November 11, 2019
Celebrating 15 Years of CyLab
By Deana LorenzoMedia Inquiries
- Director of Strategic Communications
The Information Networking Institute (INI) recently joined the campus community to celebrate the 15th anniversity of CyLab, Carnegie Mellon University’s (CMU) security and privacy research institute. The occasion was marked by the 2019 CyLab Partners Conference from September 24-26, 2019.
The conference brought together faculty, students, and industry professionals for panels and presentations on the latest research in security and privacy. INI director Dr. Dena Haritos Tsamitis joined CyLab director Dr. Lorrie Cranor and Professor Anthony Rowe for a panel featuring milestones in CyLab's 15-year history, including a few INI highlights:
2003: CyLab is founded; INI launches one of the first security degrees in the nation
CyLab was founded with a $6.1 million grant from the Army Research Office, and was one of the largest security and privacy research and education institutions of its time.
Dena Haritos Tsamitis, then associate director of the INI, was CyLab's founding director of education, training and outreach. Its leadership included CyLab founding director Pradeep Khosla, then also head of the Electrical and Computer Engineering Department and director of the INI; co-director Rich Pethia, the director of the CERT coordination center; and founding technical director Mike Reiter.
In Pittsburgh, INI creates the Master of Science in Information Security - Technology and Management program, which continues today as the Master of Science in Information Security.
2005: INI and CyLab launch MySecureCyberspace
With funding from the National Science Foundation (NSF), the INI and CyLab launch the MySecureCyberspace initiative to educate the public about computer security and internet safety. The goal was to provide “a free educational resource created by Carnegie Mellon University to empower you to secure your part of Cyberspace.”
The site allowed you to "troubleshoot your problems, read about threats, and learn how to protect yourself at home, at work, or anywhere.” The initiative also included the Carnegie Cyber Academy, which was the Internet home of the Carnegie Cadets: The MySecureCyberspace Game. On the site, children and teens could play mini-games, read stories and visit the blogs of members of the Carnegie Cadets and cadets-in-training, such as Anti-Phishing Phil, CISCO Peter Packet and ID The Creep.
The initiative reached over 1 million people in 167 countries, including 48,000 users in 30 countries. It was also a finalist for the 2009 Japan Prize. Dena and her INI students also participated in local outreach, presenting MySecureCyberspace to kids and adults here in Pittsburgh.
2013: CyLab launches middle & high school cybersecurity competition, picoCTF
In 2013, a team led by CyLab's David Brumley launched picoCTF, a free, online cybersecurity competition targeting middle and high school students. The competition is held over a 2-week period each year, and prizes are awarded to the top 10 teams. Since its initial launch, over 100,000 students have participated, many of whom later said that the competition inspired them to study cybersecurity in college.
This year, Hanan Hibshi, INI research and teaching scientist served as a faculty advisor for picoCTF and 12 INI students developed problems for the competition. Read their story
"The more technology evolves, the more important cybersecurity becomes. I didn't start learning about computer security until late as an undergraduate in computer science, so I think it is incredibly cool that CTFs like picoCTF are exposing beginners as young as middle schoolers to computer security concepts in fun and exciting ways," said Victoria Zheng, INI MSIS student and picoCTF problem developer.
Over 35 faculty and students presented their work, including three INI students: Alex Bainbridge (M.S. in Information Security), Marjan Salamati-Pour (MSIS) and Kuixi Song (M.S. in Information Technology-Mobility). They presented a poster on privacy and information leakage between apps. Through their research, they discovered a security risk in the App Group feature of iOS devices that might allow personal data to be shared among apps without the user’s knowledge.
“I think our research was very interesting, because [this issue] is unknowingly impacting the privacy of all iPhone users—and it is not a sophisticated attack,” explained Salamati-Pour, who is completing her second year at the INI. “The design allows any developer to profile a user's behavior on their company's apps by gathering the data from all the apps in their app groups, and the user is unaware and powerless to prevent this sharing.”
INI students participate in this type of research to gain hands-on experience addressing some of the most pressing security issues facing our world today.