|
$2.1 Million:
Integrate Security Features into Computers
Penn
computer scientists have received a two-year, $2,125,000 grant to
introduce advanced security features used in special-purpose government
computers into standard office PCs.
"The
funding, from the Defense Advanced Re search Projects Agency (DARPA),
represents a change in the federal governments approach to
procuring highly secure computers," said principal investigator
Dr. Jonathan M. Smith. "Endlessly besieged by individuals seeking
to break into federal web sites and classified files, government
computers require security mechanisms and assurances far more stringent
than those ordinarily engineered into the computers available to
the general public."
"During
the last few decades, the governments approach has been to
contract researchers to develop high-security workstations specifically
for its own uses, outside of the mainstream computer industry,"
said Dr. Smith, professor of computer and information science at
Penn. "The problem is that development of these special-purpose
computers has generally progressed so slowly that the machines,
while indeed secure, are technically obsolete by the time they are
put into service."
Smith
and colleagues at Penn, the software development consortium OpenBSD,
and the Apache Software Foundation and OpenSSL Group propose to
use the open-source movementwhere programmers openly share
incremental advancesto try to engineer better security features
into mainstream computers, not only those developed just for the
military and other high-security organizations. The government then
benefits by purchasing more affordable, standardized computers with
security features.
"Computers
developed for consumer use have focused on user-friendliness, not
security concerns," Dr. Smith said. "Users generally only care about
security when theyve had a failure."
Working
through OpenBSD, the computing worlds most secure forum for
the development of open-source software, the team hopes to integrate
stronger security features into mainstream software as it progresses
through development. Individuals worldwide who are interested in
software can download and examine open-source code and suggest revisions.
This collaborative approach leads to more robust software more quickly,
Dr. Smith said.
By
auditing the security weaknesses of conventional software as it
is developed, Smiths team will try to foster the development
of mainstream systems secure enough to meet the governments
needs. The team will share its security advances with the open-source
software community via OpenBSD, whose machines have proven impervious
to break-ins for many years. The team will work on an audit of OpenSSL,
the widely used software for e-commerce security found in the Apache
web server. Apache software is widely used in web applications.
"We
expect our work will represent a serious contribution to all computer
manufacturers, not just the government," Dr. Smith said. "The source
code we develop will be freely available to everyone, and no manufacturers
want to deliver an insecure system when they know how to do better."
Dr.
Smiths colleagues on the DARPA-funded work include Theo de
Raadt, project founder and leader of OpenBSD; Michael B. Greenwald,
assistant professor of computer and information science at Penn;
Ben Laurie, technical director of A.L. Digital Ltd., a director
of the Apache Software Foundation and core team member of the Open
SSL Group; and Angelos Keromytis, assistant professor of computer
science at Columbia University.
Almanac, Vol. 48, No. 6, October 2, 2001
|
ISSUE HIGHLIGHTS:
Tuesday,
October 2, 2001
Volume 48 Number 6
www.upenn.edu/almanac/
|