http://www.eweek.com/article2/0,4149,1361399,00.asp By Dennis Fisher October 22, 2003 Security, engineering and public policy experts at Carnegie Mellon University are joining together to form a new lab at the school dedicated to researching and developing new security technologies. The new organization, known as the Carnegie Mellon CyLab, will include representatives from the school's engineering, computer science and public policy departments, as well as personnel from the CERT Coordination Center, also based at the university. The new group will seek to promote collaboration between the government and the private sector, something that has been sorely lacking when it comes to information security. CyLab's charter will differ significantly from that of CERT, which is charged with analyzing and responding to security threats and attacks. A quasi-public organization, CERT is partially funded by the federal government. CyLab will also receive public money, but will concentrate on finding long-term solutions to pervasive security problems instead of looking at how to mitigate the latest attack on Internet Explorer, as CERT does. CyLab already includes 30 staff members, 30 faculty and 80 students, comprising what Carnegie Mellon officials say is the largest academic security research organization in the country. The group's mission is essentially threefold: education; research and development; and response and prediction. In addition to offering bachelor's, master's and doctorate degrees in security-related disciplines, CyLab will also work to educate home users on the inherent dangers of the Internet and the steps they can take to combat those issues. "Our goal is to empower 10 million citizens with security wellness. If we can give them some very basic information about firewalls and anti-virus, it could significantly slow down the velocity of attacks," said Pradeep Khosla, co-director of CyLab and head of the Electrical and Computer Engineering Department at Carnegie Mellon, based in Pittsburgh. The meat of CyLab's work will be its R&D operation. The lab's research will be funded partially by industry, with the goal of getting new technology to market as quickly as possible. Companies that provide high levels of funding will have rights to the intellectual property the lab develops. The group already has signed on 50 companies as funding partners, including Microsoft Corp., General Motors Corp., Hewlett-Packard Co. and Intel Corp. "The technology has to have a fast track to the marketplace through industry," Khosla said. "In the security business, we can't deal with local politics. We're concerned with the security of the country." Among the projects that CyLab researchers are already working on are a multi-modal biometric authentication system capable of using a combination of voice prints, fingerprints and other biometrics to authenticate users. There is also a team looking at a way to tag IP packets so that they can be traced back to the machine that generated them. This would have broad applications in the security world, especially in identifying the people behind distributed denial-of-service attacks and other crimes in which attackers spoof the IP addresses on packets to cover their tracks. Khosla envisions a system in which users, who have positively authenticated on a PC via the advanced biometric technology, can be proved to be responsible for an attack via the packet-tracing function. The group hopes to have some of this technology in the hands of vendors within 12 months, Khosla said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Oct 23 2003 - 04:51:24 PDT