The Illinois Security Lab is a research laboratory at the

University of Illinois at Urbana–Champaign The University of Illinois Urbana-Champaign (UIUC, U of I, Illinois, or University of Illinois) is a public land-grant research university in the Champaign–Urbana metropolitan area, Illinois, United States. Established in 1867, it is the f ...

established in 2004 to support research and education in

computer A computer is a machine that can be Computer programming, programmed to automatically Execution (computing), carry out sequences of arithmetic or logical operations (''computation''). Modern digital electronic computers can perform generic set ...

and network security. The lab is part of the

Computer Science Computer science is the study of computation, information, and automation. Computer science spans Theoretical computer science, theoretical disciplines (such as algorithms, theory of computation, and information theory) to Applied science, ...

Department and Information Trust Institute. Its current research projects concern

health information technology Health information technology (HIT) is health technology, particularly information technology, applied to health and health care. It supports health information management across computerized systems and the secure exchange of health informati ...

and

critical infrastructure protection In the U.S., critical infrastructure protection (CIP) is a concept that relates to the preparedness and response to serious incidents that involve the critical infrastructure of a region or the nation. The American Presidential directive PDD-63 o ...

. Past projects addressed

messaging A message is a unit of communication that conveys information from a sender to a receiver. It can be transmitted through various forms, such as spoken or written words, signals, or electronic data, and can range from simple instructions to co ...

networking Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...

, and

privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...

Active projects

Health Information Technology

The lab is performing work on the Strategic Healthcare IT Advanced Research Projects on Security (SHARPS) project. It is developing security and privacy technologies to help remove key barriers that prevent the use of health information by systems implementing

electronic health record An electronic health record (EHR) is the systematized collection of electronically stored patient and population health information in a digital format. These records can be shared across different health care settings. Records are shared thro ...

health information exchange Health Information Exchange (HIE) is the electronic exchange of health care information across organizations within a region, community, or hospital system. Participants in this data exchange are collectively called Health Information Networks (HI ...

s, and telemedicine.

Critical Infrastructure Protection

Networked

control systems A control system manages, commands, directs, or regulates the behavior of other devices or systems using control loops. It can range from a single home heating controller using a thermostat controlling a domestic boiler to large industrial co ...

such as the electric

power grid ''Power Grid'' is the English-language version of the second edition of the multiplayer German-style board game ''Funkenschlag'', designed by Friedemann Friese and first released in 2004. ''Power Grid'' was released by Rio Grande Games. I ...

use computers for tasks like protecting substations against overloads (

digital protective relay In utility and industrial electric power transmission and distribution systems, a numerical relay is a computer-based system with software-based protection algorithms for the detection of electrical faults. Such relays are also termed as micropr ...

s) and metering facilities ( advanced meters). The lab developed the ''attested meter'' to provide security and privacy for advanced meters, and has worked on security for

building automation Building automation (BAS), also known as building management system (BMS) or building energy management system (BEMS), is the automatic centralized control of a building's HVAC, HVAC (heating, ventilation and air conditioning), electrical, light ...

systems and substation automation.

Past projects

Assisted Living Security

Advances in networking, distributed computing, and medical devices are combining with changes in the way health care is financed and the growing number of elderly people to produce strong prospects for the widespread use of

assisted living An assisted living residence or assisted living facility (ALF) is a housing facility for people with disabilities or for adults who cannot or who choose not to live independently. The term is popular in the United States. Still, the setting i ...

, a health care approach which can benefit from transferring medical information collected in homes or dedicated facilities to clinicians over data networks. The lab explored

security engineering Security engineering is the process of incorporating security controls into an information system so that the controls become an integral part of the system's operational capabilities. It is similar to other systems engineering activities in that ...

of such systems through prototypes, field trials, and

formal methods In computer science, formal methods are mathematics, mathematically rigorous techniques for the formal specification, specification, development, Program analysis, analysis, and formal verification, verification of software and computer hardware, ...

based on an architecture that uses a partially trusted ''Assisted Living Service Provider (ALSP)'' as a third party intermediary between assisted persons and clinicians.

Adaptive Messaging Policy (AMPol)

Scalable distributed systems demand an ability to express and adapt to diverse policies of numerous distinct administrative domains. The lab introduced technologies for messaging systems with adaptive

security policies Security policy is a definition of what it means to ''be secure'' for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms ...

based on ''WSEmail'', where Internet messaging is implemented as a

web service A web service (WS) is either: * a service offered by an electronic device to another electronic device, communicating with each other via the Internet, or * a server running on a computer device, listening for requests at a particular port over a n ...

, and ''Attribute-Based Messaging (ABM)'', where addressing is based on attributes of recipients.

Contessa Network Security

Although there has been significant progress on the formal analysis of security for

integrity Integrity is the quality of being honest and having a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and Honesty, truthfulness or of one's actions. Integr ...

and

confidentiality Confidentiality involves a set of rules or a promise sometimes executed through confidentiality agreements that limits the access to or places restrictions on the distribution of certain types of information. Legal confidentiality By law, la ...

, there has been relatively less progress on treating

denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host co ...

s. The lab has explored techniques for doing this based on the ''shared channel model'', which envisions bandwidth as a limiting factor in attacks and focuses on host-based counter-measures such as ''selective verification'', which exploits adversary bandwidth limitations to favor valid parties. It is also developing new

for reasoning about dynamic configuration of

VPN Virtual private network (VPN) is a network architecture for virtually extending a private network (i.e. any computer network which is not the public Internet) across one or multiple other networks which are either untrusted (as they are not c ...

Formal Privacy

Many new information technologies have a profound impact on privacy. Threats from these have provoked legislation and calls for deeper regulation. The lab has developed ways to treat privacy rules more formally, including better ways to reason using

about conformance and the implications of regulations, and about how to quantify and classify privacy attitudes to control the risks of new technologies. The lab showed how to formally encode

HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy– Kassebaum Act) is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, ...

consent regulations using ''privacy APIs'' so they can be analyzed with

model checking In computer science, model checking or property checking is a method for checking whether a finite-state model of a system meets a given specification (also known as correctness). This is typically associated with hardware or software syst ...

References

{{Reflist

External links

SHARPS

TCIPG: Trustworthy Cyber Infrastructure for the Power Grid

UIUC Assisted Living Project

SELS Secure Email List Services
Computer security organizations