Cylab News
"Harnessing Fundamental Research to Secure Society, Government and Industry,” A Report from CyLab's 2008 Annual Conference
posted by Richard Power
August 17, 2008
"The three day conference provided this powerful group of companies with the opportunity to be briefed on the latest CyLab research."
What do Boeing, Motorola, Robert Bosch RTC, Raytheon, Ernst & Young, SAP Research, Ericsson, Deloitte, University of Pennsylvania Medical Center, Booz Allen Hamilton, Northrup Grumman, Symantec, Seagate, Honeywell and Lockheed Martin all have in common, aside from a lot of economic and intellectual firepower? They were among those Carnegie Mellon CyLab corporate partners whose representatives recently assembled for the 2008 Annual CyLab Partners Conference. The three day conference provided this powerful group of companies with the opportunity to be briefed on the latest CyLab research.
In an overview of CyLab’s research efforts, Technical Director Adrian Perrig, articulated the vision: “To harness fundamental research to secure society, government and industry resources and applications, using interdisciplinary approach and active collaboration with industry on both short-term and long-term projects to impact and improve everyday life.”
Held at the main Carnegie Mellon University campus in Pittsburgh, Pennsylvania, the event, centered around over two dozen presentations, was organized into sections along some of CyLab’s major research thrusts, including:
- Mobility
- Secure Software Engineering
- Trustworthy Computing
- Access to Devices and Spaces
- Protecting the Privacy and Confidentiality of Information
To deepen and enrich the attendees’ experience, each thrust-oriented section was culminated with a roundtable discussion involving all the CyLab researchers that presented within the section, enabling the Partners’ representatives to engage them directly in a freewheeling dialogue. Coordinated student posters sessions at breaks allowed for further interaction.
CyLab Researcher Greg Ganger spoke on “Securing the Digital Home,” one of CyLab’s newest and most compelling initiatives: “The home has gone digital. Can we handle it? There are exciting new capabilities for the users, but who will handle security and reliability?”
According to Ganger, the goal of this research is to achieve “usable security for the digital home,” i.e., enabling users to effectively specify and understand policies, and enabling users to use and trust mechanisms.
Ganger also enumerated the key technical challenges:
- Abstractions that users can understand: They cannot rely on the arcane models used by administrators, e.g., volumes, scripts, filters. These are all too complex.
- User interfaces that are truly usable: For example, no command lines, but also no complex visualizations.
- User-involving mechanisms that build trust: It can’t be completely invisible with no basis for believability.
- Flexible access control logic for untamed environs: We can’t force all homes into any simple mold.
Chris Inglis, Deputy Director of the U.S. National Security Agency, was one of two keynote speakers. His remarks underscored the importance of cooperative endeavors such as Carnegie Mellon CyLab: “We all have a stake in expanding the market for secure information technology and in steadily raising the bar when it comes to defining what’s secure and what isn’t. There must be teaming between public and private institutions to raise the information assurance level of products and services more broadly. We all have a responsibility to help IT suppliers improve their products and to help IT buyers and operators make more informed choices about what to buy and how to assemble, run, monitor and defend their systems. If done correctly, this is a win-win situation that benefits the entire spectrum of information technology users, from federal, state and local governments, to the operators of critical infrastructure and major arteries of commerce as well as to our private citizens.”
The other keynote, AT&T Lab’s legendary Bill Cheswick held forth on “Re-Thinking Passwords,” his current topic du jour. In a fast-paced exploration of ideas outside the box of “conventional wisdom” on password security, Cheswick led the attendees through some of his “wacko” notions, including using Google maps and satellite images to create “passmaps” or using the Mandelbrot to create “passgraphs.” He also offered sage advice for both users (e.g., “use three levels of passwords based on importance”) and for implementers (e.g., “this is one of those economies of scale you told the shareholders the merger was going to buy, authentication servers should be relatively simple to code and maintain, if you don’t understand who you users are, your security is shot from the start”).
CyLab Partners can access the full archive of conference research reports and student posters by logging into the CyLab Partners Portal (login account required).
If your company is not a CyLab Partner, and you would like to find out more how to get involved in this dynamic program, and take advantage of the four “R’s” (Research, Recruitment, Reputation and ROI), contact CyLab Director of Corporate Relations, Gene Hambrick at 412-268-6755.