This research area focuses on techniques and technologies for educating developers, administrators, and users of information technology to be aware of security issues and to deal with them appropriately.
Faculty: Charles Frank, James Walden
Integrating Web Application Security into the IT Curriculum
Open source software, like commercial software, varies widely in the number of vulnerabilities present in its code. We develop and study models to predict the presence and number of vulnerabilities of code based on software metrics, such as churn, code size, and cyclomatic complexity. We also study software engineering practices of open source projects that impact security.
People: James Walden, Maureen Doyle, Alina Campan
This research concentrates on studying new methodology for identifying information attacks against database and design algorithms that can effectively alert the system administrators of anomalous activities of insiders or outsiders in order to protect critical data of an organization. Our research also studies new methodology for fast database damage assessment after identification of malicious transactions in a post-information-warfare scenario.
Faculty: Yi Hu, Alina Campan, James Walden
Organizations collect vast amounts of information on individuals, and at the same time they have access to ever-increasing levels of computational power. Although this conjunction of information and power provides great benefits to society, it also threatens individual privacy. Balancing the effectiveness of data mining against the need for true anonymity presents many challenges. It is difficult to estimate the risk of disclosure since it is difficult to guess intruder background knowledge. It is also difficult to assess information loss arising from the de-identification of data, since the loss is strongly dependent on user needs. Data anonymization is often driven by policy, but privacy legislation is often unclear. Finally, different data models require different privacy approaches.
Our research team investigates the privacy protection problem based on a specific data model. The two main research directions of the data privacy group at NKU are: Privacy Models and Algorithms for Microdata and Privacy in Social Networks.
Faculty: Dr. Traian Marius Truta, Dr. Alina Campan
Students: John Miller, Roy Ford, Scot Cunningham, Mike Abrinica, Paul Meyer, Nick Cooper, Justin Shelton
Multivariate public key cryptosystems (MPKC) are one of the possible post-quantum cryptosystems. The others are lattice-based systems (like NTRU), systems based upon hash functions (like Merkle's hash tree signature scheme), and cryptosystems based upon error-correcting codes (like McEliece). All four systems would seem to be able to survive an attack by quantum computing -- unlike RSA, El Gamal, ECC, DSA, and ECDSA.
There does not, however, appear to be a secure MPKC. Constructing a MPKC depends on being able to construct an invertible system of multivariate polynomials that can be masked by other functions. The questions of the existence of such systems is related to the Jacobian Problem.
The Usability and Security of End-User Cryptographic Products Project Members
College of Informatics’ State of IT Survey
Performed by Kevin Gallagher, Associate Professor
The State of IT Security in 2009 study was performed by Kevin Gallagher in the College of Informatics at Northern Kentucky University and prepared with the assistance of Vickie Coleman Gallagher in the Department of Management at NKU. This landmark research surveyed 492 organizations from a national sample of IT organizations, offering a detailed analysis of IT security management, policy and procedure adoption, challenges in implementation of security practices, and the performance of security measures in use. This survey provides valuable information as the CAI and the College of Informatics at Northern Kentucky University creates strategic research and training programs to aid the community in preparedness against security threats. Questions regarding study methodology or similar information should be directed towards Kevin Gallagher, available by email at email@example.com.