Information Security Research at NTNU
by Stig F. Mjølsnes and Ingvild Ytrehus
NTNU, the Norvegian University of Science and Technlolgy has established an interfaculty Information Security Research Program, organised under the university's strategic focus area of Information and Communication Technologies.
This graduate education and research cooperation initiative is currently run by the five departments of Telematics, Computer and Information Science, Mathematical Sciences, Physical Electronics, and Industrial Economics and Technology Management. The overall aim is to address problems of ICT vulnerability at the strategic level by supervising and carrying out research with PhD students on a wide range of topics essential to information security technology. In this way we will train experts with the ability to perform effective information security analyses and provide solutions to ICT vulnerabilities, wherever they occur.
Information security is vital for the acceptance and common use of information systems in most sectors of activity in our information-intensive society, including health, finance, trade, public and private administration, media and entertainment, communication and transport, and within the ICT industry itself. Open networked systems are particularly challenging in this regard. Clearly, Internet services and mobile networks already suffer from this kind of problem, resulting in a great demand for comprehensive research and the training of experts within information security technology.
Currently, technology and methods for information security involve:
- hardware-based mechanisms (tamper-resistance, OS kernel support, and signal processing)
- cryptology (mathematical primitives, protocols and models)
- software engineering (language/mechanisms/tools)
- software systems (operating systems, database systems, middleware platforms)
- networked systems (communication protocols, naming, routing, adaptivity)
- methodology (formal logic, evaluation criteria, threat and vulnerability analyses, audits, best operation practice and policies).
The difficulty of analysis and construction in information security technology grows rapidly with increasing scalability, functionality, resource distribution and partitioning of security policy. Information security requirements place conditions on the design of system structure, user interfaces, data storage, processing locality, communication, and management. On the other hand, solutions must meet user expectations and be acceptable within cost restrictions.
Norwegian Research Program
In the financial allocation letter of 2003, the Norwegian Ministry of Trade and Industry requested that the Norwegian Research Council (NFR) initiate a strategic research program within the field of 'ICT Security and Vulnerability' (IKT-SoS). A total budget of NOK 59 million was allocated, and it is to be operational from 2003 to 2007 (1 Euro ª 8 NOK). Only NOK 15 million of the total budget were allotted for this first year by the council. Nevertheless, total submissions for research funding amounted to NOK 90 million, indicating a strong interest by Norwegian research groups in working on the varied problems in this field.
The eight-professor committee of the NTNU Information Security Research Program has created and submitted project plans which will contribute directly to the goals set through the National Strategy for ICT Security in general, and by the Norwegian Science Council IKT-SoS. These include the following initiatives, as specified in the call:
- strengthening of national education in information security in both depth and scope
- further strengthening of existing information security research networks in Norway and Europe, and take-up by user organisations
- support for political strategies aimed at reducing ICT vulnerabilities
- pursuit of excellence in information security RTD in Norway.
About fifteen years ago, NTNU started educational activity within this field in the Department of Telematics. Student interest and motivation are now very encouraging. This year (2003), one of the Masters degree information security courses produced 170 examinants, and about 36 Masters theses in information security were completed in the five cooperating NTNU departments. Next year, the number of PhD candidates is expected to be 12-15, within a framework of ongoing research projects, labs, and international university cooperation.
New research projects that have been defined and are underway are presented as four ellipses in the depicted NTNU reference model, ranging from human-organisational issues ('people') to deep mathematical theories ('machines'). Stage 1 funding by NFR enables commencement of a PhD project in role-based access control, a post-doctoral fellowship in secure protocols, and funding for visiting scientists in all areas indicated. Stage 2 next year will enhance this picture. Additionally, several Marie Curie Fellowships are open for visiting PhD students. Communication security research forms a significant part of the activity in the recently established Centre of Excellence, 'Quantifiable Quality of Service in Communication Systems' at NTNU, in which around five PhD positions are allocated to security-related studies as of now. Cooperating with NTNU, industrial research projects related to information security are executed at SINTEF and UNINETT, including the National Centre for Information Security in Trondheim.
Strategic focus area of ICT at NTNU: http://www.ntnu.no/satsingsomraader/ikt/
Stig Frode Mjølsnes, NTNU
Tel: +47 73 55 04 59