News
TU program protects against cyber espionage 04/11/2009
Grant helps TU tackle malware 03/11/2009
iSec seeks opportunities in private sector 01/19/2009
TU uses federal funds to expand its security research 10/28/2008
Art towers due for I-44 at river 10/15/2008
TU receives $2.5 million for security research 10/02/2008
BA Reserve Center In funding 9/28/02/2008
TU leader in shielding computer infrastructure 9/12/2008
OCAST Radio Network Interview 09/07/2008
Bogus OU Article Could Lead To Felony Charges 7/11/2008
Reserve Centers Possible for Area 05/02/2008
iSec Receives 2008 Innovator of the Year Award 04/03/2008
People Spotlight: David Greer 11/04/2007
Tech Sector Bounces Back 10/20/2007
An Executive Director for TU's iSec 10/10/2007
TU Launches Security Institute 09/03/2007
TU Delves into Data Research 08/28/2007
TU Launches New Institute 08/27/2007
TU Among Best in Info Security 08/26/2007



Grant helps TU tackle malware

Robert Evatt
Tulsa World
Section: E1
03/11/2009

Viruses, trojans and other malware aren’t just for computers anymore.

They’re now infecting music players, cell phones, digital picture frames — anything that interacts with a computer, said John Hale, associate professor of computer science and director of the Institute for Information Security, or iSec, at the University of Tulsa.

"There are a lot more attack vectors, and one of the more interesting ones are through intelligent gadgets," he said.

Hale and iSec hope to fight back against malicious merchandise with the help of a $2.5 million federal grant. The money will pay for the creation of an information system security engineering and testing complex at TU.

Starting this summer, as many as five faculty and up to a dozen students will work on developing methods and hardware to secure devices from attacks and provide them to manufacturers within three years.

The insertion of malware into commercial devices occurs at some point between the manufacturing process and arrival on store shelves, Hale said.

Usually the attacks involve software loaded into the device, but there has been at least one case where a piece of hardware was installed into credit card processing machines.

Though attacks are uncommon, they’re growing in number thanks to the increasing sophistication of both devices and hackers.

"It’s now quite a bit easier to do, and you can have smaller organized-crime units doing this," Hale said.

To combat this, Hale hopes to create tools to quickly verify the state of the machine. This will likely include complex mathematical models to reflect the behavior of a healthy machine, then to detect differences in the behavior of infected machines.

The new complex will also help teach. Hale feels it’s time for hardware and software makers to make security a bigger priority. "We have to change the way computer scientists are trained," he said. "They have to think about security in the design process."

The three-year goal sounds high tech — Hale says it is — but due to the constant improvement of cyber vandals, he wants the new center to endure long past the goal.

"Security is a cat-andmouse kind of game," he said. "The tools we develop now will still have utility, but the bad guys will come up with new tricks."

Read More
Featured Personnel

   Ask an expert.
  Dr. John Hale, director of iSec.
Dr. John Hale
  Bio
  ..............
  E-mail
  ..............
 
Security Links
National Institute of Standards and Technology
.........................................................
International Information Systems Security Certification Consortium
.........................................................
Information Systems Security Association
.........................................................
Computing Technology Industry Association
.........................................................