New techniques to strengthen the security of information systems

Published 6 January 2010

Highly developed societies rely more and more on information systems to maintain and enhance their economic vitality, societal welfare, and military effectiveness; as data are exchanged between various users, there is a danger that information could be released to unauthorized parties; the ability to guarantee secure information flow is becoming more critical as government and industry push toward increasingly complex information systems in many areas; K-State computer scientists are developing high-level policy languages and verification techniques to strengthen the security and integrity of such systems

As computers increasingly transfer patient medical records and other sensitive information, a group of computer scientists at Kansas State University is doing basic research that will help designers keep such information safe.

Complex information systems form foundations in U.S. infrastructure and defense forces, and these systems contain data with different security levels, said John Hatcliff, K-State professor of computing and information sciences. As data are exchanged between various users, there is a danger that information could be released to unauthorized parties. The ability to guarantee secure information flow is becoming more critical as government and industry push toward increasingly complex information systems in many areas, including health care, the military and in coordinating disaster relief, Hatcliff said. This is why K-State computer scientists are developing high-level policy languages and verification techniques to strengthen the security and integrity of such systems.

Whether it’s health care or military information, what people really want is the ability to push information out rapidly to anyone who needs it,” Hatcliff said. “You may have a doctor trying to make a diagnosis or a platoon leader trying to coordinate a maneuver in the context of a larger battlefield operation. In either case, more information leads to better decision making and better outcomes. However, you have to make sure as you’re aggressively pushing information to decision makers that you don’t inadvertently leak sensitive information to someone who shouldn’t be seeing it.”

Hatcliff leads K-State’s Specification, Analysis and Transformation of Software laboratory. The other computing and information sciences faculty researchers in the lab are associate professors Turban Amtoft and Robby, and assistant professor Simon Ou. These researchers do work in security, software engineering, programming language semantics and automatic analysis of computer software.

In March 2009 the research group, in collaboration with researchers at Princeton University, received a five-year, $3 million grant from the U.S. Air Force Office of Scientific Research. The researchers are developing tools to secure information systems so that when information is transferred across large systems, there is confidence that nothing is accidentally revealed.

We’re doing foundational research on novel forms of mathematical models and logics that enable designers and analysts to precisely state what information is allowed to flow from one point to another and under what conditions,” Hatcliff said. “Then we’re building tools to help people use those mathematical techniques to verify that their systems are correct.”

The researchers also are receiving funding from Rockwell Collins, a company that creates