Thursday, June 30, 2022

Trusted CI co-PI Bart Miller wins award for landmark paper on dependable computing

Bart Miller, Trusted CI co-PI, and his two student co-authors were honored with the 2022 Jean-Claude Laprie Award in Dependable Computing on June 28 in Baltimore, Md. Miller, along with L. Fredriksen, and B. So, were presented the award during the opening session of the Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

The groundbreaking paper, “An Empirical Study of the Reliability of UNIX Utilities," published in 1990, launched the field of fuzz random testing, or fuzzing as it is commonly called. The paper created a new technique for easy-to-use software testing and then used that technique to evaluate UNIX utilities crashes. As part of this research, the authors also studied the root causes of the failures. They also released its code and data openly (a novelty at that time). The paper has been cited more than 1,300 times and was responsible for creating an entire new branch of testing and security research. Hundreds of papers and tens of PhD dissertations are produced each year in this area.

Today, fuzzing is taught in introductory software testing and security courses, is a prominent area of focus at numerous conferences, and is recognized by major companies. For example, Microsoft recently published a paper on how they integrate fuzzing in the life cycle of almost all their products. Similarly, Google recently reported that 80 percent of the bugs they find in production in the Chrome web browser are due to fuzzing. 

Fuzzing is heavily used in security research and is often the tool of choice for penetration testers. Thus, this paper has important implications for reliability and security research.

About Bart Miller

Bart Miller with his Cessna TR182 that he bought in 1980. He's had his commercial pilots license since 1979. 

Barton Miller is the Vilas Distinguished Achievement Professor at the University of Wisconsin-Madison. Co-PI on Trusted CI, where he leads the software assurance effort. Research interests include software security, in-depth vulnerability assessment, and binary code analysis. In 1988, Miller founded the field of fuzz random software testing, a foundation of many security and software engineering disciplines. In 1992, Miller and his then­-student Jeffrey Hollingsworth founded the field of dynamic binary code instrumentation and coined the term “dynamic instrumentation.” Miller is a Fellow of the ACM.

About the Jean-Claude Laprie Award in Dependable Computing

The award was created in 2011, in honor of Jean-Claude Laprie (1944-2010), whose pioneering contributions to the concepts and methodologies of dependability were influential in defining and unifying the field of dependable and secure computing. The award recognizes outstanding papers that have significantly influenced the theory and/or practice of dependable computing.

About IFIP WG 10.4 on Dependable Computing and Fault Tolerance

IFIP Working Group 10.4 was established in 1980 with the aim of identifying and integrating approaches, methods, and techniques for specifying, designing, building, assessing, validating, operating, and maintaining dependable computer systems (those that are reliable, available, safe, and secure). Its 75 members from around the world meet twice a year to conduct in-depth discussions of important technical topics to further the understanding of the fundamental concepts of dependable computing.

About the International Federation for Information Processing

IFIP is a non-governmental, non-profit umbrella organization for national societies working in the field of information processing. It was established in 1960 under the auspices of UNESCO as a result of the first World Computer Congress held in Paris in 1959. It is the leading multinational, apolitical organization in Information and Communications Technologies and Sciences.


Monday, June 27, 2022

Announcement of Trusted CI Director Transition

Dear Trusted CI community, friends, and partners,

After 10 years of directing Trusted CI, I am stepping down as Trusted CI Director today. I thank all of you for your support over the past decade - you have made my job both a huge privilege and a pleasure. I also extend my gratitude to NSF for providing this unique opportunity.

I’m excited to share that Jim Basney has agreed to accept the role of Trusted CI Director. Jim has served as Trusted CI’s Deputy Director for the past three years and has been part of its leadership team since its inception. I suspect most of you already know Jim and will join me in my optimism that Jim will serve as an excellent leader for Trusted CI’s second decade.

I thank Jim for his contributions as deputy, which I found invaluable, and I’m happy to also share that Jim will receive similar support from Sean Peisert, who has agreed to serve as Trusted CI Deputy Director going forward. Since Sean joined Trusted CI in 2019 he has made strong leadership contributions, including serving as a co-PI the last year  and leading annual challenges and the OSCRP effort.

Kelli Shute will be staying on as Executive Director and has my thanks for her contributions in this role both past and into the future. Jim, Sean, and Kelli will be supported by the rest of the current leadership team: Kathy Benninger, Professor Bart Miller, and Mark Krenz.

I ask you to join me in congratulating Jim and Sean, and providing them and the rest of the team with the same support and collaboration going forward which you extended to me over the past decade. You can contact Jim and Sean directly at jbasney@illinois.edu and sppeisert@lbl.gov.

While my stepping down as Trusted CI Director is part of a larger life change I am making in that I will be leaving Indiana University at the end of the month, I will remain involved with Trusted CI to support this transition. 

Thank you, it has been an honor.

Von


Wednesday, June 22, 2022

Indiana University Center for Applied Cybersecurity Research releases an “ Effective Cybersecurity for Research” Whitepaper

 The tension between cybersecurity and research has kept institutional cybersecurity efforts for research confined to the most sensitive research, especially in academia.  Evolving threats and new cybersecurity requirements scoped beyond individual awards are now slated to change the status quo.  They point to a future where securing research holistically is no longer optional.  Indiana University’s Center for Applied Cybersecurity Research released a paper this week outlining an approach to cybersecurity for research that shows great promise in breaking the prevailing security versus research impasse. It focuses exclusively on the researcher and the research mission, reduces the cybersecurity and compliance burden on the researcher, and secures not only research subject to rules and regulations, but all research.  It is being embraced by researchers voluntarily and accelerating research measurably.


The paper can be accessed by visiting this EDUCAUSE library page:  Effective Cybersecurity for Research