NATIONAL CENTERS OF ACADEMIC EXCELLENCE IN INFORMATION ASSURANCE RESEARCH
Designated by
MISSION STATEMENT
To promote education
and research in the field of computer security and information assurance at
University of Arkansas. The activities of this center includes, but not limited
to the following: fostering multidisciplinary research, securing large-scale
funding from federal, state, and other funding agencies, providing education and
training to future work-force, increasing awareness in the field of information
security and reliability by offering appropriate seminars and workshops.
Panda and Huang win a DoD grant to teach cloud security.
Dr. Brajendra Panda and Miaoqing Huang win a DoD grant to teach cloud security. This grant initiates collaboration with Northwest Arkansas Community College. Ms. Kiberly Bertschy, an instructor at NWACC will also teach a similar course at NWACC.
The investigators plan to (1) build a cloud at the University of Arkansas and (2) develop the related course for training students in the area of cloud computing and security.
The proposed cloud will consist of 12 computer nodes and deploy OpenStack as the cloud computing management framework. This cloud will be hosted at the Department of Computer Science and Computer Engineering at the University of Arkansas. It will be used as a teaching platform for students to develop knowledge and skills in cloud computing and security.
Paper on Querying Encrypted Databases
The paper titled " A Thin Client Model to Querying Encrypted Databases in Cloud",
authored by Dr. Brajendra Panda and Victor Fuentes Tello
has been published in Proceedings of the 2018 WSDS Workshop paper as part of IEEE Conference on Dependable and Security Computing (DSC 2018), Kaohsiung, Taiwan publication in IEEE Transactions on Education.
The abstract of the paper is provided below:
Security mechanisms that have been developed for Cloud databases burden the clients with additional processing. In this research, an intermediary server dedicated to enforce database security in the Cloud is proposed. This server, which we call Trusted Query Processor (TQP) performs all auxiliary tasks required for storing and processing data securely in Cloud. All records in the Cloud are stored in encrypted format and the key is stored with the query processor. The TQP when receives a query from the client it analyzes the query based on the partition index to determine which sets of the records from the Cloud need to be retrieved. It then asks the Cloud server to send those sets without decrypting those. The final result is determined when the TQP decrypts the records and applies the original query. Those results are sent to the client; this process allows the client to simply issue the query and wait for the results without worrying about the process involved. The objective is to process much of the work at the TQP and securely transmit the result. Thus, the database server is free from the security workload and can focus on traditional database activities. The advantage of this model is that an organization can have one such TQP, which can then interact with a number of database servers and a number of Clouds. A TQP can also be run by a trusted third party, thus releasing the organization from managing the additional server. This is an appropriate model for thin client architecture where clients carry out very little processing.
Paper on Object Trust Evaluation
Dr. Yanjun Zuo and Dr. Brajendra Panda published a paper titled "Composition and Combination-Based Object Trust Evaluation for Knowledge Management in Virtual Organizations". The paper appeared in the Journal of Information and Knowledge Management Systems, Vol. 43, No.3, 2013. The following is an excerpt from the abstract of the paper:
This paper aims to develop a framework for object trust evaluation and related object
trust principles to facilitate knowledge management in a virtual organization. It proposes systematic
methods to quantify the trust of an object and defines the concept of object trust management. The
study aims to expand the domain of subject trust to object trust evaluation in terms of whether an
object is correct and accurate in expressing a topic or issue and whether the object is secure and safe to
execute (in the case of an executable program). By providing theoretical and empirical insights about
object trust composition and combination, this research facilitates better knowledge identification,
creation, evaluation, and distribution.