News Stay informed about the latest enterprise technology news and product updates.

Finding security's next 'American Idol'

At Georgia Tech, students are strutting their security stuff for a panel of judges who decide whether their projects make security easy enough to earn a $50k "contract."

It's like an "American Idol" for security geeks. Students at the Georgia Institute of Technology prep, sweat and show their stuff while a panel of critics decides their fates.

But unlike the popular "reality" TV show, judges aren't determining who can best carry a tune. Instead they weigh students' ideas for making information security more user-friendly, with $50,000 -- enough cash to fund a project for 12 months -- hanging in the balance.

"People are the weakest link in any security systems," Georgia Tech associate professor Keith Edwards said. "You can have the strongest technology in the world, but individuals will intentionally find a way to work around the security technology to make their lives easier."

So the school's College of Computing, Information Security Center and its Graphics, Visualization and Usability Center created the "Tiger Team" competition to search for security technology that would be simple to use and easy to understand.

This year, the three winning projects include technologies to: help users understand the cyberneighborhoods they browse; configure networks by creating visual links between devices; and troubleshoot through data mining existing Internet-based solutions.

TALC (Threat Awareness, Learning and Control) is a technology that tries to illustrate threats in the virtual world by mimicking danger signs in physical world.

"In the real world, when you are in a bad neighborhood it is very clear," said Mustaque Ahamad, director of Georgia Tech's Information Security Center. "But online, you have no idea whether you or your computer system is in any kind of danger."

Likewise, a homeowner may find a broken window when his house is burglarized, but a computer user will have no visual clues that his machine was compromised. Similarly, there is no neighborhood watch program to warn others of areas they might avoid.

But with TALC, according to Ahamad, folks browsing the Internet will be provided with a visual safety score (between one and 10) that rates Web sites they browse based on other users' experiences. The ratings system will be modeled after feedback systems used to gauge things like trustworthiness of eBay traders.

Another winner was a "Click and Drag" technology that makes security applications as easy to manage as other desktop applications. Rather than asking people to configure DNS entries and type in TCP/IP addresses, they are simply asked to build a graphical view of the network by dragging and dropping links between computers, printers and other peripherals. The software then automatically ensures that the configuration is carried out securely.

The third software project, called "Bonfire," is designed to help troubleshoot problems with Georgia Tech technology. It will present users with a dialog box saying: "In the past other users have solved this problem by …." Bonfire will use a combination of social networking technology and data mining software to produce answers based on what millions of other Internet users have done in the past.

Typically, academics and security professionals design systems for themselves, and then companies take the plans and create products for the masses, according to Edwards. In this competition, potential for mass appeal -- not just academic merit -- is a major deciding factor.

"Winning the competition has provided us with a full year of funding for our project but it will also give the team time to develop software that will make security technology easier to use," said Jennifer Stoll, a MA student at Georgia and co-developer of Project Sesame – a software that provides graphics visualization and real world information to the end user.

Stoll drew on her experience, working for a law firm IT department, to help shape the project which will translate configuration information, such as what IP address is trying to connect to a computer, into an information alert such as "A computer in Nigeria or Estonia is trying to connect to your machine."

"Working in the real world gave me insight into the type of information that users can or cannot understand," said Stoll.

All three winning teams included both masters and PhD students, according Edwards. "The master's students have many unique advantages because a lot have industry experience."

Normally, research projects are initiated by a professor who would come up with an idea and then pick PhD students to develop projects, according to Edwards. "Opening the funding to competition gave us access to more grass roots kind of ideas. Ultimately we got better projects than we could have come up with ourselves."

Georgia Tech is working with network security provider Internet Security Systems Inc., also based in Atlanta, and is now seeking industrial partners to co-develop new projects. It expects that the competition will become an annual event with the next competition-taking place in January.

Niall McKay is a freelance writer based in Oakland, Calif.

Dig Deeper on Security industry market trends, predictions and forecasts

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.