Science of Security Hard Problems: A Lablet Perspective

David Nicol (UIUC)

David Nicol and his students have been studying the security properties of large-scale systems through Project MOSES. The project is examining large-scale system behavior and developing simulation and modeling methodology that supports demonstration and evaluation of that behavior. Historically Prof. Nicol and his students have studied computer and communication networks. However, many of the techniques and tools they've developed have applications in other contexts. They use continuous, discrete-event, and hybrid models. Their recent work looks at issues in network security. For example, one project is modeling worm propagation and its interaction with the Internet's routing infrastructure. Another is developing and modeling security mechanisms in a p2p network designed to support the survivability of networks running critical infrastructure (e.g., SCADA systems). Still another is developing an on-line real-time network simulator of large-scale systems for use in exercise and scenario games used to evaluate how organizations respond to cyber-attacks.

William Sanders (UIUC)

William H. Sanders is a Donald Biggar Willett Professor of Engineering and the Director of the Coordinated Science Laboratory (www.csl.illinois.edu) at the University of Illinois at Urbana-Champaign. He is a professor in the Department of Electrical and Computer Engineering and Affiliate Professor in the Department of Computer Science. He is a Fellow of the IEEE and the ACM, a past Chair of the IEEE Technical Committee on Fault-Tolerant Computing, and past Vice-Chair of the IFIP Working Group 10.4 on Dependable Computing. He was the founding Director of the Information Trust Institute (www.iti.illinois.edu) at Illinois. Dr. Sanders’s research interests include secure and dependable computing and security and dependability metrics and evaluation, with a focus on critical infrastructures. He has published more than 200 technical papers in those areas. He is currently the Director and PI of the DOE/DHS Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) Center (www.tcipg.org), which is at the forefront of national efforts to make the U.S. power grid smart and resilient. He is also co-developer of three tools for assessing computer-based systems: METASAN, UltraSAN, and Möbius. Möbius and UltraSAN have been distributed widely to industry and academia; more than 500 licenses for the tools have been issued to universities, companies, and NASA for evaluating the performance, dependability, and security of a variety of systems. He is also a co-developer of the Loki distributed system fault injector, the AQuA/ITUA middlewares for providing dependability/security to distributed and networked applications, and the NetAPT (Network Access Policy Tool) for assessing the security of networked systems.

William Scherlis (CMU)

William L. Scherlis is a full Professor in the School of Computer Science at Carnegie Mellon. He is director of CMU's Institute for Software Research (ISR) in the School of Computer Science and the founding director of CMU's PhD Program in Software Engineering. Since Jan 2012 he has also been serving as Acting CTO for the Software Engineering Institute. His research relates to software assurance, software analysis, and assured safe concurrency. Dr. Scherlis joined the Carnegie Mellon faculty after completing a Ph.D. in Computer Science at Stanford University, a year at the University of Edinburgh (Scotland) as a John Knox Fellow, and an A.B. at Harvard University. He served at Defense Advanced Research Projects Agency (DARPA) for six years, departing in 1993 as a senior executive. Scherlis has led the Fluid Project for more than a decade, which has focused on achieving scalable software assurance through techniques and tools for "analysis-based verification," with an emphasis on properties related to concurrency, security, and component composition. The tools are based primarily on sound static analysis but also include dynamic and heuristic analysis. Scherlis has testified before Congress three times on matters related to innovation and computing. He chaired the National Research Council (NRC) study committee on defense software producibility, which in 2010 released its final report Critical Code: Software Producibility for Defense. He served multiple terms as a member of the DARPA Information Science and Technology Study Group (ISAT). He has been an advisor to major IT companies and is a founder of SureLogic and Panopto. He has served as program chair for a number of technical conferences, including the ACM Foundations of Software Engineering (FSE) Symposium. He has more than 80 scientific publications. He is a Fellow of the IEEE and a lifetime National Associate of the National Academy of Sciences.

Laurie Williams (NCSU)

Laurie Williams is Professor in the Computer Science Department of the College of Engineering at North Carolina State University (NCSU). Her research focuses on software security particularly in relation to healthcare IT; agile software development practices and processes; software reliability, software testing and analysis; open source software development; and broadening participation and increasing retention in computer science. Laurie’s research has emphasized the importance of having practical relevance in software engineering research and providing research solutions to solve the problems faced in day-to-day software development. She leads the Software Engineering Realsearch research group at NCSU. With her students in the Realsearch group, Laurie has been involved in working collaboratively with high tech industries like ABB Corporation, Cisco, IBM Corporation, Microsoft, Nortel Networks, Red Hat, Sabre Airline Solutions, SAS, Tekelec, and healthcare IT organizations and on open source software. The Realsearch team works on research activities ranging from security issues in healthcare IT applications to software process to applying failure-prediction in-process during development to impact programmer productivity and ensure the development of high quality, reliable applications. The research collaborations have resulted in significant publications in the primary conferences in her research area maintaining a balance between research and practice in software engineering. Laurie has more than 170 refereed publications. Laurie was named an ACM Distinguished Scientist in 2011. Laurie is one of the foremost researchers in the security of healthcare IT applications and of agile software development. Laurie is the Director of the North Carolina State University Laboratory for Collaborative System Development and the software engineering area representative for the Secure Open Systems Initiative.