ACM athena award recipient Elisa Bertino, a professor at Purdue University and research director of the Cyber Space Security Lab of Purdue's Department of Computer Science, has spent her career trying to ensure the security and integrity of the information that is stored in databases and transmitted over mobile, social, cloud, Internet of Things (IoT), and sensor networks. Here, she talks about how her research interests have evolved and why she's not pessimistic about the future of cybersecurity.
You began your research career in the field of databases, first at the Italian National Research Council, and later as a post-doc at IBM's San Jose Research Laboratory. What drew you to security?
My original interest in security began at IBM, where I was looking into how to protect the data stored in databases. From there, I moved from conventional databases to multilevel security databases and began to collaborate with people in cybersecurity. In a way, it was a continuous movement. What really changed was when I moved to Purdue, where there is a big cybersecurity center and a lot of faculty and students working in cybersecurity. That broadened my research perspective quite a lot.
How did you get interested in access control?
When I was at IBM, I was lucky to work in the group that prototyped a lot of fundamental ideas in the area of relational databases. One prototype—the first prototype of SQL—was called System R. System R had an access control system to make sure that users could only access the data they were authorized to access, so I learned how these concepts work from inside an actual system.
Later, you began to explore how to incorporate temporal and locational constraints into access control.
With the rise of the Internet and mobile systems, it occurred to me that whether you can access an item may also depend on your location or on the time of day. That motivated my work on time- and space-based access control systems. I knew it would be useful one day, and of course location-based access control is now increasingly important because everything is mobile.
Mobility brings both opportunities and challenges when it comes to cybersecurity.
Today's systems are much more open than they were in the past. Companies need to be able to collaborate and share data with other companies, and users expect to have direct access to these resources. Because of that, our systems are very complex. When you add mobile systems and IoT devices and robots into the mix, the complexity is even greater. This is a challenge for security, because you've got to deal with complex protocols involving multiple parties.
One very good example is represented by the protocol for cellular networks, where we have recently been doing a lot of work. The standards that are specified for cellular networks are very complex, because they have to deal with many different operations and situations and parties. Ensuring that protocols are correct is easy if the protocols are simple, but when they are complex, it can be quite challenging to make sure there are no vulnerabilities.
Your research group has been working on some systematic approaches to identifying vulnerabilities in cellular networks based on formal methods.
We use a combination of formal methods and well-known tools like model checkers and cryptographic verifiers. But it requires a lot of domain knowledge, and I am lucky to have some good students who really understand cellular networks. We are also trying to come up with defenses for some of the vulnerabilities, which isn't always trivial—not because of the lack of techniques, but because the cellular network ecosystem is so complex. Then also there are a lot of technical constraints, like, for example, backwards compatibility. But because of that, it's also interesting.
Increasingly, people aren't just concerned with data security, but with data trustworthiness and accuracy, an area you began looking into more than a decade ago.
The problem of data quality has been around forever, because organizations that have a lot of data need to be able to ensure it is up to date, free of errors, consistent, clean, and so forth. In cybersecurity, we have techniques for digitally signing information, so that when you get the data, you can check whether or not someone has tampered with it. But the real problem is that somebody can feed you wrong data from the beginning.
We cast our work in the area of sensor networks. When you have a lot of sensors acquiring data, it may not be practical to verify that each piece of data is correct. But you can assign a trust score, that is, an indicator of trustworthiness, by cross-checking the values obtained from all different sources, and use that score to determine which piece of data you want to use. We did a lot of work along those lines with various technical approaches. Another area we've been working on is provenance, because understanding where data was acquired can help you evaluate its trustworthiness.
Finally, in the era of big data, there is a lot of redundancy in data. People have worked for many years on the area of data fusion, where you combine different sources of data to cross-validate and detect errors. So I think that, in a way, we have the technical means to solve many of these problems, but of course that may not be enough. In the end, the companies that collect all that data and make it available must be willing to enforce data quality.
Are you still involved with IoT security research?
Yes, we do a lot of work in that area. Right now, we are focusing on the use of a machine learning technique known as reinforcement learning, which allows a device to learn through reward functions. So the device will take an action, and then it will evaluate a certain reward function to see if this action is beneficial, for example, in saving energy. It will learn by itself. This is a very interesting area, and a lot of people in machine learning and AI are working on it. On the other hand, some of these devices can also make changes to the physical world—for example, they can open a door or a window. And already, some studies have shown that when you combine multiple devices together, their combined actions may lead to some unsafe situations. So we are looking into that issue, and specifically, how to control the autonomous learning of the devices to make sure what they learn does not lead to unsafe situations.
We are also looking into some of the IoT communication protocols to assess their vulnerabilities, and then we'll apply our methodologies based on formal methods.
Has working in cybersecurity made you more pessimistic?
To be honest, I'm not pessimistic. Attacks can be very sophisticated, but a lot of data breaches are due to the lack of even basic security measures. If you're the manager of a very sensitive facility like a nuclear power plant, then you must be extra careful. But in most cases, if you follow best practices like access control, authentication, anomaly detection, and so on, you will have a reasonable level of protection.
©2020 ACM 0001-0782/20/8
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and full citation on the first page. Copyright for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or fee. Request permission to publish from firstname.lastname@example.org or fax (212) 869-0481.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2020 ACM, Inc.
No entries found