Security Awareness and Education

This research area focuses on techniques and technologies for educating developers, administrators, and users of information technology to be aware of security issues and to deal with them appropriately.

Faculty: Charles Frank, James Walden

Recent Publications:

Integrating Web Application Security into the IT Curriculum

Open Source Security Metrics

Open source software, like commercial software, varies widely in the number of vulnerabilities present in its code. We develop and study models to predict the presence and number of vulnerabilities of code based on software metrics, such as churn, code size, and cyclomatic complexity. We also study software engineering practices of open source projects that impact security.

People: James Walden, Maureen Doyle, Alina Campan

Recent Publications:

Security of Open Source Web Applications, Metricon 3.5, April 20, 2009

Database Security

This research concentrates on studying new methodology for identifying information attacks against database and design algorithms that can effectively alert the system administrators of anomalous activities of insiders or outsiders in order to protect critical data of an organization. Our research also studies new methodology for fast database damage assessment after identification of malicious transactions in a post-information-warfare scenario.

Faculty: Yi Hu, Alina Campan, James Walden

Recent Publications:

Analysis of Data Dependency Based Intrusion Detection System, DBSEC 09, July 2009

Data Privacy

Organizations collect vast amounts of information on individuals, and at the same time they have access to ever-increasing levels of computational power. Although this conjunction of information and power provides great benefits to society, it also threatens individual privacy. Balancing the effectiveness of data mining against the need for true anonymity presents many challenges. It is difficult to estimate the risk of disclosure since it is difficult to guess intruder background knowledge. It is also difficult to assess information loss arising from the de-identification of data, since the loss is strongly dependent on user needs. Data anonymization is often driven by policy, but privacy legislation is often unclear. Finally, different data models require different privacy approaches.

Our research team investigates the privacy protection problem based on a specific data model. The two main research directions of the data privacy group at NKU are: Privacy Models and Algorithms for Microdata and Privacy in Social Networks.

Faculty: Dr. Traian Marius Truta, Dr. Alina Campan

Students: John Miller, Roy Ford, Scot Cunningham, Mike Abrinica, Paul Meyer, Nick Cooper, Justin Shelton

Website: /content/www/~trutat1/research.html

Cryptography

Multivariate public key cryptosystems (MPKC) are one of the possible post-quantum cryptosystems. The others are lattice-based systems (like NTRU), systems based upon hash functions (like Merkle's hash tree signature scheme), and cryptosystems based upon error-correcting codes (like McEliece). All four systems would seem to be able to survive an attack by quantum computing -- unlike RSA, El Gamal, ECC, DSA, and ECDSA.

There does not, however, appear to be a secure MPKC. Constructing a MPKC depends on being able to construct an invertible system of multivariate polynomials that can be masked by other functions. The questions of the existence of such systems is related to the Jacobian Problem.

The Usability and Security of End-User Cryptographic Products Project Members

  • Prof. Charles Frank, Department of Computer Science
  • Prof. Chris Christensen, Department of Mathematics
  • Prof. Yi Hu, Department of Computer Science
  • Gary Watson, Graduate Student, Computer Science
  • Michael Sweikata, Senior, Computer Information Technology

State of IT Survey

College of Informatics’ State of IT Survey
Performed by Kevin Gallagher, Associate Professor

Quick Facts

Study Facts:

  • Number of Organizations Surveyed: 492
  • Organization Sizes: small, medium, large, & fortune
  • Organization Geography (20-30% of each US region): Northeast, Midwest, South, & West
  • Industry Sectors: financial services, manufacturing, education, professional services, government, healthcare, IT products and services, retail and real estate, and non-profits.

Key Findings:

  • Organizations are more effective in safeguarding privacy and security related breaches and most ineffective at guarding against social engineering.
  • Approximately 50% of organizations have a disaster recovery or business continuance plan.
  • Senior management supports security activities with a belief it is important to the company image, operations, and customer relations.

Summary

The State of IT Security in 2009 study was performed by Kevin Gallagher in the College of Informatics at Northern Kentucky University and prepared with the assistance of Vickie Coleman Gallagher in the Department of Management at NKU. This landmark research surveyed 492 organizations from a national sample of IT organizations, offering a detailed analysis of IT security management, policy and procedure adoption, challenges in implementation of security practices, and the performance of security measures in use. This survey provides valuable information as the CAI and the College of Informatics at Northern Kentucky University creates strategic research and training programs to aid the community in preparedness against security threats. Questions regarding study methodology or similar information should be directed towards Kevin Gallagher, available by email at gallagherk2@nku.edu.