buttonTrust
 
 

Team for Research in Ubiquitous Secure Technology (TRUST)

Principal Investigator and Center Director: Shankar Sastry

Lead Institution: University of California, Berkeley

Center Overview

The Team for Research in Ubiquitous Secure Technology (TRUST) is focused on the development of cyber security science and technology that will radically transform the ability of organizations to design, build, and operate trustworthy information systems for the nation's critical infrastructure. Established as a National Science Foundation Science and Technology Center (STC), TRUST is addressing technical, operational, legal, policy, and economic issues affecting security, privacy, and data protection as well as the challenges of developing, deploying, and using trustworthy systems.

TRUST activities are advancing a leading-edge research agenda to improve the state-of-the art in cyber security; developing a robust education plan to teach the next generation of computer scientists, engineers, and social scientists; and pursuing knowledge transfer opportunities to transition TRUST results to end users within industry and the government.

Partner Institutions

Carnegie Mellon University, Cornell University, San Jose State University, Stanford University, University of California, Berkeley, and Vanderbilt University

Research

TRUST is addressing technical, operational, privacy, and policy challenges via interdisciplinary projects that combine fundamental science and applied research to deliver breakthrough advances in trustworthy systems in three “grand challenge” areas:

  • Financial Infrastructures. TRUST researchers aim to develop central science and engineering principles to ensure the long-term security, reliability, and ubiquitous usage of the nation’s financial infrastructure. This comprises financial service enterprises, online retail businesses, and customers linked together in a trustworthy environment that supports commercial transactions. TRUST is addressing needs and challenges of a trusted financial infrastructure and its key components:
  • Service Providers. Financial service providers and online retailers interact with customers through e-mail, operate web servers, carry out back-office operations subject to rigorous security and performance requirements, and have complex partnering agreements and rely on their brand image and reputation for competitive advantage.
  • Customers. Individuals interact with financial service providers through e-mail and the web. These individuals are usually not technology experts yet they need to be assured of reliable interaction.
  • Interconnection. Financial infrastructure customers rely on open networking standards, browser architecture, and web application development practices. Providers may also communicate through private networks, leverage federated identity management solutions, and outsource functions to other providers through complex networking practices.
  • Policy. Financial services and online enterprises are subject to complex and overlapping regulations and evolving levels of customer awareness and sensitivities. Both policy and technology are necessary to drive security in an increasingly decentralized environment in which consumers with limited technical expertise and desire to manage security/privacy play a central role.

  • Health Infrastructures. Healthcare has been characterized as a “trillion dollar cottage industry” dependent upon paper records and fragmented, error-prone approaches to service delivery. Recently, however, the healthcare industry is changing, including: the dramatic increase in the amount of information required for making health decisions, the rapidly growing use of Internet worldwide, genome research that opens up opportunity to provide personalized healthcare, and medical errors caused by failures in information management.

    Information technology enables the creation of disruptive technologies that can change health care, for example the transition from paper to digital Personal Health Records (PHRs), the growing deployment and use of real-time medical decision support systems and online patient portals, and the emphasis on robust Health Information Systems (HISs). These technologies offer unique opportunities for both improving the delivery of care in medical facilities and shifting healthcare from traditional clinical settings to patient/home-centered settings. That said, adoption of these new, transformational technologies is predicated on the availability of technical solutions and design methodologies to solve problems such as the implementation of privacy requirements and the guarantee of safe operation of HISs. To address this, TRUST researchers are tackling fundamental issues affecting the design of trusted HISs that are composable from component technologies. A primary concern in HIS design is that privacy and security requirements are frequently expressed in vague, complex and often contradictory laws and regulations. Engineering software systems that are functionally complete, able to adapt to the changing healthcare environment, and can comply with security and privacy laws and regulations is hard, if not impossible, using conventional software and systems design technology. As such, TRUST researchers are using model-based methods to offer a revolutionary way to formally and explicitly integrate privacy and security goals into HIS architectures. While this had led to progress in problem understanding and developing new foundations, TRUST researchers also place strong emphasis on experimental work. Taking advantage of the Center’s partnership with the Vanderbilt University Medical Center, researchers have developed a testbed for Model Integrated Clinical Information Systems (MICIS) and home-based health monitoring that integrates TRUST research results in a platform used by the medical community for testing and validation.

  • Physical Infrastructures. This area addresses next generation Supervisory Control and Data Acquisition (SCADA) and other networked embedded systems that control critical physical infrastructures (e.g., power grid, natural gas distribution, automated railroad control, water, transportation) and futuristic infrastructures such as "smart” buildings and structures" (e.g., active-bridges whose structural integrity depends on dynamic control or actuators).

    In physical infrastructures using new secure SCADA systems and built on top of the emerging new technology of wireless networked embedded systems, substantive issues of ownership and control of the physical infrastructure (whether it is individuals inside their homes or the grid utility provider). Security requirements are traditionally enumerated in terms of confidentiality, availability, and integrity. In this area, confidentiality is not a primary drive. Moreover, availability is often too weak—real-time constraints must be satisfied which changes the approach for defending against denial of service attacks. Ensuring integrity, however, is important as reliable operation of critical infrastructures needs to be ensured even in cases where an adversary controls a subset of the devices (which requires addressing threats such as the physical compromise of unattended nodes deployed in the field). Additionally, privacy issues arise in this area, such as understanding what can be inferred from the use and analysis of infrastructure information (e.g., increased power draw implies somebody is at home). Moreover, when distributed networks of sensors are widely deployed, opportunities for privacy abuse arise through abuse of information that is being collected for other reasons. Future infrastructures such as smart buildings and structures portend immense data collection in places routinely occupied by individuals. TRUST researchers are addressing such privacy concerns by considering them early on in the design and development of technical solutions and in advancing policy and consumer protection awareness and understanding that will support this future.

    • Education

    The TRUST education mission is to educate the next generation of computer scientists, engineers, lawyers, policy makers, and social scientists in the field of cyber security and trustworthy systems. In education, TRUST is generating learning materials, providing effective dissemination structures, and establishing broad educator communities. TRUST education activities target undergraduate and graduate students, postdoctoral scholars and junior faculty, and industry professionals to address the technical, policy, and economic issues essential to improving cyber security and trustworthy systems.

    Affiliated with TRUST is a multi-disciplinary team of students, post doctoral scholars, research scientists, and faculty from a world class research group of universities who provide a unique breadth and depth of research expertise and accomplishment in cyber security and critical infrastructure protection. TRUST researchers partner with faculty and students from Minority Serving Institutions to provide unique opportunities for female and underrepresented students and faculty from those universities to engage in cross-institutional activities. Center activities are focused on the following areas:

  • Graduate and Undergraduate Student Education. TRUST students participate in a variety of collaborative research and professional development activities that will supplement their academic education including: research conferences, the bi-annual all-hands meeting, technical seminars series, workshops, mentorships, and internships.
  • Coursework Development. Activities in this area support the Center’s goals to educate the next generation of computer scientists, engineers, and social scientists working in the field of cyber security and trustworthy systems, with the emphasis on the development of new course offerings at TRUST partner institutions and the implementation of a unique specialization in cyber security and trustworthy systems.
  • Professional Development. TRUST professional development activities are designed for graduate students, post-doctoral scholars, industry researchers, and faculty from various disciplines working and conducting research in cyber security and trustworthy systems. In addition to education and learning opportunities, these programs will support professional growth, especially for female and URM faculty, with the goal of ultimately expanding the number female and URM researchers in cyber security and trustworthy systems.
  • TRUST Academy Online (TAO). The TAO is a web-based portal that provides learning resources to faculty and researchers working in TRUST-related areas. The TAO is also a vehicle for TRUST online community education and outreach by providing educators outside the Center access to learning material developed by Center investigators, institutions, and partners.

    • Diversity

    In addition to using its position of leadership and influence to ensure the security of financial infrastructures, health infrastructures, and physical infrastructures of the nation by training a diverse workforce, TRUST is also working to grow the number of women and underrepresented minorities (URMs) who are actively engaged in the technical, compositional, privacy, economic, and legal aspects of trusted information systems. Without the full participation of a diverse workforce, the economic viability of the nation is threatened, and the creativity to shape future technology is lost. In the information security field, there is a severe shortage of women and underrepresented minorities serving as the scientists and engineers who defend cyberspace, however, too few women and underrepresented minorities are encouraged to pursue graduate education, where they can receive the necessary training to become the next generation of faculty members that inspire and educate even more women and underrepresented minorities. To address this, TRUST is taking a “grass roots” approach to diversity and outreach by building strong research partnerships with faculty and institutions that will help the Center broaden the participation of women and underrepresented minorities in the field of information security. Center activities are focused on the following areas:

  • Recruiting and Retaining a Diverse Workforce. TRUST is partnering with Minority Serving Institutions (MSIs) to provide opportunities to (a) learn about TRUST research thrusts, (b) meet TRUST faculty and graduate students, and (c) discuss the Center’s diversity mission, objectives, and programs. We expect these partnerships to encourage MSI faculty to send their best and brightest students to TRUST partner institutions.
  • Preparing a Diverse Workforce for the Security Field. TRUST activities and programs are aimed at growing and grooming a diverse group of researchers and practitioners. Activities include post-doctoral fellowships for URM researchers, supplemental travel grants for MSI faculty, professional development workshops and seminars, and graduate student internship experiences with TRUST industry partners.
  • Building and Sustaining Strong Research Collaborations with MSIs. TRUST is also working to further develop and grow collaboration with MSI researchers through activities and programs that provide opportunities for joint research and student/faculty professional development. TRUST is also looking at ways to leverage social networking capabilities to facilitate interaction among TRUST researchers and those at partner institutions.

    • Knowledge Transfer

    TRUST is leveraging industrial collaboration and technology transfer programs to focus research on real-world problems, verify science and technology at partner sites to ensure they work in practice, and include partners in every stage of the research, science, and technology development process. TRUST knowledge transfer programs will establish the Center as a true public/private partnership—namely a trusted intermediary between industry, government, and the research community—and provide a means by which research results are transitioned from TRUST faculty and students to society with an emphasis on technology developers, infrastructure stakeholders, decision makers, policy makers, and government agencies. Knowledge transfer activities include:

  • Dissemination of Research and Development Results. The research output of the Center is disseminated in four ways: (1) Publications in the open literature and on the web, (2) Short courses held at major conferences as well as Infrastructure Protection Meetings, (3) Public Lectures and Meetings with the general public concerned about security and privacy issues on the internet and critical infrastructure protection, and (4) Curriculum development and courses taught at the partner institutions as well as the outreach institutions.
  • Economic, Legal, and Social Implications of TRUST Technologies. In research, privacy and policy aspects are built into the Center’s research agenda as privacy, economic drivers, and usability of trusted solutions are key components. TRUST is fortunate to have some of the leading thinkers in policy and legal issues to offer advice on the legal implications and spearhead testimony to Congress and other legislative bodies to establish sound legal and privacy standards for trusted systems.
  • Testbeds. Testbeds are used extensively by TRUST researchers to demonstrate the robustness and scalability of the technology developed at the Center. The testbeds use a combination of technology from our industrial partners with new hardware and software to develop interoperability of the solutions and consider issues of phasing in new technology with legacy solutions.
  • Partner Relationships. To support knowledge transfer, TRUST will strive to manage relationships between different constituencies in particular technology developers, venture capital and industry, critical infrastructure stakeholders, and the government. TRUST will manage the relationships between the constituencies by (1) organizing Focused Workshops that emphasize technology transfer opportunities; (2) facilitating Strategic Investment Sessions between infrastructure stakeholders, industry, and the government; (3) providing Internships for students and faculty in industry and infrastructure sectors; and (4) supporting Entrepreneurship via the placement of TRUST researchers, primarily faculty and post doctoral scholars, as entrepreneur-incubators at venture capital partners.
    • This overview is also available as PDF: TRUST Center Overview PDF

    See also the TRUST 2005-2006 Annual Report PDF , the TRUST 2006-2007 Annual Report PDF , the TRUST 2007-2008 Annual Report PDF , the TRUST 2008-2009 Annual Report PDF , the TRUST 2009-2010 Annual Report PDF , the 1st 5 year Strategic and Implementation Plan PDF , and the 2nd 5 year Strategic and Implementation Plan PDF (available only to TRUST website members)

    See also the TRUST section of "Profiles in Team Science."

    You are not logged in 
    © 2005-2012 Trust