The mission of the Darwin Deason Institute for Cyber Security at SMU is to advance the science, policy, application and education of cybersecurity through basic and problem-driven, interdisciplinary research. The Institute is committed to the goal of emerging as a world-class cybersecurity research center that innovates, develops and delivers solutions to the nation’s most challenging cybersecurity problems. The underlying philosophy guiding Institute activities is based on establishing a foundational science of cybersecurity through adoption of a broad, interdisciplinary approach for solving cybersecurity problems. In support of the Institute mission, an emphasis is placed upon closing the “skills gap” that exists today – there are simply not enough trained professionals in the field.
One of the primary reasons the cybersecurity problem is so difficult to solve is that it is inherently interdisciplinary in nature, with technical, social, legal, economic, and policy factors at work. The Institute incorporates a broad, interdisciplinary solution approach and includes faculty, researchers and students from many disciplines within the University, including:
The Institute is comprised of four substantive programs which are briefly described below:
This program focuses on hardware and networking security research projects. Both conventional and emerging technology research endeavors fall within the mission of this program. With respect to hardware security research, there are two principal categories of security threats; intentional and non-intentional. Intentional threats occur due to purposely introduced circuit functionality, or hardware malware, that allow exploitation to occur. Non-intentional threats exploit design flaws or unspecified behavior. Network security engineering largely overlaps hardware security engineering at the lower physical and data link layers and both hardware and networking systems heavily leverage similar operational models. Network security projects at the higher layers are also within the domain of this program. Finally, this program also engages in research involving emerging technologies that have direct impact with respect to cybersecurity such as quantum information processing and reversible computing.
This broadly scoped program tackles a host of challenges related to software and systems security, including software assurance, trustworthy systems, privacy-preserving technologies, and cybersecurity analytics. Modern software systems are exceedingly complex and must work correctly in the face of error, mischance, or malicious corruption. The scope of this program encompasses software and systems issues ranging from those found within large data centers and high performance computing installations to small embedded systems.
Cybersecurity is increasingly valued by society as our dependence on information technology continues to grow. Despite a strong desire for greater protection, the reality is that we are less secure today than ever before. Technological advances are needed to improve security, but technology alone cannot tackle the challenges posed by insecurity. Cybersecurity is fundamentally a human challenge, where decisions about how to allocate limited resources and balance trade-offs are crucial. Consequently, contributions from economics and other social sciences are needed to truly make a difference in improving cybersecurity in society.
The Policy and Law program focuses on how to merge technical complexity with policy reality. Just as policymakers need to learn the technical fundamentals of cybersecurity, technical specialists must consider the policy implications of their work. Technological breakthroughs may sit idle if both sides are not able to communicate. Along with supporting research in strategy and policy in the cyber domain, the program also includes journalists who are responsible for interpreting these issues for the public. Finally, the Policy and Law program also supports legal scholars who examine the problem of jurisprudence in cyberspace.
The Institute is actively engaged with both the private and public sectors in a variety of basic research and problem-driven research activities in the Program areas listed above. The goal of basic research is to achieve fundamental breakthroughs in the science of cybersecurity. The Institute takes a longer-term view with the objective of making key advances in the creation of a national-scale hacker-resistant information infrastructure whereas problem-driven research projects seek solutions to hard problems of a near-term nature.
The Institute is engaged with many corporations seeking research solutions to exceedingly difficult and complex cybersecurity problems. This class of research represents a win-win, such that the corporations receive solutions to problems that make a difference to their operations, while Institute researchers (faculty, post-doctoral and student) receive satisfaction that their solutions are making a difference in today’s information-centric environment.