|
Our current projects bring cutting-edge research and a broad understanding of cyber security and trust to both the public and private sector. This research improves our ability to design secure computer systems and protect them from attacks, enables people and organizations to form secure trust relationships across networked computing devices, and improves our understanding of the social, economic, and policy barriers to the development and deployment of such technology. This research engages a multi-disciplinary team of faculty and educates students in the broad field of cyber security.
|
|
Business Education for the Security Professional (BESP)
Project Summary: An important part of ensuring our national security is the security of the nation's critical infrastructures, including the business organizations that compose them and are so important to our way of life. These organizations and infrastructures consist mainly of private or publicly-held firms, and
the security of them depends centrally on the approaches that value chains/extended enterprises (groups of companies), individual firms, and decision-makers take with respect to information security and continuity planning.
There is a prevailing view at many levels in corporate America that "information security today is much like quality was twenty years ago: bolted-on, not built-in, viewed as an inhibitor of operations, and residing
in a 'special' department" (Dynes 2004). This has to change and, while it is certainly a leadership issue, to a large extent it is up to the information security professionals in any enterprise to help guide corporate leadership to this change.
Information security professionals in many firms find their security initiatives hindered because of their inability to communicate effectively within the business. Simply understanding the technology and the technical risks is often not enough to generate action. Typically, this communication failure stems from an underlying lack of business education, a lack of understanding of how to change the corporate culture around security, and an inability to communicate the business case for information security.
Principal Investigator:
 Project
Researchers
Project Web Site
Funding: (ISTS)*
|
|
Business Rationale for Cyber Security
Project Summary: Organizations of all types (business, academia, government, etc.) are facing risks resulting from their ever-increasing reliance on the information infrastructure. Decision and policy makers managing these risks are challenged by a lack of information concerning the risks and consequences of cyber events and would benefit from an increased understanding of the implications of cyber security risks and solutions related to their information infrastructure and business. The proposed research project supports risk management efforts by studying essential components of risk management investment decisions: (i) what processes support a rational approach to cyber risk management?, ii) what data are needed to support rational decisions, and (iii) what are the impacts to individual businesses and business sectors resulting from various investment alternatives? Sound, rational decisions require an understanding of IT risks and their impact on business events; this proposal supports these efforts via the development and refinement of decision support tools. To be of maximum utility, these tools require credible data of current and past situations, likely trends, and the impacts of current and past actions. Similarly, understanding the dynamics of cyber security is needed to help business decision makers understand the likely effects of cyber security choices.
Principal Investigator:
Project
Researchers
Funding: (I3P)
|
|
Data Assurance in Medical Sensor Applications
Project Summary: We expect that wearable, portable, and even embeddable medical sensors will enable long-term continuous medical monitoring for many purposes, such as patients with chronic medical conditions (such as the recently announced
blood-sugar sensors for diabetics), people seeking to change behavior (e.g.,
losing weight, or quitting smoking), or athletes wishing to monitor their
condition and performance. The resulting data may be used directly by the
person, or shared with others: with a physician for treatment, with an
insurance company for coverage, or by a trainer or coach. Such systems have
huge potential benefit to the quality of healthcare and quality of life for
many people.
Since the sensor data may be gathered through a patient's mobile device
(such as a mobile phone), a wireless network, and the Internet, there are
many opportunities for the sensor data to be tampered or otherwise
inaccurate. How can we assess confidence in sensor data? How can we present
that level of confidence, in context, with the sensor data? This project
will develop methods to assess confidence in medical sensor data.
Principal Investigators:
 (and students TBD)
Project
Researchers
Funding: Intel University Research Council
|
|
Dartmouth Internet Security Testbed (DIST)
Project Summary: This nation needs research that addresses fundamental challenges faced in the design, deployment, evaluation and validation of security solutions in a large, complex, heterogeneous operational network, and research that begins to address security and privacy challenges of the Internet of tomorrow - one built on wireless networks and populated with a wide variety of Internet-enabled mobile devices. We propose to develop the Dartmouth Internet Security Testbed (DIST), a large-scale deployment designed to support these research challenges. The Institute for Security Technology Studies (ISTS), in collaboration with Dartmouth's Peter Kiewit Computing Services, will deploy this integrated testbed comprising a wireless-network measurement infrastructure, a network-security monitoring center, and a suite of Wi-Fi capable mobile devices. The unprecedented reach of this testbed, with real-time monitors covering a substantial portion of the production campus network, set DIST apart from other security testbeds and other wireless testbeds.
Principal Investigator:
Project
Researchers
Funding: (ISTS)*
|
|
Digital Video Forensics (DVF)
Project Summary: We are living in a world where seeing and hearing are no longer believing. The technology that allows for digital media to be manipulated and distorted is developing at break-neck speeds. These advances in digital technology are affecting nearly every corner of our lives: law enforcement, the courts, the media, scientific journals, medicine, business and more. At the same time our understanding of the technological, ethical, and legal implications is lagging behind. To this end, there is a significant need for mathematical and computational algorithms to detect tampering in digital media.
Principal Investigator:
Project Researchers
Project
Publications
Funding: (ISTS)*
|
|
Discovery of Trends in Activity-Aware Computing Environments
Project Summary: The use of mobile sensors is becoming increasingly commonplace in the everyday lives of people. Examples of sensors range from accelerometers, cameras and microphones on cell phones to special-purpose devices that capture physiological (e.g., EKG, GSR) or contextual information (e.g.,
temperature, location). These sensors can be used to automatically infer a range of human behavioral states (e.g., physical activities, emotional states, social interactions, and activities of daily living such as cooking or cleaning), the knowledge of which would be useful in a variety of applications, such as detecting anomalous and suspicious behavior, supporting emergency response efforts, tracking physical and cognitive health of individuals, and enhancing the user experience of social and communication technologies.
Much of the activity recognition research has so far focused on the analysis of one individual's sensor data in isolation. However, understanding the trends in activity patterns requires the analysis to move beyond individual to groups, which we believe will not only enable a broader range of applications but also reveal the privacy issues that are present in these scenarios. For example, can an individual be uniquely identified by his activities? Or are there enough similarities across people that can be exploited to anonymize a person's identity? In this project, we will focus on developing algorithms for discovering activity trends, deriving quantitative metrics for finding people who are behaviorally alike, and identifying possible strategies to address some of the privacy concerns that this research uncovers. Furthermore, we will explore the use of sensors on commercially available sensor-equipped mobile devices (such as the iPhone) and the possibility of tying some of our results into popular social applications (such as Facebook or ContextAwareIM).
Principal Investigator:
Project Researchers
Funding: (ISTS)*
|
|
Foundations for Practical Autonomic Computing (AC)
Project Summary: Information infrastructure is facing a crisis of complexity. The international software base, global network connectivity, and the interactions among those elements have been growing at a remarkable pace while our collective ability to assess, administer, and repair has lagged behind. When the trends are taken together, the resulting expense and complexity is unsustainable.
This project will investigate technical, economic, business, and social aspects of autonomic computing from the points of view of security and robustness in consumer technologies that "real people" are most likely to use and operate. The effort will focus on self-aware aspects of autonomic systems, building on prior work done at Dartmouth.
Principal Investigator:
Funding: (ISTS)*
|
|
The Hardware-Based Security Laboratory (HBS)
Project Summary: Securing computation persists in being a significant unsolved hard problem in our nation's information infrastructure. A simple look at history---or the most recent issues of BugTraq or even The New York Times---show that, over and over again, society cannot manage to build and deploy computing applications that actually are secure.
When a problem persists in being unsolvable, it's time to consider changing the problem. In this case, an inescapable fact of computation is that it must take place on computing hardware. Consequently, a promising approach to making this hard problem easier is to change this basic hardware. This idea is not just a pie-in-the-sky lab dream, but rather is something coming in the next wave of real systems. Trusted Platform Modules (TPMs) are already shipping, and the Trusted Computing Group (TCG) consortium continues to crank out new specifications; Intel will be shipping CPUs enabling virtualization (the VT chipset) and secure hypervisors (LT); AMD has its own alternatives. IBM is shipping the multicore CELL processor that uses hardware structure to protect user processes from malicious kernels; Intel promises that multicore will soon give us more processors at the client than we'll know what to do with.
Principal Investigator:
Project Researchers
Funding: (ISTS)*
|
|
Human Behavior, Insider Threat and Awareness
Project Summary: We propose to address the problem of insider threat by forming a collaboration of eight I3P member organizations: Carnegie Mellon University, Columbia University, Cornell University, Dartmouth College, Indiana University, MITRE Corporation, Purdue University, and the RAND Corporation. Two primary objectives serve to focus and integrate the proposed research activities: technology exploration and environmental constraints. The first objective addresses the need for base technologies to monitor insider behavior, coupled with behavioral descriptions of suspicious inappropriate or illegitimate events or activities. In combination, the technology and monitoring will provide a lightweight, robust, and scalable event processing infrastructure that can be deployed in a range of at risk enterprises (e.g. the U.S. military, banks, chemical plants and refineries, and border and port security systems). The second objective addresses the need for a methodological framework for handling incipient and actual insider behavior once it is recognized. Here, research efforts aim to characterize behaviors, determine risks, and understand the ethical, legal and policy choices available to technologists and policy-makers. Policy choices might include modifying institutional behavior, establishing clear policies, providing incentives for good behavior, and implementing training programs so that employees will better understand the risks and consequences of their actions. This information will inform decisions about preventing and dealing with insider threats. All of the research will be integrated with three workshops, intended to engage the stakeholders most affected by this work.
Principal Investigator:
Project Researchers
Project
Web Site
Funding: (I3P)
|
|
Information Risk in Data-Oriented Enterprises (IRIDOE)
Project Summary: Many modern industries share and operate on information. As with the rest of society, these industries are moving their operations into electronic settings. In some fields (such as the financial sector), operating on data electronically offers a vital competitive edge; in other fields (such as in health care), operating on data electronically can be a very desirable cost-cutting measure. In both cases, firms are faced with the challenge of channeling the right information to employees, while ensuring that these information systems don't provide data entitlements that inappropriately enable misuse or violate customer privacy. At the same time, these industries are facing increased pressure from American and international governments to comply with new regulations regarding shared data-regulations that are well intentioned, but that perhaps do not fulfill the purpose their writers intended.
This situation creates a volatile mix of problems. Businesses seek to embed their information processes into technological systems, yet many problems cannot be solved using current technologies. Some enterprises (including many in the financial sector) are forced to build custom applications to meet their business goals. Enterprises also need to make rational business and technical decisions that balance information security risk with the cost of risk countermeasures, yet evaluating this risk and estimating that cost is in itself a hard problem.
This situation also offers exciting opportunities for research and education. Dartmouth has expertise that is highly relevant in this space: the PKI/Trust Lab in the Computer Science Department does cutting-edge research in the development of technology that effectively embodies real-world trust patterns, and the Center for Digital Strategies at Tuck is a thought leader in business-technology interaction.
This interdisciplinary project will thus examine both the underlying organizational and business causes, as well as the business costs, of risky information security practices in enterprises. Building on insights gained in Phase 0 (currently in progress under the name IRIPS and funded outside of this proposal), Phase 1 of this project will focus on employee entitlement in financial sector, including role development and lifecycle management.
We will expand the field study collaboration we started in Phase 0, and deliver a document outlining the key security challenges facing developers and managers in enabling appropriate information access. Based on those results we will develop models for entitlement provisioning and role lifecycle management. Additionally, we will develop a simulation to examine the flow of employees and their information needs in a simplified organization, and test our provisioning model on simulated enterprises. In Phase 2 of this project we will complete our work in the financial sector and begin a pilot investigation in the health care industry, with the objective of comparing the problems, issues, techniques and strategies we examined in the first phase and evaluate their possible effectiveness in healthcare.
Overall, understanding the information flows required by enterprises, and the usability and cost issues that constrain effective information security solutions for those flows, will enable researchers to better craft and evaluate information security technology for all business sectors. Researchers in security, PKI, and authorization lament the gap between lab technology and real-world humans; by working in collaboration with financial and healthcare organizations, we hope to reduce that gap and improve the state of information security technology in enterprise environments. This project will benefit data-centric industries, government regulators, technology innovators, and the general public by exploring current practices, current problems, and developing new theories for better mapping security into a data-oriented organization.
Principal Investigators:
Project Researchers
Project
Web Site
Funding: (NIST)
|
|
Measure, Analyze, Protect: security through measurement for wireless LANs
Project Summary:
With the rise of Voice over wireless LAN (VoWLAN), any complete WiFi
security solution must address denial of service attacks,
such as kicking off other clients, consuming excessive bandwidth,
or spoofing access points, to the detriment of legitimate
clients. Even authorized clients may be able to sufficiently
disrupt service quality to make the network ineffective for legitimate
clients. Our approach provides a new foundation for wireless
network security, able to dynamically measure, analyze and protect a
WiFi network against existing and novel threats, including rogue clients and
access points, with a focus on VoWLAN use cases. Our goal is to support
thousands of APs and clients, quickly recognize most new attacks, and generate
few false alarms.
Principal Investigators:
Project Researchers
Project
Web Site
Project Publications
Funding: (HSARPA)
|
|
MetroSense: scalable secure sensor systems (4S)
Project Summary: Sensor networks will provide a foundation to protect and monitor our
national infrastructure, including economically important businesses with
global reach (e.g., stock markets), critical transport and industrial
facilities, the enterprise, and the border. These tiny, low-cost wireless
devices embed on-board sensing, are fully programmable, and can
spontaneously form large sensor webs with thousands of distributed sensor
devices. In this project, we will study, analyze, propose, deploy, and
evaluate MetroSense, a radically different scalable secure sensor
architecture and system capable of reliable real-time monitoring and data
fusion for large-scale critical infrastructure, resources, and assets.
MetroSense opportunistically leverages mobile sensors when available to deal
with sparse coverage and communications when sensing. We plan to develop a
campus-area sensing architecture based on three integrated components
(sensing and communications, sensor security, and sensor
fusion) and deploy the system incrementally across campus with the goal of
using static and mobile sensors for reliable monitoring and data fusion of
campus plant, spaces, and people flow. Results from this project will serve
as a foundation for building secure sensor networks capable of monitoring
large-scale critical infrastructure.
Principal Investigators:
Project Researchers
Project Web Site
Project
Publications
Funding: (NIST), (NCSD)
|
|
Public-Key Infrastructure Project (PKI)
Project Summary: Enabling the humans and organizations that use the real-world information infrastructure to easily make the right trust judgments about other entities in this system is an ongoing problem. Public-key cryptography is a critical
building block here because it can enable verifiable assertions between parties who do not share secrets beforehand. However, the public-key infrastructure (PKI) that effectively solves these trust problems still eludes us. The existing technology provides pieces of solutions, but still leaves us with obstacles. This project aims to overcome these obstacles by focusing on how to fit the technology to human requirements, rather than imposing upon the humans the trust structures convenient for the technology.
In the spirit of Dartmouth's computing traditions and the mission of the ISTS, this project aims to make PKI work in the real world; PKI is the glue that holds the IT together!
Principal Investigator:
Project
Researchers
Project
Web Site | Also: Greenpass
Funding: (ISTS)*
|
|
Secure Information Systems Mentoring and Training (SISMAT)
Project Summary: We propose an ambitious educational program over the next two years, addressing a growing need to respond to cyber security threats. Business, government, and non-profit institutions have expressed difficulty finding personnel with appropriate training in cyber security tools. Such training requires hands-on experience with secure systems work, yet many institutions of higher learning lack the resources to provide that experience. The ISTS education initiative proposes to meet regional and national needs by implementing a pilot program in mentoring and training that will bring the extensive expertise of researchers and teachers at Dartmouth College in the areas of PKI and trusted systems together with students and faculty from other New England colleges, as well as interested corporate and non-profit partners. We explicitly target regional colleges whose curricula will have prepared upper-level undergraduates for this hands-on work but cannot offer it themselves; we target cybersecurity focus areas in which we have leadership and expertise; and we target external partners that have communicated need for training in these areas. The training program will provide undergraduates with the knowledge and support needed to participate in internships, provide opportunities for secure systems research and development to traditionally underrepresented student populations, and facilitate the development of secure systems curricula at other academic institutions.
Principal Investigator:
Project Researchers
Funding: (ISTS)*
|
|
Sun/Dartmouth OpenSolaris Security Collaboration
Project Summary:
Dartmouth and Sun have begun the first of a multi-phase project
exploring PKI, trusted hardware and OS security. This exploration is
driven by three observations: current open-source certificate
authority platforms do not meet the needs of an academic enterprise;
current Trusted Computing Group-based approaches integrating trusted
hardware with commodity platforms require dependence on OS security;
and OpenSolaris may provide a more usable OS security base than
SE/Linux. In Phase 1, we explore requirements and
evaluation/selection of an existing CA implementation as a
development starting point for the OpenSolaris CA. We will examine
architectures and technical approaches towards building higher levels
of trust within OpenSolaris when on a system which includes a
hardware or software-based TPM. This collaboration area would result
in collaborative development proposals for future phases for how to
augment OpenSolaris to anchor cryptographic activity (key storage,
random numbers, integrity protection/validation). Phase 1 also
includes an equipment donation for the migration of the
graduate-level operating system course (CS108) to use OpenSolaris as
the development OS at the start of calendar year 2006.
Principal Investigator:
Project Researchers
Funding: Sun Microsystems
|
|
Trustworthy Cyber Infrastructure for the Power Grid
Project Summary: The Trustworthy Cyber Infrastructure for the Power Grid (TCIP) is a $7.5M, 5-year project funded from the NSF's Cyber Trust initiative. Led by the University of Illinois at Urbana-Champaign and involving researchers at Dartmouth, Cornell, and Washington State University, TCIP will aim to improve the way the power grid cyber infrastructure is built and maintained, making it more secure, reliable and safe. In some sense, the power grid is the infrastructure that drives all other infrastructures---but it is controlled by a cyber infrastructure that is brittle, unreliable, and distributed across harsh environment conditions and heterogeneous trust environments. The research will focus on four technical thrust areas: the computing base, data collection and control, wide-area information exchange, and quantitative validation. Prof. Sean Smith (Dartmouth) is leading the first area, building on his previous Dartmouth research and prior industrial experience in hardware techniques for trusted computing; Prof. David Nicol (former ISTS director) is leading the last one. Besides the NSF, the DoE and DHS have signed up to help fund this work.
Principal Investigator:
Project Researchers
Project Web Site
Funding: (NSF-CyberTrust)
|
|
|
|
