Indiana University researchers are working on two new cybersecurity projects, recently funded by the National Science Foundation, to ensure trustworthy cloud computing and increase computing privacy for marginalized and vulnerable populations.
These research projects are part of the NSF's Secure and Trustworthy Cyberspace program, which seeks ambitious and potentially transformative center-scale projects in the areas of cybersecurity and privacy.
"As technology evolves, so does the need for more robust and thoughtful cybersecurity measures," IU Vice President for Research Fred H. Cate said. "I'm proud that IU researchers are leading the way toward the creation of more comprehensive and inclusive computing protections. The fact that IU faculty play key roles in two of the three teams chosen for these prestigious and important NSF projects showcases the forward-thinking work of our researchers."
The 'holy grail' of data protection
Advances in artificial intelligence and big data analytics rely on data sharing, which can be impeded by privacy concerns.
Using a $9 million NSF grant, IU researchers are leading a multi-institution effort to understand how to protect data shared across distributed computing systems such as cloud computing environments. Nearly $3 million of the overall grant will go directly to IU.
Computing data has three lifecycle stages: data at rest, data in motion and data in use.
Data at rest has reached its destination and is not being used, such as stored data. Data in motion is en route between a source and destination, such as an email on its way to your inbox. Data in use is currently being accessed, read or updated, such as an open Excel spreadsheet.
Data at rest and data in motion are typically encrypted for protection in case they're stolen. But data in use is typically unencrypted and therefore more vulnerable to cyber threats.
"Data-in-use protection is considered to be a holy grail of data protection, since even encrypted data needs to be decrypted before it can be analyzed, so there is a risk that the data could be exposed at that point in time," said XiaoFeng Wang, principal investigator on the project and the James H. Rudy Professor of Computer Science, Engineering and Informatics at the IU Luddy School of Informatics, Computing and Engineering. "Our project will lay the technological foundations for practical data-in-use protection across today and tomorrow's cloud and edge systems. This effort is critical for maintaining U.S. leadership in AI and data science, which heavily relies on data-in-use protection."
Led by IU, the project will establish the Center for Distributed Confidential Computing in collaboration with researchers from Purdue University, Penn State, Carnegie Mellon University, The Ohio State University, Spelman College, Duke University and Yale University.
The researchers will leverage recent progress in the "trusted execution environment" hardware capability in modern computer chips to run secure computation in a way that can't be compromised by malicious software across distributed computing systems. They will work to provide solutions for data in use, such as training machine-learning models on private data across cloud and edge systems.
"The Center for Distributed Confidential Computing is NSF's largest investment in confidential computing," Wang said. "I am so glad that IU can take the lead on this effort of national importance. I'm also honored to serve as the center director. I believe that this award, together with the recent report on IU's prominent MS in Cybersecurity program ranking, demonstrate IU's strength in cybersecurity research and education."
Haixu Tang, a professor of informatics and computing at the Luddy School, is co-principal investigator on the project.
Protecting marginalized and vulnerable populations
Computing systems and services have become ubiquitous in modern society and are deeply embedded in people's daily lives. However, as practices and technologies for ensuring security and privacy of computing systems emerge in this rapidly changing technological landscape, the needs of marginalized and vulnerable populations have been largely unaddressed, as have the consequences of their exclusion.
A team of computer and social scientists from the University of Florida, the University of Washington and IU were awarded a $7.5 million NSF grant to address computer privacy and security issues unique to marginalized populations. The University of Florida will lead the project. Two IU researchers -- Apu Kapadia, a professor of computer science at the Luddy School, and Kurt Hugenberg, a professor of psychological and brain sciences in the College of Arts and Sciences at IU Bloomington -- will lead a nearly $1.5 million portion of the effort.
IU faculty bring unique multidisciplinary strengths to the team. Kapadia, who leads IU's Privacy Lab, has expertise in secure systems and usable security, as well as extensive experience in camera-based assistive technologies for the visually impaired. Hugenberg, who directs IU's Stereotyping, Prejudice and Facial Expression Lab, has expertise in stereotyping and stigma. Together, they will help researchers understand the experiences of marginalized and vulnerable users and help designers build better systems that are both usable and secure for everyone.
"Designers often have assumptions about who they are designing for -- a so-called 'default persona,' which are essentially stereotypes about who the 'typical' user is," Hugenberg said. "This default persona often includes the majority population or privileged individuals, and thus can often overlook the needs and capabilities of marginalized and vulnerable users."
Ultimately, the team will work with industry and policy-makers to translate their research into products used by all Americans, such as the next generation of augmented reality technologies.