Illinois Security Lab

The Illinois Security Lab is a research laboratory at the University of Illinois at Urbana–Champaign established in 2004 to support research and education in computer and network security. The lab is part of the Computer Science Department and Information Trust Institute. Its current research projects concern health information technology and critical infrastructure protection. Past projects addressed messaging, networking, and privacy.

Health Information Technology
The lab is performing work on the Strategic Healthcare IT Advanced Research Projects on Security (SHARPS) project. It is developing security and privacy technologies to help remove key barriers that prevent the use of health information by systems implementing electronic health records, health information exchanges, and telemedicine.

Critical Infrastructure Protection
Networked control systems such as the electric power grid use computers for tasks like protecting substations against overloads (digital protective relays) and metering facilities (advanced meters). The lab developed the attested meter to provide security and privacy for advanced meters, and has worked on security for building automation systems and substation automation.

Assisted Living Security
Advances in networking, distributed computing, and medical devices are combining with changes in the way health care is financed and the growing number of elderly people to produce strong prospects for the widespread use of assisted living, a health care approach which can benefit from transferring medical information collected in homes or dedicated facilities to clinicians over data networks. The lab explored security engineering of such systems through prototypes, field trials, and formal methods based on an architecture that uses a partially trusted Assisted Living Service Provider (ALSP) as a third party intermediary between assisted persons and clinicians.

Adaptive Messaging Policy (AMPol)
Scalable distributed systems demand an ability to express and adapt to diverse policies of numerous distinct administrative domains. The lab introduced technologies for messaging systems with adaptive security policies based on WSEmail, where Internet messaging is implemented as a web service, and Attribute-Based Messaging (ABM), where addressing is based on attributes of recipients.

Contessa Network Security
Although there has been significant progress on the formal analysis of security for integrity and confidentiality, there has been relatively less progress on treating denial-of-service attacks. The lab has explored techniques for doing this based on the shared channel model, which envisions bandwidth as a limiting factor in attacks and focuses on host-based counter-measures such as selective verification, which exploits adversary bandwidth limitations to favor valid parties. It is also developing new formal methods for reasoning about dynamic configuration of VPNs.

Formal Privacy
Many new information technologies have a profound impact on privacy. Threats from these have provoked legislation and calls for deeper regulation. The lab has developed ways to treat privacy rules more formally, including better ways to reason using formal methods about conformance and the implications of regulations, and about how to quantify and classify privacy attitudes to control the risks of new technologies. The lab showed how to formally encode HIPAA consent regulations using privacy APIs so they can be analyzed with model checking.