Carnegie Mellon University
College of Engineering  ›  Information Networking Institute  ›  News  ›  2019  ›  Celebrating 15 Years of CyLab

cylab poster presenters

November 11, 2019

Celebrating 15 Years of CyLab

By Deana Lorenzo

Jessica Shirley
  • Director of Strategic Communications

The Information Networking Institute (INI) recently joined the campus community to celebrate the 15th anniversity of CyLab, Carnegie Mellon University’s (CMU) security and privacy research institute. The occasion was marked by the 2019 CyLab Partners Conference from September 24-26, 2019.

The conference brought together faculty, students, and industry professionals for panels and presentations on the latest research in security and privacy. INI director Dr. Dena Haritos Tsamitis joined CyLab director Dr. Lorrie Cranor and Professor Anthony Rowe for a panel featuring milestones in CyLab's 15-year history, including a few INI highlights: 

About CyLab

Founded in 2003, CyLab is Carnegie Mellon University's security and privacy research institute. Housed in the 25,000+ sq. ft. Collaborative Innovation Center, CyLab brings together experts from all schools across the University, encompassing the fields of engineering, computer science, public policy, information systems, business, humanities, and social sciences. 

Since its founding, CyLab has shared a close partnership with the Information Networking Institute (INI). INI director Dr. Dena Haritos Tsamitis is CyLab’s founding director in education, training and outreach.

Fast Facts 

  • Over 100 faculty and over 30 graduate students, who are from 15 departments across Carnegie Mellon University
  • Over 20 corporate partnerships
  • Over 50 courses in security and privacy
  • 5-time “World Series of Hacking” champions
  • Trained over 75,000 people in security and privacy

Check out the CyLab Year-in-Review to see research highlights and other security and privacy-related activities from the past year.  

2003: CyLab is founded; INI launches one of the first security degrees in the nation

cylabhomepage-600x300.jpg

CyLab was founded with a $6.1 million grant from the Army Research Office, and was one of the largest security and privacy research and education institutions of its time. 

Dena Haritos Tsamitis, then associate director of the INI, was CyLab's founding director of education, training and outreach. Its leadership included CyLab founding director Pradeep Khosla, then also head of the Electrical and Computer Engineering Department and director of the INI; co-director Rich Pethia, the director of the CERT coordination center; and founding technical director Mike Reiter.

In Pittsburgh, INI creates the Master of Science in Information Security - Technology and Management program, which continues today as the Master of Science in Information Security. 

2005: INI and CyLab launch MySecureCyberspace

dhtmysecure-600x300.jpg

With funding from the National Science Foundation (NSF), the INI and CyLab launch the MySecureCyberspace initiative to educate the public about computer security and internet safety. The goal was to provide “a free educational resource created by Carnegie Mellon University to empower you to secure your part of Cyberspace.”

The site allowed you to "troubleshoot your problems, read about threats, and learn how to protect yourself at home, at work, or anywhere.” The initiative also included the Carnegie Cyber Academy, which was the Internet home of the Carnegie Cadets: The MySecureCyberspace Game. On the site, children and teens could play mini-games, read stories and visit the blogs of members of the Carnegie Cadets and cadets-in-training, such as Anti-Phishing Phil, CISCO Peter Packet and ID The Creep.

The initiative reached over 1 million people in 167 countries, including 48,000 users in 30 countries. It was also a finalist for the 2009 Japan Prize. Dena and her INI students also participated in local outreach, presenting MySecureCyberspace to kids and adults here in Pittsburgh.

2013: CyLab launches middle & high school cybersecurity competition, picoCTF

picoctf-600x300.jpg

In 2013, a team led by CyLab's David Brumley launched picoCTF, a free, online cybersecurity competition targeting middle and high school students. The competition is held over a 2-week period each year, and prizes are awarded to the top 10 teams. Since its initial launch, over 100,000 students have participated, many of whom later said that the competition inspired them to study cybersecurity in college. 

This year, Hanan Hibshi, INI research and teaching scientist served as a faculty advisor for picoCTF and 12 INI students developed problems for the competition. Read their story 

"The more technology evolves, the more important cybersecurity becomes. I didn't start learning about computer security until late as an undergraduate in computer science, so I think it is incredibly cool that CTFs like picoCTF are exposing beginners as young as middle schoolers to computer security concepts in fun and exciting ways," said Victoria Zheng, INI MSIS student and picoCTF problem developer.

Research Presentations 

cylab_poster1.jpg

Over 35 faculty and students presented their work, including three INI students:  Alex Bainbridge (M.S. in Information Security), Marjan Salamati-Pour (MSIS) and Kuixi Song (M.S. in Information Technology-Mobility). They presented a poster on privacy and information leakage between apps. Through their research, they discovered a security risk in the App Group feature of iOS devices that might allow personal data to be shared among apps without the user’s knowledge.

“I think our research was very interesting, because [this issue] is unknowingly impacting the privacy of all iPhone users—and it is not a sophisticated attack,” explained Salamati-Pour, who is completing her second year at the INI. “The design allows any developer to profile a user's behavior on their company's apps by gathering the data from all the apps in their app groups, and the user is unaware and powerless to prevent this sharing.”

INI students participate in this type of research to gain hands-on experience addressing some of the most pressing security issues facing our world today.

“This work allows INI students to get involved hands-on in real-world problems,” said faculty advisor Hanan Hibshi, a research scientist and professor at the INI. “They practice important research skills such as critical thinking, learning independently, problem-solving, and team collaboration. Our students show high work ethic, are highly motivated and at the same time enjoy working on such projects where they get to lead and be creative.”

Related News

Wednesday, October 24, 2018

Advancing women in cyber through INI and EWF partnership

If there is one unnerving statistic that jumps out this National Cybersecurity Awareness Month, it’s that women make up only 24 percent of the cybersecurity workforce. But at Carnegie Mellon University (CMU), the Information Networking Institute (INI) is closing that gender gap, one student at a time.
Thursday, March 28, 2019

Celebrating women in cybersecurity

Supporting the community of women in cybersecurity and highlighting the work of accomplished women from across academia and industry are Carnegie Mellon University's goals as the host of this week’s Women in Cybersecurity (WiCyS) conference in Pittsburgh from March 28-30.
Wednesday, February 27, 2019

Four INI students will represent CMU at RSA Conference 2019

Thousands of cybersecurity professionals are headed to San Francisco for RSA® Conference (RSAC), including four INI students selected as RSA® Conference Security Scholars: Nicholas Amon, Ankit Jena, Jamie Thorpe and Era Vuksani.