The National Science Foundation (NSF) today issued three large Frontier awards totaling nearly $20 million to support collaborative, multi-university research and education activities that will help protect the nation's vast, critical infrastructure and enable a more secure information society.
In alignment with the themes outlined in the 2011 Strategic Plan for the Federal Cybersecurity Research and Development Program, these efforts will build on NSF's long history of advancing cybersecurity. These awards are funded through NSF's interdisciplinary Secure and Trustworthy Cyberspace (SaTC) program, now in its third year.
"Cybersecurity is one of the most significant economic and national security challenges facing our nation today," said Farnam Jahanian, NSF's assistant director for computer and information science and engineering (CISE).
"NSF's investments in foundational research will transform our capacity to secure personal privacy, financial assets, and national interests. These new Frontier awards will enable innovative approaches to cybersecurity, with potential benefits to all sectors of our economy."
Frontier awards go to large, multi-institution projects that address and heighten the visibility of grand challenge research areas in science and engineering with broad economic and scientific impact.
For more than a decade, NSF has supported transformative cybersecurity research. The SaTC program has continued this commitment in the last year by supporting the interdisciplinary approaches necessary to address grand challenges in cybersecurity.
In fiscal year 2013, the program expanded to include for the first time NSF's Directorate for Education and Human Resources and the Directorate for Engineering, in addition to ongoing participation by CISE and the Mathematical and Physical Sciences, and Social, Behavioral and Economic Sciences directorates.
The three Frontier projects are part of more than 110 new cybersecurity research projects being funded in 33 states, with award amounts ranging from about $100,000 to $10 million. This award portfolio spans state-of-the-art research in a broad range of technical, social and educational areas.
Funded projects pursue technical solutions designed to improve the security of computer systems used in businesses, universities, governments and homes. Project teams seek to devise incentives to reduce the likelihood of cyber attacks and mitigate the negative effects that arise from them. Researchers also develop curriculum to train a 21st-century cybersecurity workforce.
Together, these SaTC awards aim to improve the resilience of software, hardware and critical infrastructure, while preserving privacy, promoting usability and ensuring trustworthiness through foundational research and prototype deployments.
Each of the following new Frontier awards features an interdisciplinary team from multiple universities working on some of the most important and technically challenging cybersecurity issues today.
Enabling trustworthy cybersystems for health and wellness
- Dartmouth College: David Kotz, Eric Johnson, Lisa Marsch
- University of Illinois at Urbana-Champaign: Carl Gunter, Roy Campbell, Klara Nahrstedt
- The Johns Hopkins University: Aviel Rubin, Stephen Checkoway, Jonathan Weiner
- University of Michigan Ann Arbor: Kevin Fu, Michael Bailey
The five-year Trustworthy Health and Wellness (THaW) will be part of the research initiative on information systems and health care at Dartmouth College's Institute for Security, Technology, and Society. The interdisciplinary team includes experts from computer science, business, behavioral health, health policy and healthcare information technology. The project will tackle challenges to providing trustworthy information systems for health and wellness as the result of sensitive information and health-related tasks being increasingly pushed into mobile devices and cloud-based services.
"Our research is motivated by the rapid deployment of mobile and cloud information technologies in healthcare, both in clinical settings and at home," said lead investigator David Kotz, the Champion International Professor of Computer Science at Dartmouth. "We aim to help these technologies reach their full potential by ensuring they can protect the integrity of medical data and the privacy of patient information."
The THaW team will work to develop usable authentication and privacy tools, trustworthy control of medical devices and effective methods to detect malware, compute trust metrics and audit medical information systems and networks. In the long term, this project will help create health systems that can be trusted by individual citizens to protect their privacy and by health professionals to ensure data integrity and security. The team is also training the next generation of computer scientists by creating courses and sponsoring summer programs for undergraduate and K-12 students and by developing an exchange program for postdoctoral fellows and research students.
Rethinking security in the era of cloud computing
- University of North Carolina at Chapel Hill: Mike Reiter, Jay Aikat
- Stony Brook University: Vyas Sekar
- Duke University: Jeffrey Chase
- North Carolina State University: Peng Ning
- University of Wisconsin at Madison: Thomas Ristenpart, Srinivasa Akella, Michael Swift
- RSA Labs: Ari Juels
Comprising a multidisciplinary team of researchers from six organizations, this Frontier award will explore ways in which computer security may make significant leaps forward in a cloud computing setting.
As Mike Reiter, the Lawrence M. Slifkin Distinguished Professor of Computer Science at the University of North Carolina, explains, "The vast majority of cloud-related research in the computer security research community casts the move to cloud computing as intensifying the threats to which data and services are vulnerable. Instead, we see new opportunities for improving security of data and services by moving them to the cloud, and we plan on pursuing an aggressive research agenda to realize these opportunities."
This research team will leverage the common software, hardware and management basis of cloud computing with the broad view of activity across a diversity of user services. This project will develop novel and improved solutions for unified authentication and authorization and auditing across diverse services; effective monitoring and diagnosis for security management of services, networks, datacenters and users; and pervasive encryption to, from and within the cloud. The investigators will convene "Cloud Security Horizons" summits with industry stakeholders to help shape the future of security in cloud computing.
Towards effective Web privacy notice and choice: a multi-disciplinary perspective
- Carnegie Mellon University: Norman Sadeh, Alessandro Acquisti, Travis Breaux, Lorrie Cranor, Noah Smith
- Fordham University: Joel Reidenberg
- Stanford University: Barbara van Schewick, Aleecia McDonald
This Frontier project will research how to improve the usability of privacy policies. Natural language privacy policies have become a de facto standard to address expectations of notice and choice on the Web. However, there is ample evidence that users generally do not read these policies, and that those who do often struggle to understand what they mean. In effect, most Internet users are unable to make informed privacy decisions as they contemplate interacting with different websites.
"If you read privacy notices, you quickly realize that they contain a lot of boilerplate text and that people seem to often be recycling entire sentences and even larger text fragments from one another," noted Norman Sadeh, a professor in the School of Computer Science at Carnegie Mellon University and the project's lead investigator. "This project will aim to exploit these types of patterns."