CICI: Regional: New England Cybersecurity Operation and Research Center (CORE)

CICI：区域：新英格兰网络安全运营和研究中心（CORE）

• 批准号: 1642124
• 负责人: Xinwen Fu
• 金额: $ 50万
• 依托单位: University of Massachusetts Lowell
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-01-01 至 2019-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1642124&HistoricalAwards=false
• 关键词: CICI; Regional; New; England; Cybersecurity

The New England Cybersecurity Operation and Research Center (CORE) is a collaboration between cybersecurity researchers and networking experts from the University of Massachusetts Lowell, and Information Technology (IT) support personnel and leadership from the Office of the President of University of Massachusetts (UMass), who work together to improve the security of under-resourced institutions in New England and providing a model of a regional approach to cybersecurity. The project leaders have built long term partnerships with local IT and cybersecurity-related organizations and consortia, which enable the project to reach beyond academia and affect the cybersecurity of the general public. Finding qualified cybersecurity personnel is a challenge faced by campuses and businesses across the nation. One major goal of the CORE center is development of the cybersecurity workforce in New England. The project directly addresses this need, providing a template for other regions to follow. The project offers internships, assistantships, and co-ops for students to work in the security operations and research center and obtain hands-on training in cybersecurity operation and research. The researchers incorporate the outcomes of the project into courses on computer and network security and privacy, mobile computing, wireless networks and digital forensics. They have a track record of accepting female and minority students into research groups, and consciously and actively encourage students from traditionally underrepresented groups to join this project.The researchers have established an open cybersecurity program at UMass, which guides customers through a sequence of steps and selects security controls and technologies from both proprietary solutions and free open source solutions, considering the budget of the institution or enterprise that wants to protect their assets. In the UMass cybersecurity program, these assets go through the UMass controls "factory". The input of the factory is unmanaged assets with weak security controls or without any controls. The output is a suite of managed assets with strong security controls, thus ensuring campus environments have robust cybersecurity protection. The researchers have applied the UMass open cybersecurity program to the UMass network and assets, which are monitored 24 hours a day, 7 days a week. This project expands the services including security consulting, security operations and security training/education to other local institutions and companies, and performs research on emerging threats, trends and defense based on the collected data. To sustain the operation, the CORE center provides services at affordable rates.

新英格兰网络安全运营和研究中心(CORE)是马萨诸塞大学洛厄尔分校的网络安全研究人员和网络专家，以及马萨诸塞大学校长办公室的信息技术(IT)支持人员和领导层之间的合作，他们共同努力改善新英格兰资源不足的机构的安全，并提供区域网络安全方法的模型。项目负责人与当地与IT和网络安全相关的组织和财团建立了长期的合作伙伴关系，使该项目的影响范围超出了学术界，并影响到普通公众的网络安全。寻找合格的网络安全人员是全国各地校园和企业面临的挑战。核心中心的一个主要目标是发展新英格兰的网络安全劳动力。该项目直接满足了这一需求，为其他区域提供了一个可供效仿的模板。该项目为学生提供实习、助教和合作机会，让他们在安全运营和研究中心工作，并获得网络安全运营和研究方面的实践培训。研究人员将该项目的成果纳入了关于计算机和网络安全与隐私、移动计算、无线网络和数字取证的课程。他们有接纳女性和少数族裔学生加入研究小组的记录，并有意识地和积极地鼓励来自传统上代表性不足的群体的学生加入这个项目。研究人员在马萨诸塞州大学建立了一个开放的网络安全计划，该计划引导客户通过一系列步骤，并从专有解决方案和免费开源解决方案中选择安全控制和技术，考虑到希望保护他们资产的机构或企业的预算。在UMASS网络安全计划中，这些资产要经过UMASS Controls“工厂”。工厂的投入是安全控制薄弱或没有任何控制的非托管资产。其输出是一套具有强大安全控制的托管资产，从而确保园区环境拥有强大的网络安全保护。研究人员将马萨诸塞州大学的开放式网络安全计划应用到了马萨诸塞州大学的网络和资产中，这些网络和资产受到一周7天、每天24小时的监控。该项目将安全咨询、安全运营和安全培训/教育等服务扩展到其他当地机构和公司，并根据收集的数据对新出现的威胁、趋势和防御进行研究。为了维持运营，核心中心以负担得起的价格提供服务。

项目成果

Microcontroller Based IoT System Firmware Security: Case Studies

• DOI: 10.1109/icii.2019.00045
• 发表时间: 2019-11
• 期刊: 2019 IEEE International Conference on Industrial Internet (ICII)
• 作者: Chao Gao;Lan Luo;Yue Zhang;Bryan Pearson;Xinwen Fu

The Peeping Eye in the Sky

• DOI: 10.1109/glocom.2018.8647787
• 发表时间: 2018-12
• 期刊: 2018 IEEE Global Communications Conference (GLOBECOM)
• 作者: Qinggang Yue;Zupei Li;Chao Gao;Wei Yu;Xinwen Fu;Wei Zhao

SecT: A Lightweight Secure Thing-Centered IoT Communication System

• DOI: 10.1109/mass.2018.00018
• 发表时间: 2018-10
• 期刊: 2018 IEEE 15th International Conference on Mobile Ad Hoc and Sensor Systems (MASS)
• 作者: Chao Gao;Zhen Ling;Biao Chen;Xinwen Fu;Wei Zhao

A Case Study of Usable Security: Usability Testing of Android Privacy Enhancing Keyboard

• DOI: 10.1007/978-3-319-60033-8_61
• 发表时间: 2017-06
• 作者: Zhen Ling;Melanie Borgeest;Chuta Sano;Sirong Lin;Mogahid Fadl;Wei Yu;Xinwen Fu;Wei Zhao

ABC: Enabling Smartphone Authentication with Built-in Camera

ABC：使用内置摄像头启用智能手机身份验证

• DOI: 10.14722/ndss.2018.23099
• 发表时间: 2018
• 期刊: Network and Distributed Systems Security (NDSS
• 作者: Ba, Zhongjie;Piao, Sixu;Fu, Xinwen;Koutsonikolas, Dimitrios;Mohaisen, Aziz;Ren, Kui
• 通讯作者: Ren, Kui