"Cybersecurity is one of the most significant economic and national security challenges facing our nation today," said Farnam Jahanian, the NSF's assistant director for computer and information science and engineering (CISE), in a statement. "NSF's investments in foundational research will transform our capacity to secure personal privacy, financial assets, and national interests. These new Frontier awards will enable innovative approaches to cybersecurity, with potential benefits to all sectors of our economy."
The first award, for research into enabling trustworthy cybersystems for health and wellness, will tackle challenges to providing trustworthy information systems for health and wellness as the result of sensitive information and health-related tasks being increasingly pushed into mobile devices and cloud-based services.
"Our research is motivated by the rapid deployment of mobile and cloud information technologies in healthcare, both in clinical settings and at home," said lead investigator David Kotz, the Champion International Professor of Computer Science at Dartmouth. "We aim to help these technologies reach their full potential by ensuring they can protect the integrity of medical data and the privacy of patient information."
The team will work to develop usable authentication and privacy tools, trustworthy control of medical devices and effective methods to detect malware, compute trust metrics and audit medical information systems and networks. In the long term, the project will help create health systems that can be trusted by individual citizens to protect their privacy and by health professionals to ensure data integrity and security. The team is also training the next generation of computer scientists by creating courses and sponsoring summer programs for undergraduate and K–12 students and by developing an exchange program for postdoctoral fellows and research students.
A second project on rethinking security in the era of cloud computing will explore ways in which computer security may make significant leaps forward in a cloud computing setting.
"The vast majority of cloud-related research in the computer security research community casts the move to cloud computing as intensifying the threats to which data and services are vulnerable,” said Mike Reiter, the Lawrence M. Slifkin Distinguished Professor of Computer Science at the University of North Carolina. “Instead, we see new opportunities for improving security of data and services by moving them to the cloud, and we plan on pursuing an aggressive research agenda to realize these opportunities."
This research team will leverage the common software, hardware and management basis of cloud computing with the broad view of activity across a diversity of user services. This project will develop novel and improved solutions for unified authentication and authorization and auditing across diverse services; effective monitoring and diagnosis for security management of services, networks, datacenters and users; and pervasive encryption to, from and within the cloud. The investigators will also convene "Cloud Security Horizons" summits with industry stakeholders to help shape the future of security in cloud computing.
The third project, titled “Towards effective Web privacy notice and choice: a multi-disciplinary perspective,” will research how to improve the usability of privacy policies. Natural language privacy policies have become a de facto standard to address expectations of notice and choice on the web. However, there is ample evidence that users generally do not read these policies, and that those who do often struggle to understand what they mean. In effect, most internet users are unable to make informed privacy decisions as they contemplate interacting with different websites.
"If you read privacy notices, you quickly realize that they contain a lot of boilerplate text and that people seem to often be recycling entire sentences and even larger text fragments from one another," noted Norman Sadeh, a professor in the School of Computer Science at Carnegie Mellon University and the project's lead investigator. "This project will aim to exploit these types of patterns."
Specifically, the team will develop scalable technologies to semi-automatically extract key privacy policy features from website privacy policies. It will then present these features to users in an easy-to-digest format that enables them to make more informed privacy decisions as they interact with different websites. Work in this project also involves the systematic collection and analysis of website privacy policies to identify trends and deficiencies in their wording and content – analysis that will be used to inform ongoing public policy debates. The researchers will work closely with industry stakeholders to enable the transfer and large-scale deployment of these technologies.
The projects are part of more than 110 new cybersecurity research projects being funded in 33 states, with award amounts ranging from about $100,000 to $10 million.
Three Frontier awards have been funded through NSF's interdisciplinary Secure and Trustworthy Cyberspace (SaTC) program, now in its third year. These awards typically go to large, multi-institution projects that address and heighten the visibility of grand challenge research areas in science and engineering, with broad economic and scientific impact. Funded projects pursue technical solutions designed to improve the security of computer systems used in businesses, universities, governments and homes. Project teams seek to devise incentives to reduce the likelihood of cyber-attacks and mitigate the negative effects that arise from them. Researchers also develop curriculum to train a 21st-century cybersecurity workforce.
In fiscal year 2013, the program expanded to include for the first time NSF's Directorate for Education and Human Resources and the Directorate for Engineering, in addition to ongoing participation by CISE and the Mathematical and Physical Sciences, and Social, Behavioral and Economic Sciences directorates.