an internationally-recognized cybersecurity expert and CyLab Distinguished Fellow. Power is the author of numerous books and conceived and designed the "CSI/FBI Computer Crime and Security Survey" (1995-2002), an annual study, conducted in conjunction with the FBI Computer Crime Squad. Mon, 21 Sep 2009 16:17:43 GMT FeedEdit http://www.cylab.cmu.edu/research/chronicles/jackson.html “The availability of cheap web hosting and advertising has made it easier than ever for malicious servers to get introduced to victims, and the browser is largely what keeps those attackers at arms length.” Mon, 21 Sep 2009 16:20:49 GMT http://www.cylab.cmu.edu/research/chronicles/tague.html “Classical anti-jamming technology leverages diversity in the physical medium using multiple communication channels, separated in time, frequency, or code space. However, by jointly considering multiple protocol layers, additional sources of diversity become available. This cross-layered approach to anti-jamming parallels the recent exposure of highly-efficient jamming strategies using higher layer protocol information to conserve jammer resources.” Wed, 9 Sep 2009 16:20:49 GMT http://www.cylab.cmu.edu/research/chronicles/mccune.html "Trusted Computing is a relatively young area, but it is ripe with opportunity because many of the major companies in the computing industry have decided to invest in the hardware changes required to make these technologies work. This is a rare opportunity, because the level of competition in the computer industry tends to prevent long-term investment in security-related technologies without an immediate return-on-investment." Mon, 17 Aug 2009 16:20:49 GMT http://www.cylab.cmu.edu/research/chronicles/tsamitis2.html “As our nation emphasizes the importance of information security to the economy and infrastructure, higher education is not only tasked with preparing graduates for the workforce, but also to attract talented youth and young professionals to pursue careers in the field. The challenge for information security education is to have enough qualified, motivated learners sitting at our desks at the beginning of each semester, so we can meet the high demand for our students at graduation.” Wed, 29 Jul 2009 16:20:49 GMT http://www.cylab.cmu.edu/research/chronicles/datta-0709.html "Reasoning about security of a complex system in a modular manner (i.e., by separately proving security of the components that it is built from and then combining these proofs) is a major open problem in computer security. We are currently working on this problem, building on our prior successful work on modular reasoning about secure network protocols." Tue, 7 Jul 2009 16:20:49 GMT http://www.cylab.cmu.edu/research/chronicles/silicon-valley.html "Don’t get me wrong. Pittsburgh also has a culture of innovation and entrepreneurship, but there is something about this air out here, once you start breathing it you don’t want a real job anymore, you want to be an entrepreneur,” Khosla remarked wryly, “You want to use somebody else’s money to create something, and maybe it becomes something big, or maybe you lose it. But as we know, more often than not it has become something big." Tue, 23 Jun 2009 16:20:49 GMT http://www.cylab.cmu.edu/research/chronicles/allen.html "Software security is a pay me now, pay me later proposition. There is ample evidence indicating that it is much more cost effective (by factors of 100:1 or more) to address a security requirements or design flaw (that can propagate forward into code and production) as early in the lifecycle as possible. The same is true for a security defect or coding error. You can fix it during code and test or you can incur all of the costs (dollars and productivity losses) associated with releasing a patch into a production system." Wed, 27 May 2009 16:20:49 GMT http://www.cylab.cmu.edu/research/chronicles/bauer-update.html "These list-of-rules interfaces cause problems for users when multiple rules interact, because the interfaces have no means of conveying the interactions amongst rules to users. Instead, users are left to figure out these rule interactions themselves. An Expandable Grid is an interactive matrix visualization designed to address the problems that list-of-rules interfaces have in conveying policies to users." Mon, 4 May 2009 16:20:49 GMT http://www.cylab.cmu.edu/research/chronicles/zhang.html "SensorFly is a controlled-mobile flying sensor network platform. To the best of our knowledge, it is the most lightweight flying sensor platform implemented to date. SensorFly, with its miniature helicopter-based mobile sensors, addresses the shortcomings of the static sensor networks approach." Mon, 13 Apr 2009 16:20:49 GMT http://www.cylab.cmu.edu/research/chronicles/brumley.html "I believe software security is much more than arguing about the security of the code compiled. We need to secure the entire life cycle of code, from development, to deployment, to end-user configuration, to eventual retirement. Up till now, most software security research and practice has focused on finding and protecting against vulnerabilities in source code." Tue, 10 Mar 2009 16:20:49 GMT http://www.cylab.cmu.edu/research/chronicles/cylab_research.html "...the future cannot arrive soon enough; and the future, after all, is the business of CyLab. CyLab faculty and graduate students are working on seven research thrusts, and along seven more cross-cutting research thrusts, in an audacious program aimed at harnessing the future to secure the present; and, of course, in the process, they are contributing to renewed prosperity and opportunity through capacity building in the areas of technology, personnel and industry...” 26 Feb 2009 http://www.cylab.cmu.edu/research/chronicles/scherlis.html "We can go bottom-up, thinking about how we write individual lines of code, and develop those lines of code that will lead to higher levels of security, and we do quite a bit of research in that area. … But we also need to think about it top-down. And that involves thinking about how large scale systems are being developed and managed. And the reality of that process is that those systems are constructed from multiple components, libraries, frameworks, components that are developed within an organization, and all of these are typically developed in multiple organizations.” 23 Jan 2009 http://www.cylab.cmu.edu/research/chronicles/wombat.html "As demand for our solutions continued to increase, we also came to realize that, as a university, we would only be able to go so far in distributing and maintaining our solutions. So the path forward was fairly clear and Wombat was eventually launched earlier this year. As a commercial entity, we have gained further visibility and have daily opportunities to talk to customer organizations and to closely monitor phishing attacks as they continue to evolve.” 10 Dec 2008