Software to test cyber security systems for flaws

Tuesday, April 13, 2010 @ 05:04 PM gHale

Sometimes all you need is a little opening in the door and you can burst through. When it comes to security it is no different. While systems are tougher to crack these days, they are not infallible.

“When you work in cyber security, everything has to be just right,” said Prof. Christopher Lynch, chair of Clarkson University’s Division of Mathematics and Computer Science. “One little thing might be off, and that’s the hole the intruder needs to come through and get everything.”[private]

Along those lines, Lynch is developing software programs that will test cyber security systems for flaws before they become operational.

Lynch works in a mathematical realm called automated reasoning, teaching machines to think. In his current project, Lynch wants to teach machines to scan cyber security systems for glitches. People could do the job, but not as well, he said.

“A machine works better because the job requires speed, keeping track of many things at one time, plus the work is tedious,” Lynch said. “A human might not consider all the alternatives, and they would make mistakes.”

The project is capturing some attention as the National Science Foundation decided to fund $1.2 million for the project, which involves Clarkson and four other research centers: The University at Albany-SUNY, the University of New Mexico, the University of Illinois, and the Naval Research Laboratory.

The project is so complex it requires the input of specialists at five research centers. “We have different expertise,” said Lynch, a professor of computer science. “I know automated reasoning. My colleague at the Naval Research Center is an expert in cryptographic protocols (instructions written in code). One of us alone cannot do this.”

For many cyber security means using passwords and keeping them secret.

In Lynch’s world, hackers steal information and disable computer systems with barrages of junk. It’s a world where computers talk to each other, creating openings through which hackers can intercept information or substitute their own. Sometimes hackers dart in and out undetected. “From the point of view of the criminal, the best thing is to get in and out without anybody knowing about it; to make things look normal when they’re not,” Lynch said.

Lynch’s research comes as hackers have developed the capability to damage global commerce, penetrate national security networks, disrupt the electric grid, and derail pretty much anything that depends on computers.

“An adequate national capability to respond to the growing cyber threat does not exist,” concluded a report issued by the National Telecommunications Advisory Committee in May 2009. Six weeks later, an orchestrated cyber attack struck 27 U.S. and South Korean government agencies and commercial Web sites, temporarily jamming more than a third of them.

Lynch envisions a cyber security system with wide applications ranging from banking to national security. “It would deal with pretty much anything where you need to be sure your information is kept secret,” he said. “The point is that almost everything in our lives today involves computers. We need them to be secure.”

In many ways, the current method of cyber security is to react versus be proactive. Lynch’s team wants their programs to find cyber security flaws in a system before it hits the commercial market. Having said that, the software could also look for flaws in legacy products.

In the nature of the cyber threat, even this software will not last forever. That is because the bad guys will always find away around to steal information.

“When we finish this project, it’s not going to be the end,” said Lynch. “We come up with better ways to protect our data, and then people who are trying to steal our data come up with better ways of doing that. It’s a battle back and forth. I don’t think there will ever be a point where we’ve solved the problem.”[/private]

Leave a Reply

You must be logged in to post a comment.