Research

By its very nature information assurance is a multidisciplinary research area. While most universities who perform research in computer security focus solely on the technical issues, we have created a truly multidisciplinary effort with faculty from seven departments. We take a truly multidisciplinary approach, searching for both technical and political solutions to security problems. Thus, our program includes faculty, who are actively involved in several core research areas, including:

1) intrusion detection;
2) network security;
3) data privacy and security;
4) dependable systems and networks;
5) security policy and commerce; and
6) computer security education.

This combination of technology, business issues, policy concerns, leadership, and ethics makes our program unique and will allow us to produce highly qualified researchers and educators. The center faculty members have a long history of technology and interaction with industry.

The figure below shows the relationship between the research areas and the departments involved.

NSF I/U CRC Center for Information Protection:

According to Richard Clarke, Former Homeland Security Adviser for Combating Cyber Terrorism, “Our very way of life depends on the secure and safe operations of critical systems that depend on cyberspace.” (CNN, October 9, 2001). Infrastructure security is a pressing issue that needs immediate research attention. To that end, we propose a multi-university Center for Information Protection with Iowa State and its Information Assurance Center (IAC) as the lead entities.

Iowa State has formed a partnership with Mississippi State University and University of Kansas to develop a NSF Industry/University Cooperative Research Center (CRC) in Information Assurance. This project has received phase-two NSF funding ($30,000, $10,000 per school), which will be used to create the center and solicit financial commitments from industrial sponsors. Iowa State currently has two CRC centers—the Center for Nondestructive Evaluation (Iowa State is the sole university) and PSerc (a partnership of 12 universities).

We have identified intrusion detection, ad-hoc network security, and attack-tolerant systems as the core research areas for the new center. This is a subset of the overall capabilities of the faculty members who will be involved with the proposed CIP. It is likely that the list of research areas will grow as planning continues and industry gets involved. The past several years have seen a surge of Internet security research in the field of information assurance, which primarily focused on protecting the data using techniques such as authentication and encryption. However, information assurance assumes that the devices responsible for encrypting, forwarding, and sending are trustworthy. Scientists are now questioning these assumptions, as instances have taken place where the network infrastructure (e.g., routers, servers) is compromised to the advantage of the malicious adversaries. The center will focus on all aspects of protecting information.

As part of phase two, we will hold an industrial planning meeting in August 2003 with the goal of obtaining $600,000 in funding commitments from industrial partners. Once the required funding has been obtained, NSF will designate Iowa State a center and we will receive funding to help support the operation of the center. The creation of this center will help facilitate high quality research among the faculty from the three universities and will lead to an increase in federal research funding.

ISEAGE
We have started to develop the Internet-Scale Event and Attack generation Environment (ISEAGE) (pronounced “ice age”) at the IAC. The goal of ISEAGE is to provide a world-class research and education facility to enhance the current state of the art in information assurance. ISEAGE is outlined in the section on outreach.