Illinois Security Lab
Encyclopedia
The Illinois Security Lab is a research laboratory at the University of Illinois at Urbana-Champaign
established in 2004 to support research and education in computer
and network security
. The lab is part of the Computer Science
Department and Information Trust Institute
. Its current research projects concern health information technology
and critical infrastructure protection
. Past projects addressed messaging, networking, and privacy
.
, health information exchanges, and telemedicine
.
against overloads (digital protective relay
s) and metering facilities (advanced meters
). The lab developed the attested meter to provide security and privacy for advanced meters , and has worked on security for building automation
systems and substation automation.
, a health care approach which can benefit from transferring medical information collected in homes or dedicated facilities to clinicians over data networks. The lab explored security engineering of such systems through prototypes, field trials, and formal methods
based on an architecture that uses a partially-trusted Assisted Living Service Provider (ALSP) as a third party intermediary between assisted persons and clinicians .
based on WSEmail, where Internet messaging is implemented as a web service
, and Attribute-Based Messaging (ABM), where addressing is based on attributes of recipients .
and confidentiality
, there has been relatively less progress on treating denial-of-service attacks
. The lab has explored techniques for doing this based on the shared channel model, which envisions bandwidth as a limiting factor in attacks and focuses on host-based counter-measures such as selective verification, which exploits adversary bandwidth limitations to favor valid parties . It is also developing new formal methods
for reasoning about dynamic configuration of VPNs.
about conformance and the implications of regulations, and about how to quantify and classify privacy attitudes to control the risks of new technologies. The lab showed how to formally encode HIPAA consent regulations using privacy APIs so they can be analyzed with model checking
.
University of Illinois at Urbana-Champaign
The University of Illinois at Urbana–Champaign is a large public research-intensive university in the state of Illinois, United States. It is the flagship campus of the University of Illinois system...
established in 2004 to support research and education in computer
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
and network security
Network security
In the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources...
. The lab is part of the Computer Science
Computer science
Computer science or computing science is the study of the theoretical foundations of information and computation and of practical techniques for their implementation and application in computer systems...
Department and Information Trust Institute
Information Trust Institute
- History :The Information Trust Institute was founded in 2004 as an interdisciplinary unit designed to approach information security research from a systems perspective. It examines information security by looking at what makes machines, applications, and users trustworthy...
. Its current research projects concern health information technology
Health information technology
Health information technology provides the umbrella framework to describe the comprehensive management of health information across computerized systems and its secure exchange between consumers, providers, government and quality entities, and insurers...
and critical infrastructure protection
Critical Infrastructure Protection
Critical infrastructure protection is a concept that relates to the preparedness and response to serious incidents that involve the critical infrastructure of a region or nation....
. Past projects addressed messaging, networking, and privacy
Privacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
.
Health Information Technology
The lab is performing work on the Strategic Healthcare IT Advanced Research Projects on Security (SHARPS) project. It is developing security and privacy technologies to help remove key barriers that prevent the use of health information by systems implementing electronic health recordsElectronic Health Record
An electronic health record is an evolving concept defined as a systematic collection of electronic health information about individual patients or populations...
, health information exchanges, and telemedicine
Telemedicine
Telemedicine is the use of telecommunication and information technologies in order to provide clinical health care at a distance. It helps eliminate distance barriers and can improve access to medical services that would often not be consistently available in distant rural communities...
.
Critical Infrastructure Protection
Networked control systems such as the electric power grid use computers for tasks like protecting substationsElectrical substation
A substation is a part of an electrical generation, transmission, and distribution system. Substations transform voltage from high to low, or the reverse, or perform any of several other important functions...
against overloads (digital protective relay
Digital protective relay
In electrical engineering of power systems, a digital protective relay uses a microcontroller with software-based protection algorithms for the detection of electrical faults...
s) and metering facilities (advanced meters
Smart meter
A smart meter is usually an electrical meter that records consumption of electric energy in intervals of an hour or less and communicates that information at least daily back to the utility for monitoring and billing purposes. Smart meters enable two-way communication between the meter and the...
). The lab developed the attested meter to provide security and privacy for advanced meters , and has worked on security for building automation
Building automation
Building automation describes the functionality provided by the control system of a building. A building automation system is an example of a distributed control system...
systems and substation automation.
Assisted Living Security
Advances in networking, distributed computing, and medical devices are combining with changes in the way health care is financed and the growing number of elderly people to produce strong prospects for the widespread use of assisted livingAssisted living
Assisted living residences or assisted living facilities provide supervision or assistance with activities of daily living ; coordination of services by outside health care providers; and monitoring of resident activities to help to ensure their health, safety, and well-being.Assistance may...
, a health care approach which can benefit from transferring medical information collected in homes or dedicated facilities to clinicians over data networks. The lab explored security engineering of such systems through prototypes, field trials, and formal methods
Formal methods
In computer science and software engineering, formal methods are a particular kind of mathematically-based techniques for the specification, development and verification of software and hardware systems...
based on an architecture that uses a partially-trusted Assisted Living Service Provider (ALSP) as a third party intermediary between assisted persons and clinicians .
Adaptive Messaging Policy (AMPol)
Scalable distributed systems demand an ability to express and adapt to diverse policies of numerous distinct administrative domains. The lab introduced technologies for messaging systems with adaptive security policiesSecurity policy
Security policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls...
based on WSEmail, where Internet messaging is implemented as a web service
Web service
A Web service is a method of communication between two electronic devices over the web.The W3C defines a "Web service" as "a software system designed to support interoperable machine-to-machine interaction over a network". It has an interface described in a machine-processable format...
, and Attribute-Based Messaging (ABM), where addressing is based on attributes of recipients .
Contessa Network Security
Although there has been significant progress on the formal analysis of security for integrityIntegrity
Integrity is a concept of consistency of actions, values, methods, measures, principles, expectations, and outcomes. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions...
and confidentiality
Confidentiality
Confidentiality is an ethical principle associated with several professions . In ethics, and in law and alternative forms of legal resolution such as mediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to...
, there has been relatively less progress on treating denial-of-service attacks
Denial-of-service attack
A denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
. The lab has explored techniques for doing this based on the shared channel model, which envisions bandwidth as a limiting factor in attacks and focuses on host-based counter-measures such as selective verification, which exploits adversary bandwidth limitations to favor valid parties . It is also developing new formal methods
Formal methods
In computer science and software engineering, formal methods are a particular kind of mathematically-based techniques for the specification, development and verification of software and hardware systems...
for reasoning about dynamic configuration of VPNs.
Formal Privacy
Many new information technologies have a profound impact on privacy. Threats from these have provoked legislation and calls for deeper regulation. The lab has developed ways to treat privacy rules more formally, including better ways to reason using formal methodsFormal methods
In computer science and software engineering, formal methods are a particular kind of mathematically-based techniques for the specification, development and verification of software and hardware systems...
about conformance and the implications of regulations, and about how to quantify and classify privacy attitudes to control the risks of new technologies. The lab showed how to formally encode HIPAA consent regulations using privacy APIs so they can be analyzed with model checking
Model checking
In computer science, model checking refers to the following problem:Given a model of a system, test automatically whether this model meets a given specification....
.