“On the educational front, we offer two MS programs that help train a workforce skilled in identifying and addressing a wide range of cybersecurity issues,” said Reza Curtmola, co-director of NJIT’s Cybersecurity Research Center and associate professor of computer science at Ying Wu College of Computing (YWCC), which houses New Jersey’s Homeland Security Technology Systems and was designated a Center of Academic Excellence in Cyber Defense Education by the National Security Agency and Department of Homeland Security through 2020.
“On the research front,” he continued, “our faculty lead cutting-edge projects that prevent criminals from tampering with the software development and distribution process, and enable a rich set of security guarantees for data owners who entrust their data and computation to cloud service providers.”
Here’s a quick peek at 7 NJIT research initiatives that take a bite out of cybercrime:
1. DEFENDING SOFTWARE SUPPLY CHAINS AGAINST HACKERS
Curtmola spearheaded the creation of the YWCC MS degree program in cybersecurity. He is developing in-toto, a system that promises to safeguard software for developers and end users. By raising the bar for attackers, in-toto will provide organizations with insight into the software development and distribution chain, and determine if proper software development practices have been followed.
2. DEVISING APPLIED SOFTWARE SECURITY TECHNIQUES
As director of the NJIT Cybersecurity Research Center, Associate Professor Kurt Rohloff leads a team of experts developing encrypted computing technologies to address our current inability to protect software from being reverse engineered and re-used without permission.
Bridging the gap between theory and practice, the PALISADE and OPERA projects are part of a Defense Advanced Research Projects Agency-funded R&D effort to produce effective program obfuscation techniques that will better protect our nation’s investments in innovative software.
3. SAFEGUARDING CLASSIFIED INFORMATION
The leaking of classified information by Edward Snowden revealed the existence of previously unknown large-scale surveillance. Assistant Professor Qiang Tang is designing new cryptographic techniques that will protect classified communication and information in the presence of malicious software and hardware.
4. DEBUGGING COMPUTER PROGRAMS
Professor Ali Mili explores the concept of relative correctness, using a static analysis approach to test and debug computer programs. His work also investigates the introduction and analysis of similar properties for cybersecurity practices.
5. COMBATING DATA LEAKS
RAMPARTS, PARAPET and REVET are a trio of projects led by Rohloff that develop and apply software engineering tools for a new family of encryption technologies. These projects will result in a general open-source software library allowing organizations to outsource computation to cloud computing environments, without risking privacy and leaking sensitive information to potential adversaries.
6. BOLSTERING THE INTEGRITY OF REMOTELY-STORED DATA
Funded by a National Science Foundation CAREER grant, Curtmola is establishing a practical remote data checking (RDC) framework to provide long-term integrity and reliability for remotely stored data.
Additionally, the project seeks to develop new functionality for RDC that overcomes limitations of early protocols and improves the usability and deployment of RDC on existing cloud storage infrastructures. If successful, the mechanism will minimize the combined security costs of all data management phases, increase the transparency of cloud storage platforms and improve the security dimension of storage outsourcing, enabling wider adoption of cloud storage technologies and giving owners better control over their data.
7. PROTECTING ARMY NETWORKS AND SECURING SMARTPHONES
Associate Professor Iulian Neamtiu is part of the 10-year Cybersecurity Collaborative Research Alliance, a joint effort between the Army Research Laboratory, Applied Communication Services and six universities. With a focus on Moving Target Defense, deception, and assessing user and software risk, Neamtiu aims to advance the foundations of cybersecurity in the context of military networks. Neamtiu's group has also developed a variety of techniques for improving Android's reliability and security.
Released as open-source tools, his innovative approach to static and dynamic analyses helps users, developers and researchers reproduce and debug executions, find lost data and assess app risk.