“Illinois Security Lab”的意思、由来-开放百科全书

The Illinois Security Lab is a research laboratory at the University of Illinois at Urbana–Champaign established in 2004 to support research and education in computer and network security. The lab is part of the Computer Science Department and Information Trust Institute. Its current research projects concern health information technology and critical infrastructure protection. Past projects addressed messaging, networking, and privacy.

Active projects

Health Information Technology

The lab is performing work on the Strategic Healthcare IT Advanced Research Projects on Security (SHARPS) project. It is developing security and privacy technologies to help remove key barriers that prevent the use of health information by systems implementing electronic health records, health information exchanges, and telemedicine.

Critical Infrastructure Protection

Networked control systems such as the electric power grid use computers for tasks like protecting substations against overloads (digital protective relays) and metering facilities (advanced meters). The lab developed the attested meter to provide security and privacy for advanced meters,^[1] and has worked on security for building automation systems ^[2] and substation automation.

Past projects

Assisted Living Security

Advances in networking, distributed computing, and medical devices are combining with changes in the way health care is financed and the growing number of elderly people to produce strong prospects for the widespread use of assisted living, a health care approach which can benefit from transferring medical information collected in homes or dedicated facilities to clinicians over data networks. The lab explored security engineering of such systems through prototypes, field trials, and formal methods based on an architecture that uses a partially trusted Assisted Living Service Provider (ALSP) as a third party intermediary between assisted persons and clinicians.^[3]^[4]

Adaptive Messaging Policy (AMPol)

Scalable distributed systems demand an ability to express and adapt to diverse policies of numerous distinct administrative domains. The lab introduced technologies for messaging systems with adaptive security policies based on WSEmail, where Internet messaging is implemented as a web service,^[5] and Attribute-Based Messaging (ABM), where addressing is based on attributes of recipients.^[6]^[7]

Contessa Network Security

Although there has been significant progress on the formal analysis of security for integrity and confidentiality, there has been relatively less progress on treating denial-of-service attacks. The lab has explored techniques for doing this based on the shared channel model, which envisions bandwidth as a limiting factor in attacks and focuses on host-based counter-measures such as selective verification, which exploits adversary bandwidth limitations to favor valid parties.^[8] It is also developing new formal methods for reasoning about dynamic configuration of VPNs.

Formal Privacy

Many new information technologies have a profound impact on privacy. Threats from these have provoked legislation and calls for deeper regulation. The lab has developed ways to treat privacy rules more formally, including better ways to reason using formal methods about conformance and the implications of regulations, and about how to quantify and classify privacy attitudes to control the risks of new technologies. The lab showed how to formally encode HIPAA consent regulations using privacy APIs so they can be analyzed with model checking.^[9]

References

1. ^{{cite journal|last=LeMay|first=Michael|author2=Gross, George |author3=Gunter, Carl A. |author4= Garg, Sanjam |title=Unified Architecture for Large-Scale Attested Metering|journal=IEEE Hawaii International Conference on System Sciences|date=January 2007|series=HICSS '07|url=http://seclab.illinois.edu/unified-architecture-for-large-scale-attested-metering}}
2. ^{{cite journal|last=Boyer|first=Jodie P.|author2=Tan, Kaijun |author3=Gunter, Carl A. |title=Privacy Sensitive Location Information Systems in Smart Buildings|journal=Security in Pervasive Computing|date=April 2006|series=SPC '06|url=http://seclab.illinois.edu/privacy-sensitive-location-information-systems-in-smart-buildings}}
3. ^{{cite journal|last=May|first=Michael J.|author2=Shin, Wook |author3=Gunter, Carl A. |author4= Lee, Insup |title=Securing the Drop-Box Architecture for Assisted Living|journal=ACM Formal Methods in Security Engineering|date=November 2006|series=FMSE '06|url=http://seclab.illinois.edu/securing-the-drop-box-architecture-for-assisted-living}}
4. ^{{cite journal|last=Wang|first=Qixin |author2=Shin, Wook |author3=Liu, Xue |author4=Zeng, Zheng |author5=Oh, Cham |author6=Alshebli, Bedoor K. |author7=Caccamo, Marco |author8=Gunter, Carl A. |author9=Gunter, Elsa L. |author10=Hou, Jennifer |author11=Karahalios, Karri |author12=Sha, Lui |title=I-Living: An Open System Architecture for Assisted Living|journal=IEEE Systems, Man, and Cybernetics|date=October 2006|series=SMC '06 | url=http://seclab.illinois.edu/i-living-an-open-system-architecture-for-assisted-living }}
5. ^{{cite journal|last=Lux|first=Kevin D.|author2=May, Michael J. |author3=Bhattad, Nayan L. |author4= Gunter, Carl A. |title=WSEmail: Secure Internet Messaging Based on Web Services|journal=IEEE International Conference on Web Services|date=July 2005|series=ICWS '05 | url=http://seclab.illinois.edu/wsemail-secure-internet-messaging-based-on-web-services }}
6. ^{{cite journal|last=Bobba|first=Rakesh |author2=Fatemieh, Omid |author3=Khan, Fariba |author4=Gunter, Carl A. |author5=Khurana, Himanshu |title=Using Attribute-Based Access Control to Enable Attribute-Based Messaging|journal=IEEE Annual Computer Security Applications Conference|date=December 2006|series=ACSAC '06|url=http://seclab.illinois.edu/using-attribute-based-access-control-to-enable-attribute-based-messaging}}
7. ^{{cite journal|last=Afandi|first=Raja|author2=Zhang, Jianqing |author3=Hafiz, Munawar |author4= Gunter, Carl A. |title=AMPol: Adaptive Messaging Policy|journal=IEEE European Conference on Web Services|date=December 2006|series=ECOWS '06|url=http://seclab.illinois.edu/ampol-adaptive-messaging-policy}}
8. ^{{cite journal|last=Gunter|first=Carl A. |author2=Khanna, Sanjeev |author3=Tan, Kaijun |author4=Venkatesh, Santosh |title=DoS Protection for Reliably Authenticated Broadcast|journal=ICSOC Network and Distributed Systems Security Symposium|date=February 2004|series=NDSS '04|url=http://seclab.illinois.edu/dos-protection-for-reliably-authenticated-broadcast}}
9. ^{{cite journal|last=May|first=Michael J.|author2=Gunter, Carl A. |author3=Lee, Insup |title=Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies|journal=IEEE Computer Security Foundations Workshop|date=July 2006|series=CSFW '06|url=http://seclab.illinois.edu/privacy-apis-access-control-techniques-to-analyze-and-verify-legal-privacy-policies}}