Researchers from Indiana University's Pervasive Technology Institute will serve as collaborating partners on a major grant from the U.S. Department of Homeland Security to address vulnerabilities arising during the process of software development.
The Department of Homeland Security awarded a $23.6 million grant to the Morgridge Institute for Research at the University of Wisconsin-Madison to create the Software Assurance Marketplace, which, over the next five years, will work closely with developers of new software analysis technology and the open source community to advance the security of software.
As part of the grant, IU's Center for Applied Cybersecurity Research, Grid Operation Center and Global Research Network Operations Center will receive $1.9 million to provide operational monitoring, cybersecurity analysis and user support to the marketplace over the next five years.
"This project demonstrates IU's unique abilities to leverage institutional strengths in cybersecurity, monitoring and operational support," said Center for Applied Cybersecurity Research Deputy Director Von Welch, who serves as the lead for Indiana University's participation in the project. "As a first-of-its-kind system, the Software Assurance Marketplace will introduce new challenges in cybersecurity and operational monitoring, making it a perfect application of the Pervasive Technology Institute's applied research."
IU will also perform annual risk analysis; lead cybersecurity technical design and operations; develop and maintain policies and procedures for incident detection and response; and lead the handling of cybersecurity-related incidents in the marketplace. IU personnel will also handle the establishment of a 24/7 call center and trouble ticket system, and will also provide first-tier user support.
Barton Miller, a UW-Madison computer sciences professor who will serve as chief scientist of the Software Assurance Marketplace, said Center for Applied Cybersecurity Research staff and IU expertise will enhance the project's ability to establish and operate a unique software assurance facility.
"We envision a marketplace that will bring together practitioners in software assurance techniques with those developing open-source software to address the information technology challenges in fields ranging from national security and physics to health care," Miller said. "We're excited about the potential of this project to reinforce our nation's cybersecurity."
Initial operating capabilities for the Software Assurance Marketplace will include the ability to continuously test up to 100 open-source software packages against five software assurance tools on eight platforms, including Macintosh, Linux and Windows. The secure research facility will be able to analyze more than 275 million lines of code per day and also will introduce new tools to reduce the "false positive" readings that now limit the effectiveness of software assurance testing methods.
About the Center for Applied Cybersecurity Research
The Center for Applied Cybersecurity Research is affiliated with IU's Pervasive Technology Institute and works closely with its partner organizations at the university: CLEAR Health Information, the Maurer School of Law, the Kelley School of Business, the School of Informatics and Computing, REN-ISAC, the University Information Policy Office and the University Information Security Office. The Center for Applied Cybersecurity Research has been designated by the National Security Agency as a National Center for Academic Excellence in both Information Assurance Education and Research.
About the Grid Operation Center
The Grid Operation Center based at Indiana University is tasked with supporting the operational needs of the users, resource providers, and collaborators of the Open Science Grid and other distributed projects. The Grid Operation Center consists of human and computer services provided to maximize operational functionality of the distributed computing projects. The center provides real-time operational monitoring and problem tracking; provides support to users, developers and systems administrators; maintains grid services; provides security incident response; and maintains information, topology and software repositories.
About the Global Research Network Operations Center
GlobalNOC, the Global Research Network Operations Center at Indiana University, is a premier provider of highly responsive network coordination, engineering and installation services that support the advancement of research and education networking. Supporting more than 18 state, regional, national and international networks, the IU GlobalNOC is a provider of 24/7/365 expert support for the most advanced research networks.