National cybersecurity effort launched to strengthen software infrastructure

Scientists at the Morgridge Institute for Research, the University of Wisconsin–Madison, Indiana University, and the University of Illinois at Urbana-Champaign have received a $23.6 million grant as part of a Broad Agency Announcement (BAA 11-02) by the U.S. Department of Homeland Security Science and Technology Directorate to address threats arising from the development process of software used in technology ranging from the national power grid to medical devices.

The effort to establish the Software Assurance Marketplace will be led by Miron Livny, director of core computational technology at the Morgridge Institute for Research and a UW–Madison computer sciences professor. During the next five years, the project team will work closely with the developers of new software analysis technologies and the open-source community to advance the security of software that controls an ever-expanding cyberinfrastructure.

“Open-source software, developed by multiple programmers in collaborative environments, underpins much of the information technology we rely on every day-from communication networks to the databases that manage our personal records,” says Livny. “By its very nature, open-source software allows for rapid progress. Yet, the collaborative environments that facilitate open-source innovation have offered limited access to tools and resources for continuous cybersecurity assurance.”

The novel Software Assurance Marketplace research facility will be based at the Wisconsin Institutes for Discovery, a public-private research center on the UW–Madison campus that houses the private, nonprofit Morgridge Institute for Research and its public twin, the Wisconsin Institute for Discovery. By offering the capacity needed to continuously analyze and test a rich and evolving collection of open-source software packages, the facility will help the software assurance community improve the quality and reliability of software used in the nation’s critical infrastructure.

“We’re excited about the potential of this project to reinforce our nation’s cybersecurity,” says Barton Miller, a UW–Madison computer sciences professor who will serve as chief scientist of the Software Assurance Marketplace. “We have assembled a powerful team of software and security researchers and experts who will enable us to establish and operate a unique software assurance facility. We envision a marketplace that will bring together practitioners in software assurance techniques with those developing open-source software to address software quality assurance challenges in fields ranging from national security and physics to health care.”

Dr. Umberto Tachinardi, associate dean for biomedical informatics at UW–Madison’s School of Medicine and Public Health, says the cybersecurity challenges facing the nation’s health care infrastructure have increased in recent years as more medical software has been introduced and connectivity has rapidly expanded.

“We’re excited about the potential of this project to reinforce our nation’s cybersecurity. We have assembled a powerful team of software and security researchers and experts who will enable us to establish and operate a unique software assurance facility.”
Barton Miller

“Security is paramount to biomedical research and I am very excited that this program is an important step toward new levels of privacy and confidentiality for open-source software used in a variety of medical applications,” Tachinardi says.

Under the initial five-year agreement with the Department of Homeland Security’s Science and Technology Directorate, the Morgridge Institute will receive $14.9 million. Collaborating partners include UW–Madison’s Middleware Security and Testing group, which will receive $4.7 million; the National Center for Supercomputing Applications Cybersecurity Directorate at the University of Illinois at Urbana-Champaign, $2.1 million; and Indiana University’s Pervasive Technology Institute, $1.9 million.

Brooklin Gore, a senior researcher at the Morgridge Institute and the enterprise computing veteran who will serve as chief operations officer of the effort, said the funding will create a total of 25 jobs among the collaborating partners.

“Our team has a long history of collaboration with on- and off-campus researchers in scientific computing and continuous software integration,” Gore says. “Our National Middleware Initiative Build and Test Lab, funded by the National Science Foundation, has supported more than 100 open-source projects over the past eight years. We will build on that experience to provide continuous assurance services to the broad community of software security researchers, software assurance tool developers and open-source software developers.”

Initial operating capabilities for the Software Assurance Marketplace will include the ability to continuously test up to 100 open-source software packages against five software assurance tools on eight platforms such as Macintosh, Linux and Windows. The secure research facility will be able to analyze more than 275 million lines of code per day and also will introduce new tools to reduce the “false positive” readings that now limit the effectiveness of software assurance testing methods.

For more information about the U.S. Department of Homeland Security’s cybersecurity and software assurance initiative, visit here.