Students to tackle cyber security vulnerabilities in new, hands-on class

October 30, 2015

Come registration week next month, CCIS and Electrical and Computer Engineering students will be able to sign up for Deconstructing the Cloud: A Security Perspective, an exciting new class that challenges students with problems that cyber security and information assurance experts face every day: how to eliminate vulnerabilities in cloud systems.

The class, which will be inaugurated in Spring 2016, is the brainchild of Agnes Chan, Executive Director of Information Assurance and Cyber Security at CCIS, and CCIS professor Guevara Noubir.

Northeastern has Center for Academic Excellence designation, which is granted to universities who meet criteria that promote higher education in information assurance and cyber security, and is a program of the National Security Agency and Department of Homeland Security. Northeastern has been a CAE for information assurance education since 2002, for research since 2008, and for cyber defense education since 2014.

Earlier this year, Northeastern was one of several CAE universities around the country to receive a call for research and education proposals. Chan and Noubir collaborated to come up with the framework for the class, and ultimately received $280,000 from funds allocated by Congress to stimulate research in academia.

“The idea is the following: the country needs cyber security professionals badly,” Chan, who was featured in a recent CAE newsletter, says. “The pipeline to cyber security professionals for the country is drying up. So in order to fill that pipeline with strong people, we need to work at the undergraduate level.”

With their challenge clearly defined – get students interested in cyber security in the cloud – the two designed a course that would confront students with problems similar to those faced by internet mammoths like Google and Amazon. While these companies promise security to users, they are not invulnerable to malicious data breaches that can result in the leak of
users’ private information, including full names, banking information and Social Security Numbers.

“There is a need to educate and engage undergraduate and graduate students on the research challenges in cloud security, from investigating the feasibility and need for new cryptographic protocols to the risks associated with side channel attacks in multi-tenant cloud systems,” Noubir wrote in an email interview. “Besides learning about recent theoretical results for securing cloud systems, the students will develop and run experiments on a highly reconfigurable cloud test bed in order to assess the practical impact of recent attacks and the state of the art mitigations employed in realistic cloud systems.”

In order to make the cyber security experience as real as possible, Noubir is building a test lab modeled on Amazon and Google cloud services – an environment in which students who sign up for the course will tackle security vulnerabilities and other attacks that cyber security professionals must face.

“We want to find out the vulnerabilities and have ideas coming out about how to patch those vulnerabilities or how to design systems that can make the cloud a little bit more secure and keep your data more private,” Chan says.