|
|
Information and Systems Assurance
Nearly every major business and government organization has increased, and will continue to increase, its dependence on various networks for day-to-day operations. The military is intensely interested in developing techniques to defend network infrastructures from attack. It is clear that this problem will not go away soon and that its solutions will require innovative and interdisciplinary thinking. This broader thinking will allow innovative ideas to be applied to many systems and networks including those for computing, communications, transportation and energy where security has become a national priority.
A conservative estimate places Information Technology (IT) as making up about 9% of the US national economy in 1999 and as accounting for one third of the economic expansion of the 1990s. Independent of recent financial and national troubles, the fundamentals strongly suggest that IT will continue to grow in importance. But these inter-networked information systems are constantly growing in complexity. Currently, without heroic measures, we are unable to routinely assure that our information systems will behave correctly, reliably, or safely, nor are we able to guarantee availability or security. There is a national need to focus on many facets of this problem, including the fundamental science and engineering for system assurance, education of information system professionals in system assurance, public education and awareness, and facilitating the transition of assurance technology and methodology into practice.
The President's Information Technology Advisory Committee has stated the problem succinctly:
The Nation needs robust systems, but the software our systems depend on is often fragile. Software fragility is its tendency not to work properly – or at all. Fragility is manifested as unreliability, lack of security, performance lapses, errors, and difficulty in upgrading. The Nation cannot afford to let the current situation continue. We must commit to develop the science, technologies, and methods needed to build robust software systems – ones that are reliable, fault-tolerant, secure, evolvable, scalable, maintainable, and cost-effective . . . it has become clear that the processes of developing, testing, and maintaining software must change. We need scientifically sound approaches to software development that will enable meaningful and practical testing for consistency of specifications and implementations. This requires long-term research in languages, theories, simulation, analysis, and testing that could lead to standardized multilevel mechanisms similar to those which have created the success in computer-aided design for digital hardware.
For example, one area of immediate need in the academic, government and commercial arenas is Intellectual Preservation: Information Authenticity, or Integrity. Authenticating information is a concern in a number of communities: financial, legal, forensic, national security. It is also a concern in the library and archival communities. From the library point of view it is our responsibility to assure the preservation and transmission of recorded knowledge. In the artifactual world assurance has been de facto accomplished by the preservation of the objects on which information is recorded: manuscripts, printed books, journals, analog recordings. Tampering with such objects is not usually practical and is highly detectable.
But assurance—the correctness, reliability, availability, safety, and security—of ALL network (not just IT) infrastructures is crucial for the economic well being of both commercial enterprise and national security.
Faculty With Expertise in this Area
- Howard Blair (EECS): logic and semantics
- Steve Chapin (EECS): distributed operating systems, distributed resource management, networking, and security.
- Shiu-Kai Chin (EECS): high-assurance design methods for very large-scale integrated (VLSI) circuits and software, computer-aided design, and information security.
- Joan Deppa (Newhouse): Crisis Communication
Wenliang (Kevin) Du (EECS): computer and information security and applied cryptography.
- Peter Graham (Library): digital archiving
- Polar Humenn (EECS): Network security
- Kamal Jabbour (EECS): who is currently on assignment to the Defensive Information Warfare Branch of the Rome Air Force Research Lab.
- Elizabeth Liddy (IST): natural language processing and boundary controllers.
- Pat Longstaff (Newhouse): telecommunications policy and competition/cooperation
- Nazanin Mansouri (EECS): applications of formal methods in design and synthesis of high-confidence hardware systems.
- Roman Markowski (EECS): network security
- Milton Mueller (IST): telecommunications policy
- Susan Older (EECS): semantics of concurrency and mobility, security, and formal methods.
- Leonard Popyack (EECS): network security
- Jim Royer (EECS): algorithms and cryptography
- Stuart Thorson (Maxwell): information security and public policy
- Don Torrence (Newhouse): Media and Science
|