DARPA awards computer scientists $2.1 million to integrate security features into mainstream computers

September 27, 2001

PHILADELPHIA - Computer scientists at the University of Pennsylvania have received a two-year, $2,125,000 grant to introduce advanced security features used in special-purpose government computers into standard office PCs.

The funding, from the Defense Advanced Research Projects Agency, represents a change in the federal government's approach to procuring highly secure computers, said principal investigator Jonathan M. Smith. Endlessly besieged by individuals seeking to break into federal web sites and classified files, government computers require security mechanisms and assurances far more stringent than those ordinarily engineered into the computers available to the general public.

"During the last few decades, the government's approach has been to contract researchers to develop high-security workstations specifically for its own uses, outside of the mainstream computer industry," said Smith, professor of computer and information science at Penn. "The problem is that development of these special-purpose computers has generally progressed so slowly that the machines, while indeed secure, are technically obsolete by the time they are put into service."

Smith and colleagues at Penn, the software development consortium OpenBSD, and the Apache Software Foundation and OpenSSL Group propose to use the open-source movement - where programmers openly share incremental advances - to try to engineer better security features into mainstream computers, not only those developed just for the military and other high-security organizations. The government then benefits by purchasing more af-fordable, standardized computers with security features.

"Computers developed for consumer use have focused on user-friendliness, not security concerns," Smith said. "Users generally only care about security when they've had a failure."

Working through OpenBSD, the computing world's most secure forum for the development of open-source software, the team hopes to integrate stronger security features into mainstream software as it progresses through development. Individuals worldwide who are interested in software can download and examine open-source code and suggest revisions. This collaborative approach leads to more robust software more quickly, Smith said.

By auditing the security weaknesses of conventional software as it's developed, Smith's team will try to foster the development of mainstream systems secure enough to meet the government's needs. The team will share its security advances with the open-source software community via OpenBSD, whose machines have proven impervious to break-ins for many years. The team will work on an audit of OpenSSL, the widely used software for e-commerce security found in the Apache web server. Apache software is widely used in web applications.

"We expect our work will represent a serious contribution to all computer manufacturers, not just the government," Smith said. "The source code we develop will be freely available to everyone, and no manufacturers want to deliver an insecure system when they know how to do better."
Smith's colleagues on the DARPA-funded work include Theo de Raadt, project founder and leader of OpenBSD; Michael B. Greenwald, assistant professor of computer and information science at Penn; Ben Laurie, a former mathematician at Cambridge University who is now technical director of A.L. Digital Ltd., a director of the Apache Software Foundation and core team member of the Open SSL Group; and Angelos Keromytis, an assistant professor of computer science at Columbia University.

University of Pennsylvania

Related Software Articles from Brightsurf:

Novel software assesses phonologial awareness
Understanding sounds in language is a critical building block for child literacy, yet this skill is often overlooked.

Software of autonomous driving systems
Researchers at TU Graz and AVL focus on software systems of autonomous driving systems.

New software supports decision-making for breeding
Researchers at the University of Göttingen have developed an innovative software program for the simulation of breeding programmes.

Software updates slowing you down?
We've all shared the frustration -- software updates that are intended to make our applications run faster inadvertently end up doing just the opposite.

Where is George? Ask this software to look at the crowd
Idtracker.ai is a mix of conventional algorithms and artificial intelligence developed at the Champalimaud Centre for the Unknown.

Research finds serious problems with forensic software
New research finds significant flaws in recently released forensic software designed to assess the age of individuals based on their skeletal remains.

Beta of Neurodata Without Borders software now available
Neuroscientists can now explore a beta version of the new Neurodata Without Borders: Neurophysiology (NWB:N 2.0) software and offer input to developers before it is fully released next year.

New software speeds origami structure designs
Researchers at Georgia Institute of Technology have developed a new computer-aided approach that streamlines the design process for origami-based structures, making it easier for engineers and scientists to conceptualize new ideas graphically while simultaneously generating the underlying mathematical data needed to build the structure in the real world.

International competition benchmarks metagenomics software
Communities of bacteria live everywhere: inside our bodies, on our bodies and all around us.

Preventing software from causing injury
Workplace injuries don't just come from lifting heavy things or falling off a ladder.

Read More: Software News and Software Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.