Northwest Arkansas Democrat-Gazette
UA sees opportunity fighting tech threats
Along with creating new information technology, researchers at the University of Arkansas at Fayetteville also seek out ways to fight against the security threats that plague computer systems.
Work in cybersecurity earlier this year led UA to be recognized by the National Security Agency as a National Center of Academic Excellence in Information Assurance Research. According to the NSA’s website, 57 other institutions have received the same designation.
Half of UA’s 16 computer science faculty members conduct security research, said Susan Gauch, department head for UA’s Computer Science and Computer Engineering department.
“Individual faculty have lots of individual strengths. But as a department, it is the No. 1 strength of our department,” Gauch said.
The designation from the NSA — first earned in 2012, then affirmed this year after a revamp of the program — comes without special funding, Gauch said. However, she described it as recognition of UA’s reputation in the field.
“You’ve sort of got this seal of approval saying the work that goes on here is high quality,” Gauch said, adding that the designation should help with recruiting faculty.
The field presents various opportunities for researchers — in part because of the ubiquity of problems faced aroundthe-clock by many computer networks, Gauch said.
“We visited Wal- Mart cybersecurity,” Gauch said, describing how the nation’s largest retailer experiences “millions of attacks an hour.”
Such “attacks” vary greatly, Gauch said.
“Some of them are really minor, people just trying to poke and see if they can get in. And some are much more sophisticated,” Gauch said.
Most major companies have hundreds of workers devoted full time to defending computer systems from such attacks, she said.
Some UA researchers focus on such network security concerns. Xintao Wu, who joined UA this year, creates mathematical models designed to quickly and efficiently distinguish real users from attackers.
Wu said it’s important to act quickly and eliminate “false positives” in order to zero in on real threats.
The difficulty in part comes from the sheer number of users on a system, who can potentially number in the millions. So far, Wu has developed advanced techniques tested as part of a static analysis.
But “the ultimate goal is to detect attacks in some real-time way so we can monitor any kind of change,” said Wu, whose other interests include so-called “big data” and health care.
Another UA researcher, Jia Di, has received grants to study hardware security, Gauch said.
“The future’s pretty scary, especially at the hardware level,” Gauch said, describing security concerns that extend to chips used in smartphones, for example. A “back door” on such technology means that “if it passes by some kind of reader, it can automatically dump all the data on your cellphone,” Gauch said.
Other worries involve sabotage.
“Now that we have chips controlling airplanes, is there a code that makes everything turn off?” Gauch asked.
Manufacturing processes often involve the use of third parties, so researchers must devise tests to ensure that no such security concerns exist in computer chips that may otherwise function as expected, Gauch said.
Brajendra Panda, director of the department’s Center for Information Security & Reliability, studies the “insider threat” posed by people with legitimate access to computer systems.
“How do you make sure what they are doing is the authorized work, not something unauthorized?” Panda said.
He tries to answer the question by developing better protocols for accessing information.
“It’s not exactly a better database, rather a better data management technique,” Panda said, describing the focus of his research.
The center isn’t a physical building but was formed about three years ago to help faculty.
Panda said cybersecurity has been a field of growing interest at UA.
“When I joined [UA] in 2001, I was the only person doing research in security,” Panda said.
While researchers have had success securing government grants, the university sees opportunities to focus even more on cybersecurity. A task force report last year identified cybersecurity as an emerging research area, with a total of four departments having faculty involved in such research.
Computer science and industrial engineering faculty, along with representatives from UA’s Sam M. Walton College of Business, are meeting to discuss the potential for more retail-oriented work, Gauch said. If successful, it might mean moving beyond smaller grants.
“We would like to go after something that we can make a bigger name for ourselves and try to go after multimillion-dollar funding opportunities,” Gauch said.