Illinois Security Lab

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The Illinois Security Lab is a research laboratory at the University of Illinois at Urbana-Champaign established in 2004 to support research and education in computer and network security. The lab is part of the Computer Science Department and Information Trust Institute. Its current research projects concern health information technology and critical infrastructure protection. Past projects addressed messaging, networking, and privacy.

Logo for the Illinois Security Lab

Active Projects[edit]

Health Information Technology[edit]

The lab is performing work on the Strategic Healthcare IT Advanced Research Projects on Security (SHARPS) project. It is developing security and privacy technologies to help remove key barriers that prevent the use of health information by systems implementing electronic health records, health information exchanges, and telemedicine.

Critical Infrastructure Protection[edit]

Networked control systems such as the electric power grid use computers for tasks like protecting substations against overloads (digital protective relays) and metering facilities (advanced meters). The lab developed the attested meter to provide security and privacy for advanced meters,[1] and has worked on security for building automation systems [2] and substation automation.

Past Projects[edit]

Assisted Living Security[edit]

Advances in networking, distributed computing, and medical devices are combining with changes in the way health care is financed and the growing number of elderly people to produce strong prospects for the widespread use of assisted living, a health care approach which can benefit from transferring medical information collected in homes or dedicated facilities to clinicians over data networks. The lab explored security engineering of such systems through prototypes, field trials, and formal methods based on an architecture that uses a partially trusted Assisted Living Service Provider (ALSP) as a third party intermediary between assisted persons and clinicians.[3][4]

Adaptive Messaging Policy (AMPol)[edit]

Scalable distributed systems demand an ability to express and adapt to diverse policies of numerous distinct administrative domains. The lab introduced technologies for messaging systems with adaptive security policies based on WSEmail, where Internet messaging is implemented as a web service,[5] and Attribute-Based Messaging (ABM), where addressing is based on attributes of recipients.[6][7]

Contessa Network Security[edit]

Although there has been significant progress on the formal analysis of security for integrity and confidentiality, there has been relatively less progress on treating denial-of-service attacks. The lab has explored techniques for doing this based on the shared channel model, which envisions bandwidth as a limiting factor in attacks and focuses on host-based counter-measures such as selective verification, which exploits adversary bandwidth limitations to favor valid parties.[8] It is also developing new formal methods for reasoning about dynamic configuration of VPNs.

Formal Privacy[edit]

Many new information technologies have a profound impact on privacy. Threats from these have provoked legislation and calls for deeper regulation. The lab has developed ways to treat privacy rules more formally, including better ways to reason using formal methods about conformance and the implications of regulations, and about how to quantify and classify privacy attitudes to control the risks of new technologies. The lab showed how to formally encode HIPAA consent regulations using privacy APIs so they can be analyzed with model checking.[9]


  1. ^ LeMay, Michael; Gross, George; Gunter, Carl A.; Garg, Sanjam (January 2007). "Unified Architecture for Large-Scale Attested Metering". IEEE Hawaii International Conference On System Sciences. HICSS '07. 
  2. ^ Boyer, Jodie P.; Tan, Kaijun; Gunter, Carl A. (April 2006). "Privacy Sensitive Location Information Systems in Smart Buildings". Security in Pervasive Computing. SPC '06. 
  3. ^ May, Michael J.; Shin, Wook; Gunter, Carl A.; Lee, Insup (November 2006). "Securing the Drop-Box Architecture for Assisted Living". ACM Formal Methods in Security Engineering. FMSE '06. 
  4. ^ Wang, Qixin; Shin, Wook; Liu, Xue; Zeng, Zheng; Oh, Cham; Alshebli, Bedoor K.; Caccamo, Marco; Gunter, Carl A.; Gunter, Elsa L.; Hou, Jennifer; Karahalios, Karri; Sha, Lui (October 2006). "I-Living: An Open System Architecture for Assisted Living". IEEE Systems, Man, and Cybernetics. SMC '06. 
  5. ^ Lux, Kevin D.; May, Michael J.; Bhattad, Nayan L.; Gunter, Carl A. (July 2005). "WSEmail: Secure Internet Messaging Based on Web Services". IEEE International Conference on Web Services. ICWS '05. 
  6. ^ Bobba, Rakesh; Fatemieh, Omid; Khan, Fariba; Gunter, Carl A.; Khurana, Himanshu (December 2006). "Using Attribute-Based Access Control to Enable Attribute-Based Messaging". IEEE Annual Computer Security Applications Conference. ACSAC '06. 
  7. ^ Afandi, Raja; Zhang, Jianqing; Hafiz, Munawar; Gunter, Carl A. (December 2006). "AMPol: Adaptive Messaging Policy". IEEE European Conference on web Services. ECOWS '06. 
  8. ^ Gunter, Carl A.; Khanna, Sanjeev; Tan, Kaijun; Venkatesh, Santosh (February 2004). "DoS Protection for Reliably Authenticated Broadcast". ICSOC Network and Distributed Systems Security Symposium. NDSS '04. 
  9. ^ May, Michael J.; Gunter, Carl A.; Lee, Insup (July 2006). "Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies". IEEE Computer Security Foundations Workshop. CSFW '06. 

External links[edit]