TL; DR: The Center for Education and Research in Information Assurance and Security (CERIAS) is one of the world’s leading academic sources in the information security field. The center leverages a multidisciplinary approach to protecting critical infrastructure that includes collaborative research across Purdue’s colleges and departments. Through discovery, education, and engagement, CERIAS is committed to advancing the knowledge and practice of information assurance, security, and privacy for years to come.
Our tech-driven world has had an unexpected effect on how we view an age-old tool: the magnifying glass. Once closely associated with scientific experiments and fictional detectives, the magnifying device is now commonly seen as an icon representing search or zoom functionality on websites.
For the Center for Education and Research in Information Assurance and Security (CERIAS), the magnifying glass — featured prominently in the group’s logo — represents the intersection of both viewpoints: classic investigative work and modern technology. Designed by Michael Tieman of Artists Gallerie, the graphic signifies an ability to make small features visible, providing important clues to an investigator.
As stated on the CERIAS website, the group’s magnifying glass logo represents its work researching the practice of information security — and its ability to make new findings visible to students, researchers, and the industry as a whole. By enlarging “IAS” within the magnifying glass, the logo also points to the center’s focus on information assurance and security.
Indeed, CERIAS’s mission is to advance the knowledge and practice of information assurance, security, and privacy through discovery, education, and engagement. And, according to Gene Spafford, Executive Director Emeritus at CERIAS, the center is well on its way toward accomplishing that mission.
“CERIAS is one of the world’s leading research and education centers,” Gene, who is affectionately known on campus as Spaf, said. “Right now, within the rough confines of the center and our faculty members, there are somewhere between 60 and 80 active research projects of one kind or another underway.”
The research, often performed collaboratively across Purdue’s colleges and departments, employs a multidisciplinary approach to protecting critical infrastructure. For example, the school’s Infosec Graduate Program, produced in collaboration with CERIAS, focuses on several academic and professional disciplines when solving problems. Through these and additional initiatives, such as the annual security symposium and weekly seminar series, CERIAS is committed to advancing the security practice now and well into the future.
A Multidisciplinary Approach to Protecting Critical Infrastructure
CERIAS came to life as an offshoot of the Computer Operations Audit and Security Technologies (COAST) lab, which was established by Purdue’s Computer Sciences Department in 1991.
“While I was running COAST with a couple of faculty members, a lot of the companies and government agencies began approaching us with problems that were not solely technical in nature,” Gene said. “They involved management issues, user behavioral issues, economic issues, legal issues — and even occasionally some questions on ethical behavior.”
In response, Gene and his colleagues launched a university-wide institute in May 1998 — now known as CERIAS — with the intention to support faculty and students working on all aspects of the family of problems within online security, information assurance, privacy, and crime investigation.
Today, CERIAS has more than two decades of industry experience and is associated with over 110 Purdue faculty members. The center operates under a consortium model with industry and government partnerships, which encourages participation and feedback and keeps the center up to date on industry challenges, advancements in commercial technology, and pressing business problems.
“Available resources drive a lot of our research, and that’s one of the reasons why our consortium partners are so valuable,” Gene said. “They provide money that isn’t tied to projects and can be used toward speakers, workshops, and other resources. They see the value of it, so they keep coming back every year.”
Collaborative Research Across Colleges and Departments
Research conducted through CERIAS brings together bright minds from eight colleges and more than 20 departments across the Purdue facility. These faculty members take a multidisciplinary approach to solving problems in six security-related divisions: Assured Identity and Privacy; End System Security; Human-Centric Security; Network Security; Policy, Law, and Management; Resiliency and Trusted Electronics; and Prevention, Detection, and Response.
The Assured Identity and Privacy division, for example, unites personnel from the school’s Communication, Computer Science, Industrial Technology, and Sociology departments, among others. Researchers in this group investigate the tension between the increased authorization provided by better identification of online entities and the need to protect privacy rights.
Researchers within the Human-Centric area, who come from departments that include Hospitality & Tourism Management, Psychology, Computer & Information Technology, and Linguistics, focus on how trustworthy technology influences interactions. The division focuses on ecommerce, online trust, digital government services, online news, and spam, among other topics.
The Prevention, Detection, and Response division, on the other hand, focuses on system attacks, with specific areas of expertise including intrusion and misuse detection, hacker profiling, deception and psychological operations, online terrorism, and information warfare.
“As our connected world continues to grow, CERIAS has continued to broaden its focus to areas of concern for cyber and cyber-physical systems; both AI/machine learning, and autonomous systems have become focal research areas,” Gene said.
Gene said companies interested in joining the consortium as a strategic partner are free to do so any time. A small number of the center’s vast collection of research reports are available exclusively to partners through membership. However, the majority of tech reports in the online library are free, including access to student theses.
“The consortium is always open to new members,” Gene said. “Our current projects cover a broad range of topics. We’re looking at securing machine learning, security issues around the IoT and sensor technologies, applying cyber forensics to combat issues of human trafficking and exploitation. And the faculty are constantly on the lookout for new things to begin to investigate.”
The Infosec Graduate Program, in Association with CERIAS
While CERIAS is a research entity and not an educational unit in terms of offering classes, its academic collaborations have helped more than 250 students earn Ph.D.s and 400 earn master’s degrees over the years. During that time, Gene said the security landscape has undergone considerable changes, requiring the educational philosophy of CERIAS to evolve.
“If you go back to 1998, that was the dawn of commercial use of the internet,” he said. “Today, with mobile phones, cloud computing, the IoT, and billions of dollars in ecommerce and social media, we see significant shifts in platforms as well the motivations of users — and all of these things impact security.”
The industry is also increasingly favoring short-term returns over long-term benefits — a shift Gene said is particularly evident when it comes to privacy protection. “People value privacy, yet are willing to give it up for something as trivial as a discount,” he said. “And corporations will claim to support privacy as a public good and then turn around and sell all the data they’ve accumulated on their users because it makes money.”
From an educational perspective, it’s essential to consider how trends like these fall into the online security puzzle, and that’s why CERIAS offers students a multidisciplinary academic approach. The majority of graduates associated with the CERIAS program earn degrees in computer science but awareness of other industries adds value to what they do.
“We don’t force people to color outside the lines, but we give them the opportunity to see what’s there,” Gene said. “Most of them do dissertation work that is mainstream computer science, but they often choose ways of demonstrating their development skills in areas like healthcare or public policy.”
An Upcoming Spring Symposium and Weekly Seminar Series
Looking forward, CERIAS has a number of initiatives in store. CERIAS 2019, the center’s annual security symposium, will take place April 9 through 10 at Purdue’s Stewart Center (followed by a members-only event on April 11). The public event will feature experts from within the center as well as the government and industry at large.
“One of the other highlights of this event will be a poster presentation on about two-thirds of the research projects going on within the center, as demonstrated by the students who are involved,” Gene said.
In addition to yearly symposiums, CERIAS has held a weekly security seminar every semester since the spring of 1992. Close to 200 recorded presentations, dating back as far as 2003; and abstracts and associated material, dating back to 1994; are accessible for free on YouTube, iTunes, and the CERIAS website. These courses are open to everyone, though Purdue students can receive course credit for attending. Topics include computer crime investigation, information warfare, information ethics, public policy, and the computing underground, among other relevant trends, with a new seminar posted each week.
These opportunities are just another way CERIAS is working to magnify its focus on information assurance and security.