DARPA Awards Computer Scientists $2.1 Million To Integrate Security Features
Into Mainstream Computers
September 27, 2001
PHILADELPHIA Computer scientists at the University of Pennsylvania have received
a two-year, $2,125,000 grant to introduce advanced security features used in special-purpose
government computers into standard office PCs.
The funding, from the Defense Advanced Research Projects Agency, represents a change
in the federal government approach to procuring highly secure computers, said principal
investigator Jonathan M. Smith. Endlessly besieged by individuals seeking to break
into federal web sites and classified files, government computers require security
mechanisms and assurances far more stringent than those ordinarily engineered into
the computers available to the general public.
"During the last few decades, the government approach has been to contract researchers
to develop high-security workstations specifically for its own uses, outside of
the mainstream computer industry," said Smith, professor of computer and information
science at Penn. "The problem is that development of these special-purpose computers
has generally progressed so slowly that the machines, while indeed secure, are technically
obsolete by the time they are put into service."
Smith and colleagues at Penn, the software development consortium OpenBSD, and the
Apache Software Foundation and OpenSSL Group propose to use the open-source movement
where programmers openly share incremental advances to try to engineer better security
features into mainstream computers, not only those developed just for the military
and other high-security organizations. The government then benefits by purchasing
more affordable, standardized computers with security features.
"Computers developed for consumer use have focused on user-friendliness, not security
concerns," Smith said. "Users generally only care about security when theye had
a failure."
Working through OpenBSD, the computing world most secure forum for the development
of open-source software, the team hopes to integrate stronger security features
into mainstream software as it progresses through development. Individuals worldwide
who are interested in software can download and examine open-source code and suggest
revisions. This collaborative approach leads to more robust software more quickly,
Smith said.
By auditing the security weaknesses of conventional software as it developed, Smith
team will try to foster the development of mainstream systems secure enough to meet
the government needs. The team will share its security advances with the open-source
software community via OpenBSD, whose machines have proven impervious to break-ins
for many years. The team will work on an audit of OpenSSL, the widely used software
for e-commerce security found in the Apache web server. Apache software is widely
used in web applications.
"We expect our work will represent a serious contribution to all computer manufacturers,
not just the government," Smith said. "The source code we develop will be freely
available to everyone, and no manufacturers want to deliver an insecure system when
they know how to do better."
Smith colleagues on the DARPA-funded work include Theo de Raadt, project founder
and leader of OpenBSD; Michael B. Greenwald, assistant professor of computer and
information science at Penn; Ben Laurie, a former mathematician at Cambridge University
who is now technical director of A.L. Digital Ltd., a director of the Apache Software
Foundation and core team member of the Open SSL Group; and Angelos Keromytis, an
assistant professor of computer science at Columbia University.