WPI Research is the research magazine of Worcester Polytechnic Institute. It contains news and features about graduate research in the arts and sciences, business, and engineering, along with notes about new grants, books, and faculty achievements.
Issue link: http://wpiresearch.epubxp.com/i/229254
Security: a complicated business Engineers and computer scientists have established cryptographic protocols to hide data from prying eyes. They have invented techniques for shielding wireless networks from intrusion. And they've developed guidelines for limiting access to sensitive information. But every measure and countermeasure comes with its own costs and its own inherent weaknesses. Some of the weaknesses stem from the human factor: the fact that people use technology in ways that can lead to inadvertent leaks or attacks by malicious actors. WPI's new Cybersecurity Program (see sidebar) draws together experts from computer science, electrical and computer engineering, mathematical sciences, and the social sciences to fnd new and innovative approaches to protecting digital data — approaches that take the human factor into account in one way or another. "People are the weakest link in just about any security system," says program director Kathi Fisler, associate professor of computer science. That's why students in the new program are required to take at least one class that deals with human factors. It's also why Fisler says it's important "to not bug users with stuff they don't want to think about" (and might, therefore, ignore), but instead bug them just enough so they will avoid compromising their own security. Fisler herself has been building tools to help users understand the implications of their own security and privacy settings, and to help developers understand the security limitations of the systems they design. One of those tools, an application called Margrave, grew out of work she did with her husband, Shriram Krishnamurthi, a professor of computer science at Brown University, her WPI colleague Dan Dougherty, and Tim Nelson, a 2013 PhD recipient who is currently a postdoctoral research associate at Brown. Margrave interrogates and compares access control policies, the sets of rules that govern who can see and manipulate the various data in a given system. Access control policies specify who can view patient records at a hospital, for example, or who has permission to change student grades in a university database. Such policies can be quite complicated, and are typically managed by human resources personnel who might not understand their full Preparing Tomorrow's Cyber Watchdogs In recent years, the need for professionals to defend the nation's information technology from increasingly sophisticated attacks — and from careless users — has been growing at a steep pace. WPI has responded in kind with new academic initiatives, new faculty expertise, and a growing reputation for excellence. WPI's emerging Cybersecurity Program is driven by nine core faculty members, four of whom arrived during the last two years. They are actively engaged in well-funded research on such topics as software and network security, cryptography, and online privacy. Having long offered cybersecurity research projects and courses for students pursuing a PhD in either computer science or electrical and computer engineering, the university added a cybersecurity specialization for its existing MS program in computer science. Both programs, as well as a number of new graduate courses in cybersecurity, are seeing rising student interest, according to program director Kathi Fisler, associate professor of computer science. 38 > wpi.edu/+research Also attracting attention is a new graduate certifcate in cybersecurity developed expressly for power engineering professionals — the frst such program in the nation. The program is designed to help the power industry guard against threats to the electric grid. "This is an exciting program that combines WPI's historic strengths in power engineering with its emerging focus on cybersecurity," Fisler says. WPI students have expressed their enthusiasm for cybersecurity by forming a cybersecurity club and participating on the WPI Cyber-Defense Team, coached by Craig Shue, assistant professor of computer science. In just its second year, the team took third place, out of 14 teams, in the 2013 Northeast Collegiate Cyber Defense Competition. WPI's growing momentum in cybersecurity has not gone unnoticed. The university was recently recognized as a National Security Administration/Department of Homeland Security Center of Excellence in Information Assurance Research, Fisler says. "This is a testament to the diverse research and other academic efforts by our security-related faculty."