A Canadian post-secondary school is opening a research lab that aims to develop IT security and privacy technologies, promote policy changes and lead software programmers across the industry to create less vulnerable applications.
in Halifax hosted a day-long forum to open the Privacy and Security Lab (PSL) featuring former B.C. privacy commissioner David Flaherty, representatives from Industry Canada and the Information Technology Association of America. Symantec Canada committed $100,000 in funding for the lab, with additional investment from IBM Canada.
The school has hired Dr. John McHugh, a senior technical member of the Computer Emergency Response Team (CERT) at Carnegie Mellon University, to become the lab’s first director and coordinate the computer science department faculty and graduate students who are already conducting IT security research. McHugh said his initial focus will be on intrusion detection, but there is already one wireless security project at Dalhousie that may become a commercial product.
Besides contributing papers to academic journals, McHugh said he hoped the PSL would have some influence on the educational process in computer science departments. Time-to-market pressures often lead developers to put out software before it’s ready, he said, and minor problems, like buffer overflows, sometimes end up creating major IT security holes.
“We don’t start out teaching people to write programs defensively,” he said. “If you can change some of the programming culture so that at the same time you’re thinking about how to make it work you’re thinking about how to make it broken, and to the things to prevent it so it doesn’t slow you down, then you’d make major headway.”
Alfred Huger, Symantec Canada’s director of engineering in Calgary, said the security vendor has identified a couple of areas it would like to see the lab focus on. These include problems Symantec is already struggling with internally, such as how to develop faster and more accurate early-warning systems.
“It’s computational, it’s logistics, it’s a whole series of complex factors they’re gong to have to work through, or fairly arcane math,” he said. “We’re already invested in it, but sometimes it’s better to have other parties research it and develop from a fresh perspective.”
McHugh said he hasn’t hired many additional people to help run the lab. Instead, he said its existence represents a framework through which he will seek out additional funding and resources.
“There’s much more of a will to address these things at higher level. In the States, there tends to be a knee-jerk reaction to a problem,” he said, adding that the people at Thursday’s forum represented much higher levels of government than would be present at a similar event in the U.S. “Getting deputy ministers like this, it’s kind of like getting the undersecretary of commerce.”
One of the labs challenges, McHugh admitted, was to balance between security and privacy issues, which sometimes overlap but which on other occasions require more individual focus.
“Security technologies can sometimes be seen as enabling technologies for privacy,” he pointed out, adding that the school will be bringing together experts from its law faculty to assist in policy work as well.
“A lot of it may turn out to be psychological or sociological as anything else,” he said.
Huger said the wide scope of the lab was critical to coming up with real solutions for the kind of organizations Symantec serves.
“Privacy is such a broad topic and there is so little technology that’s been applied to helping us maintain it, or even (monitor) the rate at which we’re exposed,” he said. “There’s so much work to be done there.”
IT security has become a big issue at the postsecondary level in Canada. Recently the Univerity of Ontario Institute of Technology said it was offering a Master’s degree in the subject, while earlier this week Algonquin College’s School of Advanced Technology said it was working with Bell Security Solutions on a program devoted to network security.