News Release 13-140
NSF invests $20 million in large projects to keep the nation's cyberspace secure and trustworthy
With researchers from more than a dozen universities, three large "Frontier" collaborative projects highlight efforts to tackle fundamental challenges in cybersecurity
August 15, 2013
This material is available primarily for archival purposes. Telephone numbers or other contact information may be out of date; please see current contact information at media contacts.
The National Science Foundation (NSF) today issued three large Frontier awards totaling nearly $20 million to support collaborative, multi-university research and education activities that will help protect the nation's vast, critical infrastructure and enable a more secure information society.
In alignment with the themes outlined in the 2011 Strategic Plan for the Federal Cybersecurity Research and Development Program, these efforts will build on NSF's long history of advancing cybersecurity. These awards are funded through NSF's interdisciplinary Secure and Trustworthy Cyberspace (SaTC) program, now in its third year.
"Cybersecurity is one of the most significant economic and national security challenges facing our nation today," said Farnam Jahanian, NSF's assistant director for computer and information science and engineering (CISE).
"NSF's investments in foundational research will transform our capacity to secure personal privacy, financial assets, and national interests. These new Frontier awards will enable innovative approaches to cybersecurity, with potential benefits to all sectors of our economy."
Frontier awards go to large, multi-institution projects that address and heighten the visibility of grand challenge research areas in science and engineering with broad economic and scientific impact.
For more than a decade, NSF has supported transformative cybersecurity research. The SaTC program has continued this commitment in the last year by supporting the interdisciplinary approaches necessary to address grand challenges in cybersecurity.
In fiscal year 2013, the program expanded to include for the first time NSF's Directorate for Education and Human Resources and the Directorate for Engineering, in addition to ongoing participation by CISE and the Mathematical and Physical Sciences, and Social, Behavioral and Economic Sciences directorates.
The three Frontier projects are part of more than 110 new cybersecurity research projects being funded in 33 states, with award amounts ranging from about $100,000 to $10 million. This award portfolio spans state-of-the-art research in a broad range of technical, social and educational areas.
Funded projects pursue technical solutions designed to improve the security of computer systems used in businesses, universities, governments and homes. Project teams seek to devise incentives to reduce the likelihood of cyber attacks and mitigate the negative effects that arise from them. Researchers also develop curriculum to train a 21st-century cybersecurity workforce.
Together, these SaTC awards aim to improve the resilience of software, hardware and critical infrastructure, while preserving privacy, promoting usability and ensuring trustworthiness through foundational research and prototype deployments.
Each of the following new Frontier awards features an interdisciplinary team from multiple universities working on some of the most important and technically challenging cybersecurity issues today.
Enabling trustworthy cybersystems for health and wellness
- Dartmouth College: David Kotz, Eric Johnson, Lisa Marsch
- University of Illinois at Urbana-Champaign: Carl Gunter, Roy Campbell, Klara Nahrstedt
- The Johns Hopkins University: Aviel Rubin, Stephen Checkoway, Jonathan Weiner
- University of Michigan Ann Arbor: Kevin Fu, Michael Bailey
The five-year Trustworthy Health and Wellness (THaW) project will be part of the research initiative on information systems and health care at Dartmouth College's Institute for Security, Technology, and Society. The interdisciplinary team includes experts from computer science, business, behavioral health, health policy and healthcare information technology. The project will tackle challenges to providing trustworthy information systems for health and wellness as the result of sensitive information and health-related tasks being increasingly pushed into mobile devices and cloud-based services.
"Our research is motivated by the rapid deployment of mobile and cloud information technologies in healthcare, both in clinical settings and at home," said lead investigator David Kotz, the Champion International Professor of Computer Science at Dartmouth. "We aim to help these technologies reach their full potential by ensuring they can protect the integrity of medical data and the privacy of patient information."
The THaW team will work to develop usable authentication and privacy tools, trustworthy control of medical devices and effective methods to detect malware, compute trust metrics and audit medical information systems and networks. In the long term, this project will help create health systems that can be trusted by individual citizens to protect their privacy and by health professionals to ensure data integrity and security. The team is also training the next generation of computer scientists by creating courses and sponsoring summer programs for undergraduate and K-12 students and by developing an exchange program for postdoctoral fellows and research students.
Rethinking security in the era of cloud computing
- University of North Carolina at Chapel Hill: Mike Reiter, Jay Aikat
- Stony Brook University: Vyas Sekar
- Duke University: Jeffrey Chase
- North Carolina State University: Peng Ning
- University of Wisconsin at Madison: Thomas Ristenpart, Srinivasa Akella, Michael Swift
RSA Labs: Ari Juels
Comprising a multidisciplinary team of researchers from six organizations, this Frontier award will explore ways in which computer security may make significant leaps forward in a cloud computing setting.
As Mike Reiter, the Lawrence M. Slifkin Distinguished Professor of Computer Science at the University of North Carolina, explains, "The vast majority of cloud-related research in the computer security research community casts the move to cloud computing as intensifying the threats to which data and services are vulnerable. Instead, we see new opportunities for improving security of data and services by moving them to the cloud, and we plan on pursuing an aggressive research agenda to realize these opportunities."
This research team will leverage the common software, hardware and management basis of cloud computing with the broad view of activity across a diversity of user services. This project will develop novel and improved solutions for unified authentication and authorization and auditing across diverse services; effective monitoring and diagnosis for security management of services, networks, datacenters and users; and pervasive encryption to, from and within the cloud. The investigators will convene "Cloud Security Horizons" summits with industry stakeholders to help shape the future of security in cloud computing.
Towards effective Web privacy notice and choice: a multi-disciplinary perspective
- Carnegie Mellon University: Norman Sadeh, Alessandro Acquisti, Travis Breaux, Lorrie Cranor, Noah Smith
- Fordham University: Joel Reidenberg
- Stanford University: Barbara van Schewick, Aleecia McDonald
This Frontier project will research how to improve the usability of privacy policies. Natural language privacy policies have become a de facto standard to address expectations of notice and choice on the Web. However, there is ample evidence that users generally do not read these policies, and that those who do often struggle to understand what they mean. In effect, most Internet users are unable to make informed privacy decisions as they contemplate interacting with different websites.
"If you read privacy notices, you quickly realize that they contain a lot of boilerplate text and that people seem to often be recycling entire sentences and even larger text fragments from one another," noted Norman Sadeh, a professor in the School of Computer Science at Carnegie Mellon University and the project's lead investigator. "This project will aim to exploit these types of patterns."
Specifically, the team will develop scalable technologies to semi-automatically extract key privacy policy features from website privacy policies. It will then present these features to users in an easy-to-digest format that enables them to make more informed privacy decisions as they interact with different websites. Work in this project also involves the systematic collection and analysis of website privacy policies to identify trends and deficiencies in their wording and content--analysis that will be used to inform ongoing public policy debates. The researchers will work closely with industry stakeholders to enable the transfer and large-scale deployment of these technologies.
-NSF-
-
A working session with three members of the Carnegie Mellon research team is shown.
Credit and Larger Version -
Jay Aikat and Michael Reiter of University of North Carolina at Chapel Hill in a machine room.
Credit and Larger Version
Media Contacts
Lisa-Joy Zgorski, NSF, (703) 292-8311, email: lisajoy@nsf.gov
Kim Weaver Spurr, UNC, (919) 962-4093, email: spurrk@email.unc.edu
Nicole Casal Moore, University of Michigan, email: ncmoore@umich.edu
Carrie Johnson, Fordham University, email: cjohnson@law.fordham.edu
Christine Cesaria, SUNY Stony Brook, email: christine@cs.stonybrook.edu
John Cramer, Dartmouth College, (603) 646-9130, email: john.cramer@dartmouth.edu
Alex Murray, Stanford University, (650) 725-7516, email: amurray@law.stanford.edu
Byron Spice, Carnegie Mellon University, (412) 268-9068, email: bspice@cs.cmu.edu
Phil Sneiderman, The Johns Hopkins University, (443) 287-9907, email: prs@jhu.edu
Chris Barncard, University of Wisconsin, Madison, (608)890-0465, email: barncard@wisc.edu
Program Contacts
Nina Amla, NSF, (703) 292-8910, email: namla@nsf.gov
Jeremy Epstein, NSF, (703) 292-8950, email: jepstein@nsf.gov
Related Websites
Dartmouth-led team receives NSF health care cybersecurity grant: http://now.dartmouth.edu/2013/08/dartmouth-led-team-receives-nsf-health-care-cybersecurity-grant/
Carnegie Mellon leads NSF project to help people understand Web privacy policies: http://www.cmu.edu/news/stories/archives/2013/august/aug20_webprivacypolicies.html
The U.S. National Science Foundation propels the nation forward by advancing fundamental research in all fields of science and engineering. NSF supports research and people by providing facilities, instruments and funding to support their ingenuity and sustain the U.S. as a global leader in research and innovation. With a fiscal year 2023 budget of $9.5 billion, NSF funds reach all 50 states through grants to nearly 2,000 colleges, universities and institutions. Each year, NSF receives more than 40,000 competitive proposals and makes about 11,000 new awards. Those awards include support for cooperative research with industry, Arctic and Antarctic research and operations, and U.S. participation in international scientific efforts.
Connect with us online
NSF website: nsf.gov
NSF News: nsf.gov/news
For News Media: nsf.gov/news/newsroom
Statistics: nsf.gov/statistics/
Awards database: nsf.gov/awardsearch/
Follow us on social
Twitter: twitter.com/NSF
Facebook: facebook.com/US.NSF
Instagram: instagram.com/nsfgov