ADSC researchers to improve security for smart nation applications

7/15/2020

Allie Arp, CSL

As one of the world’s smallest and most technologically advanced nations, Singapore is an excellent location for the world’s first smart nation. With an increasingly online population comes challenges in both implementation and security that must be solved before the technology can become a reality. A new research project being conducted by the Illinois Advanced Digital Sciences Center (ADSC) is tackling this issue.

In “Threat modeling and security control management as a service for smart nation application development,” ADSC Principal Research Scientist Binbin Chen, who is also an Associate Professor at Singapore University of Technology and Design (SUTD), looks to design and develop a tool that can support comprehensive threat modeling. The project team is a partnership between DBS Bank (the project host), Swarmnetics, SUTD, and ADSC. The team plans to use the results from the model’s analysis to enable effective security control management of critical smart nation applications such as mobile wallets and health monitors.

“As applications are tasked to manage an increasing amount of sensitive data and to play critical roles in many aspects of our daily life, the impact of any application security incident can be devastating,” said Chen. “To ensure application security in a hostile environment, threat modeling and threat-centric security control management can play a foundational role in constructing and optimizing our cyber defense for these applications.”

Existing solutions for this type of defense are unable to capture multi-stage attacks or are unable to connect the attack to the vulnerability in time to stop it. There are also currently issues with implementing the continually advancing software necessary for cybersecurity. Unlike these models, Chen’s will be scalable to allow it to advance with software. It will also use intuitive analytics gathered by different stakeholders to promote proper cross-organization cyber-management.

“Today’s applications are facing a fast-growing list of threats from various threat actors, including insiders, criminals, hacktivists, terrorists, and even nation states,” said Chen. “By supporting the development of applications with a solid foundation of threat modeling and security control management, we believe the expected outcomes from this proposal can fill an important gap.”

This research is supported by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. GC2018-NCR-0009) and administered by the National Cybersecurity R&D Directorate.