UNIVERSITY of ARKANSAS    
University of Arkansas Logo
NATIONAL CENTERS OF ACADEMIC EXCELLENCE IN INFORMATION ASSURANCE RESEARCH

Designated by
MISSION STATEMENT

To promote education and research in the field of computer security and information assurance at University of Arkansas. The activities of this center includes, but not limited to the following: fostering multidisciplinary research, securing large-scale funding from federal, state, and other funding agencies, providing education and training to future work-force, increasing awareness in the field of information security and reliability by offering appropriate seminars and workshops.

Panda and Huang win a DoD grant to teach cloud security.

Dr. Brajendra Panda and Miaoqing Huang win a DoD grant to teach cloud security. This grant initiates collaboration with Northwest Arkansas Community College. Ms. Kiberly Bertschy, an instructor at NWACC will also teach a similar course at NWACC.

The investigators plan to (1) build a cloud at the University of Arkansas and (2) develop the related course for training students in the area of cloud computing and security. The proposed cloud will consist of 12 computer nodes and deploy OpenStack as the cloud computing management framework. This cloud will be hosted at the Department of Computer Science and Computer Engineering at the University of Arkansas. It will be used as a teaching platform for students to develop knowledge and skills in cloud computing and security.


Paper on Querying Encrypted Databases

The paper titled " A Thin Client Model to Querying Encrypted Databases in Cloud", authored by Dr. Brajendra Panda and Victor Fuentes Tello has been published in Proceedings of the 2018 WSDS Workshop paper as part of IEEE Conference on Dependable and Security Computing (DSC 2018), Kaohsiung, Taiwan publication in IEEE Transactions on Education. The abstract of the paper is provided below:

Security mechanisms that have been developed for Cloud databases burden the clients with additional processing. In this research, an intermediary server dedicated to enforce database security in the Cloud is proposed. This server, which we call Trusted Query Processor (TQP) performs all auxiliary tasks required for storing and processing data securely in Cloud. All records in the Cloud are stored in encrypted format and the key is stored with the query processor. The TQP when receives a query from the client it analyzes the query based on the partition index to determine which sets of the records from the Cloud need to be retrieved. It then asks the Cloud server to send those sets without decrypting those. The final result is determined when the TQP decrypts the records and applies the original query. Those results are sent to the client; this process allows the client to simply issue the query and wait for the results without worrying about the process involved. The objective is to process much of the work at the TQP and securely transmit the result. Thus, the database server is free from the security workload and can focus on traditional database activities. The advantage of this model is that an organization can have one such TQP, which can then interact with a number of database servers and a number of Clouds. A TQP can also be run by a trusted third party, thus releasing the organization from managing the additional server. This is an appropriate model for thin client architecture where clients carry out very little processing.


Paper on Object Trust Evaluation

Dr. Yanjun Zuo and Dr. Brajendra Panda published a paper titled "Composition and Combination-Based Object Trust Evaluation for Knowledge Management in Virtual Organizations". The paper appeared in the Journal of Information and Knowledge Management Systems, Vol. 43, No.3, 2013. The following is an excerpt from the abstract of the paper:

This paper aims to develop a framework for object trust evaluation and related object trust principles to facilitate knowledge management in a virtual organization. It proposes systematic methods to quantify the trust of an object and defines the concept of object trust management. The study aims to expand the domain of subject trust to object trust evaluation in terms of whether an object is correct and accurate in expressing a topic or issue and whether the object is secure and safe to execute (in the case of an executable program). By providing theoretical and empirical insights about object trust composition and combination, this research facilitates better knowledge identification, creation, evaluation, and distribution.


University of Arkansas - College of Engineering - Department of Computer Science & Computer Engineering
504 J. B. Hunt Building - Fayetteville, AR 72701 - Phone: (479) 575-6197, Fax: (479)-575-5339
Copyright © 2004 University of Arkansas, College of Engineering. All Rights Reserved