Skip to main content


About Cylab Chronicles

Richard PowerCyLab Chronicles is a series of articles that provide insight into the research conducted in CyLab at Carnegie Mellon University. From smartphones to network configuration protocols, face-recognition applications to privacy policy, the details come to light in the Chronicles. The series is written by Richard Power, an internationally-recognized cybersecurity expert and CyLab Distinguished Fellow. Power is the author of numerous books and conceived and designed the "CSI/FBI Computer Crime and Security Survey" (1995-2002), an annual study, conducted in conjunction with the FBI Computer Crime Squad.

CyLab Chronicles

CyLab 2009 – Audacious Research in a Troubled Time

posted by Richard Power

The year 2009 dawned in anxiety, as financial institutions throughout the world shook to their foundations, as if from an earthquake. But this earthquake did not issue from the shifting of tectonic, but from inside the financial system itself; and as the reverberations spread outward from the epicenter, a tsunami swept through the global economy.

In such circumstances, the future cannot arrive soon enough; and the future, after all, is the business of CyLab. CyLab faculty and graduate students are working on seven research thrusts, and along seven more cross-cutting research thrusts, in an audacious program aimed at harnessing the future to secure the present; and, of course, in the process, they are contributing to renewed prosperity and opportunity through capacity building in the areas of technology, personnel and industry.

In this nineteenth issue of CyLab Chronicles, we will explore the dynamic matrix of CyLab from two different perspectives: first, from the ten thousand foot level of the research thrusts, and then from the facts-on-the-ground of CyLab’s weekly webinar series. (NOTE: Access to the weekly webinar series is a benefit of the CyLab partnership program.)

The full scope of the CyLab research program, with its seven thrusts and seven additional cross-cutting thrusts, is depicted in the accompanying diagram.

Cross-Cutting Thrusts

These thrusts, in turn, resolve upward into the six broader, overarching elements, recently articulated by CyLab faculty:

  • Trustworthy Computing Foundations: We will develop technologies that will enable users to execute sensitive software and verify system security properties in the presence of malware and insider attacks. We will also develop new software-security analysis methods and tools, which can be used to verify the security properties of systems and network design and implementation. We will develop security methods and tools that will enhance the current Internet design and implementation to withstand new cyberspace attacks. We will demonstrate all of our developments and evaluate their performance on testbeds already established within existing CyLab research centers.
  • Security of Cyber-Physical Systems: We will develop and demonstrate techniques and protocols that are resilient to attacks that are launched over the Internet against cyber physical systems. We will develop robust multimodal biometric authentication techniques that use voice, iris, face, and fingerprint, for example, in establishing the identity and authenticating user in a physical space. We will demonstrate all of our developments on a testbed and evaluate their performance.
  • Secure Mobile Systems and Networks: We will develop and demonstrate security protocols for mobile ad-hoc networks, and mobile sensor and actuator networks. In particular, we will design protocols and techniques that will be resilient to well defined attacks against widely used mobile services, including those offered by vehicular networks.
  • Survivable Distributed Storage Systems: – We will develop techniques for large-scale distributed storage systems that, in addition to superior access performance, will provide access to information under duress caused by persistent denial-of-service, integrity, and confidentiality attacks, including those of malicious insiders. We will demonstrate all of our developments on real large-scale storage systems and evaluate their performance.
  • Usability of Security and Privacy Techniques: We will design and implement systems that address the human factors within the context of security, privacy and availability. We will demonstrate the contribution of human factors to security and privacy designs, the decrease in errors of security administration, and the increase in the level of trustworthy system and network use. We will also use human factors to shape the security designs and implementation in systems developed under this program.
  • Education Program: CyLab will continue to conduct a vigorous education program that reaches both the private and public sectors. We will expand and refocus our course offerings of the security-related curricula at both the undergraduate and graduate levels, and also for executive education, to reflect the new security and availability concerns in cyberspace. In our capacity as a National Security Agency-designated Center of Academic Excellence in Information Assurance Education (CAE/IAE), CyLab, in conjunction with CERT/CC, will continue our well-known program of helping institutions serving under-represented minorities. Toward these ends, we will expand our on-going Information Assurance Capacity Building Program for faculty from historically black colleges and universities and Hispanic-serving institutions.

Biometrics: Super-Resolution for Face Recognition

Taking on some of the most challenging issues in the field, the CyLab Biometrics Lab has become a force to reckon with. In his presentation on Super-Resolution for Face Recognition for the CyLab weekly webinar series, Vijayakumar Bhagavatula offered a compelling example of how and why.

Here is a brief glimpse into Professor Bhagavatula’s talk.

“This is the work of Pablo Hennings, who is sitting here in the front row to keep me honest, it was his PhD. thesis work; I just get to have the fun of presenting it. We also had a lot of help from Dr. Simon Baker, who used to be in the Robotics Institute here at Carnegie Mellon, but now is at Microsoft Research.”

In the areas of both surveillance and forensics, there is an urgent need for super-resolution to add in the effort to optimize face recognition processes, e.g.:

  • In many surveillance scenarios, people may be far from the camera and their face images may be small.
  • Looking for suspects involves parsing through hundreds of hours of video.
  • In 2002, in Italy, a terrorist crime was solved by analysis of 52,000 hours of surveillance videos installed in rail stations.

There are other potential uses less related to cloak and dagger, e.g.:

  • We need better image-based search capabilities for Google, Yahoo, YouTube, etc.
  • Organizing image and video galleries by who is in the picture or video frame will be central to online social networks.

But none of the reasons is more poignant than the potential uses in the effort to find missing persons, in particular missing children:

  • According to recent US Justice Department statistics, there were 797,500 children (younger than 18) were reported missing in one year alone (2002).
  • An average of 2,185 children are reported missing each day.

With super-resolution face recognition capabilities, surveillance camera networks already in place to perform other tasks could be utilized to deepen and intensify the search for these missing children.

“There are video cameras all over the world now -- many intersections, many shopping malls. If only we could use the surveillance videos produced by those cameras and be able to match what is in those surveillance videos with these reference images we have of these missing people.”

“Of course, resolution is only one of the issues. There are a lot of other issues – lighting levels, expression, pose, etc. Face recognition has a lot of challenges. My talk today is only focused on the resolution issue. I do not want to paint the picture that this will solve everything. This addresses one issue.”

“The punch line is that most super-resolution methods that are out there are aimed at reconstruction, creating good looking images for human consumption. But good looking images are not necessarily easy to recognize face images. The key is to recognize, i.e., face recognition. So how do we do super-resolution with the aim that we want to recognize these faces, not just reconstruct them?

“There are two ways to address this problem, in which we have high resolution training images and low resolution test image. There are two obvious approaches. One is to take the low resolution test images, apply a super-resolution algorithm to get higher resolution images, and then do the matching there. That produces artifacts, etc. The other approach is to go from high resolution gallery, or training images, and bring them down to the low resolution that your test images are going to be, and do your matching in the low resolution. And there you are giving up information, obviously.”

“But there is another way to look at it, this is Pablo’s contribution, and we call it S2R2, Simultaneous Super-Resolution Recognition. With S2R2, you do not use either of the two methods I just mentioned, but to actually use the high resolution gallery and the low resolution test images simultaneously to do recognition.”

How to Follow CyLab’s Compelling Story

We have created several publications to help tell the story of CyLab, as it pursues its mission of harnessing the future to secure the present:

  • CyLab Focus: A quarterly newsletter received as a benefit of participation in the CyLab partners program. (Availability: partners-only portal)
  • CyLab Chronicles: An ongoing series of interviews and other features highlighting CyLab research faculty and special events. (Availability: both public site and partners-only portal)
  • CyLab News: Frequent posts documenting CyLab achievements, breakthroughs, milestones and media recognition. (Availability: both public site and partners-only portal)
  • CyLab Intelligence Briefing: Monthly executive briefing on cyber risks and threats, reports from the dark side of cyberspace. (Availability: partners-only portal)
  • Culture of Security: Frequent articles on security awareness and education, security management, and psychological and organizational issues related to cyber security and privacy. (Availability: partners-only portal)
  • CyBlog (Security, Privacy and Mobility in the Information Age): The blog of CyLab and CyLab Mobility Center, featuring live-blogging from CyLab special events and providing ongoing analysis of what’s behind the headlines. (Availability: both public site and partners-only portal)

See all CyLab Chronicles articles