Computer networking research projects

CICI: CE: Implementing CYBEX-P: Helping Organizations to Share with Privacy Preservation

National Science Foundation
PI: Shamik Sengupta, co-PI: Mehmet Gunes, Nancy LaTourette, Jeff Springer
$986,067
January 2018 - December 2019

In response to the increasing number of attacks on cyberspace, public and private organizations are encouraged to share their cyber-threat information and data with each other. Although there are long-term interests in sharing security related information, it places organizations at risk regarding the protection of their data and exposure of other vulnerabilities. This project designs, develops and implements a CYBersecurity information EXchange with Privacy (CYBEX-P) platform using trusted computing paradigms and privacy-preserving information sharing mechanisms for cybersecurity enhancement and development of a robust cyberinfrastructure. The outcome of this project has a broader impact on the development of a novel cybersecurity information-sharing platform with privacy preservation and a robust governance structure. The project also has direct impact on undergraduate and graduate student education and training, emphasizing the engineering development of minorities and women, by providing a real-world platform for investigation and management of cyber threats.

Envisioning that effective and privacy-preserving threat intelligence sharing can be instrumental for auditing the state of the threat landscape and helping to predict and prevent major cyber-attacks, this project provides a service for structured information exchange. The CYBEX-P platform provides valuable measurable information about the security status of systems and devices together with data about incidents stemming from cyber-attacks. To develop and implement such an environment across statewide organizations, then across the nation, this research project incorporates blind processing, privacy preservation and integrity of shared incident data by ensuring that only trusted processes access the raw data and only anonymized data are shared with other operators. Blind processing enables the advantages of additional information exchange while respecting organizational constraints and trust boundaries. This research also establishes a flexible governance framework that includes both policies and procedures to protect the data and provide all customers with the tools to demonstrate they are complying with both regulatory and internal data governance requirements. Specifically, the outcomes of the project demonstrate: i) CYBEX-P infrastructure development with affordable scalability, secure data exchange, and analytic components, ii) Privacy-preserving information sharing via blind processing and anonymization, and an iii) CYBEX-P governance framework.

Establishing market based mechanisms for CYBer security information EXchange (CYBEX)

Funding Agency: NSF
PI: Shamik Sengupta
Amount: $329,658
September 2015 - August 2019

Robust cybersecurity information sharing infrastructure is required to protect the firms from future cyber attacks which might be difficult to achieve via individual effort. The United States federal government clearly encourage the firms to share their discoveries on cybersecurity breach and patch related information with other federal and private firms for strengthening the nation's security infrastructure. The goal of this project is to develop an interdisciplinary research platform to investigate the framework and benefits of breach-related vulnerability information sharing and analyze the effect of not participating in the process of information exchange. The outcome of this project has a profound impact on the evolution of CYBer security information EXchange (CYBEX) architecture and the level of interaction desired among firms (private, public or federal) to defend proactively in the ever-growing cyberspace. The research has both direct and indirect impact on mentoring, hands-on learning, education and training. Graduate and Undergraduate students (including minority and women) participating in this project are involved in interdisciplinary research and learning problem solving skills taking into account different viewpoints, namely, cybersecurity, information-exchange, economics, decision analysis and practical system implementation.

By using micro and macro-economic theory as a substrate, this project establishes market based mechanisms for enabling cyber security information exchange (CYBEX) among firms to protect the cyberspace proactively against cyber attacks. This research investigates how cyberinsurance can be modeled and thereafter can be augmented with the information sharing format and framework to encourage firms to participate in CYBEX more effectively. The transformative nature of the proposed research lies in its potential to identify, model, and analyze the multi-dimensional robust cybersecurity information sharing infrastructure along with development of CYBEX emulator environment. The information sharing framework is also extended to the cloud domain that carries challenges to model the cloud attackers and incentive mechanisms to motivate the firms toward such sharing behavior. More Specifically, the outcomes of the project demonstrate: a) the potential of CYBEX in sharing the burden of cybersecurity and making the cyberspace more robust; b) multi-layer competitions and dynamics among CYBEX entities infiltrated with malicious entities; c) necessity of cyberinsurance and market oriented approach for better cybersecurity information utilization; and, d) the far-reaching impacts of interdisciplinary CYBEX research in terms of socio-economic value, technology and educational outreach programs

Longitudinal Injection of Interdisciplinary Cybersecurity Awareness into Engineering Curricula

National Science Foundation
PI: Shamik Sengupta, co-PI: Mehmet Gunes, Nancy LaTourette
$300,000
September 2017 - August 2019

Upcoming smart technologies such as Smart Cities, Internet of Things, and Unmanned Aerial Vehicles digitize current technologies and require cybersecurity-aware multi-disciplinary engineering experts to ensure the security of such devices. As devices become smart and interconnected to provide improved services, they also become greater targets of cyber-attacks. Ensuring proper operation of smart technologies requires well-trained, proactive engineers, who are knowledgeable on core engineering principles, cybersecurity risks associated with their designs, and risks from other interconnected disciplines. The goal of this collaborative project is to develop and adopt interdisciplinary cybersecurity curriculum by fostering a holistic approach through collaboration across engineering disciplines. By bringing scholars from different engineering disciplines, this project explores unique ways to engage students in interdisciplinary cybersecurity-aware engineering education. The knowledge units developed at the University of Nevada, Reno will be disseminated to engineering colleges nationwide to sustain long-term research and education partnerships in secure engineering.

Cybersecurity research and its applications are highly relevant in all areas of engineering, including computer, electrical, mechanical, civil and biomedical disciplines. Researchers will develop knowledge units to introduce and reinforce the importance of cybersecurity to undergraduate students across several engineering disciplines with a focus on Smart Cities, Internet of Things, and Unmanned Aerial Vehicles. These three broad technological areas require expertise in multiple engineering fields and go from macro-level view to micro-level view where each of the sectors encompass the next one. Cybersecurity awareness will be injected organically in a boot camp for incoming engineering freshman, a freshman experience course on Introduction to Engineering, and discipline-specific technical engineering courses, typically during junior and senior years. The project will bring together engineering faculty to develop knowledge units that can be seamlessly adopted across various engineering disciplines. Instruction will be augmented with hands-on activities to create an interactive cybersecurity education environment and stimulate learning. A "Connected Cities" playing arena will be developed, comprising various cyber physical systems that are integrated for hands-on cybersecurity engagement. Through interdisciplinary educational modules and hands-on activities developed via this project, students will obtain a solid grasp on the interplay between different engineering disciplines and obtain critical knowledge and skills needed to engineer smart technologies that are resilient to cyber-attacks.

RET Site: Cyber Security Initiative for Nevada Teachers (CSINT)

NSF
PI: Shamik Sengupta, co-PI: David Feil-Seifer
$540,000
September 2015 - August 2019

This funding establishes a new Research Experience for Teachers (RET) Site at the University of Nevada, Reno (UNR). The primary objective of this RET site is to explore unique ways to engage middle and high school teachers in summer research experiences that emphasize cybersecurity. The teachers will spend six weeks in the summer participating in research experiences and developing classroom modules and materials which will be implemented in their classrooms during the academic year. The UNR team will use inter-personal role-playing and cybersecurity games to help the teachers learn about cybersecurity and its importance to our nation. The project involves a partnership between the university, the school districts in the surrounding Nevada counties, industrial associates, and the Nevada Department of Education. The project will develop a community of teachers who are passionate about cybersecurity and who can translate this excitement to their students through engaging, high-quality inquiry learning experiences. This RET Site is co-funded by the Secure and Trustworthy Cyberspace (SaTC) program.

The project is anchored by a research area this is compelling and exciting for teachers and K-12 students and by faculty team that has demonstrated expertise in both research and education. The goals of the project are to: recruit a cohort of middle and high school teachers interested in introducing cybersecurity and computer science topics into their classrooms; engage the recruited teachers in research experiences with applications in various modern day systems and security; develop instructional modules that can be incorporated into a variety of grades/classes; initiate collaboration and engagement with all schools in Nevada and other stakeholders in the country to promote and disseminate the results to a large group of middle and high school teachers; and sustain long term partnerships between the RET Site teacher participants, the UNR mentor team and industry partners, in order to bring the excitement of computing, problem solving and research to students and encourage them to pursue STEM related careers. The site features projects that are teacher accessible as well as connected to current research and practice. The RET site includes sound evaluation and dissemination plans that will provide models for integrating cybersecurity concepts into the middle and high school curricula. Teachers will develop and hone their research, communication, and presentation skills, all of which are essential to their professional growth and success. The project will build the technical capacity of teachers so they are capable of developing and implementing new, exciting inquiry-based learning activities at their schools. The project team will disseminate the project materials through the TeachEngineering digital library and a dedicated local website and server repository that will be shared with a wider audience of teachers at annual workshops and meetings. The team will also disseminate project results through high-quality journals and professional meetings.