PITTSBURGH—Researchers at Carnegie Mellon University have joined with the Army Research Laboratory and academic partners in a new collaborative research alliance to develop a new science of how to make security-relevant decisions in cyberspace.
The five-year funding for the core and enhanced program is $23.2 million, with an additional $25 million for the optional five-year extension — a potential total of $48.2 million over the 10-year collaboration. The research alliance includes Penn State University, the University of California, Davis, the University of California, Riverside, and Indiana University, as well as Army Research Lab scientists.
The new science will enable future computing systems to take actions in response to attacks without human intervention. For example, a server observing unusual network traffic from an unknown entity might determine it was under attack and filter that traffic. However, many of the required actions will need human decision-making and action.
Patrick D. McDaniel, professor of computer science and engineering at Penn State, is the principal investigator on the project, titled Models for Enabling Continuous Reconfigurability of Secure Missions. At CMU, the lead investigator is Lorrie Cranor, associate professor of computer science and engineering and public policy.
The alliance will focus on: detecting adversaries and attacks in the cyberspace; measuring and managing risk; and altering the environment to achieve best results at the least cost. A fourth area, developing models of human behaviors and capabilities that enable understanding and predicting motivations and actions of users, defenders and attackers, will be integrated into the first three areas.
Cranor, director of the CyLab Usable Privacy and Security Laboratory, said the CMU researchers will work in all of the areas, but will focus especially on psychosocial activities.
“One of the salient aspects of our proposed research is in the realization that humans are integral to maintaining cybersecurity and to breaches of security,” she said. “Their behavior and cognitive and psychological biases have to be integrated as much as any other component of the system that one is trying to secure.”
The project at CMU is funded through CyLab, the world’s largest university-based research and education center for computer and network security, information security and software assurance. CyLab is located in the university's College of Engineering with campuses in Silicon Valley and Pittsburgh. CMU CyLab establishes public-private partnerships for the research and development of technologies for sustainable, resilient and trustworthy computing and communication systems.
Other CMU investigators include Lujo Bauer, associate research professor of electrical and computer engineering and CyLab, Nicolas Christin, assistant research professor of ECE and CyLab, and Coty Gonzalez, associate research professor of social and decision sciences and director of the Dynamic Decision Making Laboratory.