The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Security and Software Engineering Research Center (S2ERC)

The opinions, findings, and conclusions or recommendations expressed are those of the Center author(s) and do not necessarily reflect the views of the National Science Foundation.

Center Overview

The Security and Software Engineering Research Center (S²ERC) conducts research on cybersecurity, software security, system security, and software engineering problems to enable technology gains.

Advances in software engineering are of critical importance not only to the technical capabilities and performance of the software product, but also for the development process of systems such as missile guidance, fire control, radar, satellites, navigation, GPS, sensors, communications, computer-aided medical diagnostics, and robotics. A part of these advances is the element of security, which has been a challenge, with billions of dollars lost every year to security attacks. Making secure and reliable software and systems with limited resources is difficult. Though software has been a problem-solving tool for six decades, there still is no "best" approach for the timely and cost-effective construction of software that is reliably secure.

Researchers in security and software engineering face many important issues as they engineer security-critical systems. To survive and prosper, U.S. companies must improve security, enhance the software engineering discipline, improve techniques for building software to drive their businesses, reduce infrastructure and vulnerabilities - including security and privacy breaches - and hire trained security analysts and software engineers. S²ERC has been designed to address these ongoing and increasingly complex needs.

Universities

Ball State University
Georgetown University
University of Texas, Dallas
Virginia Polytechnic Institute and State University

View Center Website

Center Personnel

Michelle Brown
Center Coordinator
+1 765 285 2795
mbbrown@bsu.edu

Eric Burger
Center Staff
+1 202 625 0100
eric.burger@georgetown.edu

Eric Wong
Center Co-director
+1 972 883 6619
ewong@utdallas.edu

Shaoen Wu
Center Director
+1 765 285 8658
swu@bsu.edu

Tapio Frantti
Center Co-director
+358 40 5470819
tapio.frantti@fre.fi

T. Charles Clancy
Center Staff
+1 540 231 5281
tcc@vt.edu

Ophir Frieder
Center Co-director
+1 312 543 6508
ophir@ir.cs.georgetown.edu

Christine Callsen
Center Staff Virginia Tech)
+1 571 858 3342
ccallsen@vt.edu

Clare Sullivan
Managing Director Georgetown)
+1 443 534 8980
cls268@georgetown.edu

Ehren Hill
Center Staff Virginia Tech)
+1 202 679 5955
ehren@vt.edu

Research Focus

The two primary research directions of S2ERC are security and software engineering. Recent research projects have focused on these issues:

Ad hoc network security.
Attack-tolerant systems.
Big Data analytics.
Cyber-physical systems.
Cyberthreat intelligence sharing.
Data leak prevention.
Dynamic and static analyses.
Embedded systems security.
Functional encryption.
Global software development.
Hardware security.
High-assurance software.
Information protection.
Interactive collaborative environments.
Intrusion detection.
Malware detection.
Migrating software to multicore architecture.
Network forensics.
Physical unclonable function-based mobile authentication.
Requirements capturing.
Security and vulnerability analyses.
Security test beds.
Software analytics.
Software design.
Software feature analysis.
Software metrics.
Software reliability.
Software safety.
Systems security and integrity.
Software testing.
Testing and model checking for concurrent programs.
Trustworthiness in cloud and mobile applications.
Usability issues.
User authentication.
User-interface design.
Visualization and cyber-situational awareness.
Visualization environments.
Voice- and video-over IP.
Wireless security.

Awards

1464654

Collaborative Research: I/UCRC Phase II: Security and Software Engineering Research Center (S2ERC)

The Security and Software Engineering Research Center (S2ERC) is an Industry/University Cooperative Research Center devoted to applied and basic research addressing security and software engineering issues that plague both industrial (defense and commercial) companies and government agencies. Nearly all companies market products and services that involve software. The software is either a commercial product or a supporting technology for other products or services. Advances in software engineering are critical to the technical dominance and market performance not only of IT companies, but also of producers of products such as aircraft and their components, automobiles, medical devices, sensors, computer-aided diagnostics and robotics. Software developers and customers desire software that costs less, matches users needs, is secure, has credible defenses and fewer defects, executes faster, is easier to update and is completed on time. With societies growing dependence on software, it is important that software engineers build secure software cost-effectively and reliably. The investment in S2ERC has the potential to produce significant results given the expertise at the university sites, the many technical affiliate partners, and the importance of software to our national security and competitiveness. S2ERC researchers are focused on discovering unique solutions for security and software engineering issues which in turn benefits the whole of society as technology is properly constructed and managed. The S2ERC's technical goals are the creation and transfer of innovative software technologies and engineering skills to its affiliates and the training of both graduate and undergraduate students in promising research directions. The S2ERC research initiatives include intrusion detection, ad-hoc network security, wireless security, attack-tolerant systems, trustworthiness in cloud and mobile applications, security and vulnerability analyses, information protection, requirements capturing, software design, software metrics, software feature analysis, software testing, software reliability, user interface design, usability issues, global software development, migrating software to multi-core architectures, visualization environments, interactive collaborative environments, dynamic and static analyses, and testing and model checking for concurrent programs. As S2ERC partners with industry and federal agencies, it is expected that security and software engineering research will continue to integrate into broader programs and activities of national interest. Read More >

1362046

I/UCRC: S2ERC at Georgetown University

Georgetown University will be joining as a full site the Security and Software Engineering Research Center (S2ERC) I/UCRC. S2ERC is a multi-university center comprised of Ball State University (lead institution), Iowa State University, and Virginia Polytechnic University. The proposed Georgetown site will bring complimentary capabilities in forensics, advanced cryptography, privacy, provenance, security, and governance to the S2ERC. Particular programs include cyber threat intelligence exchange; secure network interoperability; tailored trustworthy spaces for secure communications; social, behavioral, and economic impediments to inter-enterprise communication; law and inter-enterprise communication; novel architectures and algorithms of zero-knowledge action on secret information; novel key distribution and access algorithms; and technologies for cyber threat intelligence sharing. Information sharing is a key focus for the technologies developed by the Georgetown site. Information sharing compliments the software engineering work and the use of software engineering for the development of secure software systems by Ball State and Iowa State as well as the low-level hardware, radio security, and computer engineering work done by Virginia Tech. Technology contributions from the center will include: (i) Trust negotiation tools and data trust models to support the negotiation of policy, (ii) Data protection tools, access control management, monitoring and compliance verification mechanisms to allow for informed trust of the entire transaction path, and (iii) Resource and cost analysis tools. Some of the affiliates of Georgetown site are product companies which are expected to directly benefit from the results of the proposed research projects. This will make them more competitive and position them well in the global marketplace. Some of the proposed research, particularly in cyber security, will result in new educational curriculum and the training of much needed security specialists. The PI's will make effort to involve students from other disciplines, especially those that traditionally have a better track record at attracting non-traditional student demographics, and expose them to certain elements of the Computer Science. This will facilitate the engagement of larger student population with computer science discipline. All the students engaged in the program will benefit from the industry exposure and technology transfer. The Georgetown site currently engages female and minority professors, researchers, and students, as well as students from K-12. This engagement will be further strengthened by the formation of the I/UCRC site. Read More >

1822137

Phase II IUCRC Unversity of Texas at Dallas: Center for Security and Software Engineering (S2ERC)

As software is integrated more frequently into every aspect of our lives, as its failure in operations causes increasingly devastating consequences, as schedules and budgets are continually reduced despite the need for high-quality reliable and secure software, it is critical to have cooperative research teamwork between academia and industry. The University of Texas at Dallas IUCRC site emphasizes technology development as well as transfer on software testing and quality assurance. It matches the mission of the Security and Software Engineering Research Center (S2ERC). Hence, there is strong synergy in having this site become one of the major university sites of S2ERC. Faculty members of this site have extensive expertise and background in industry collaboration in software testing and verification; software fault localization and program repair; software reliability, metrics and risk analysis; programming languages; software security systems; and software and system safety. The University of Texas at Dallas (UTD) is located in an area with many high-tech companies that provide excellent opportunities for conducting academic/industrial cooperative research. UTD has a strong Software Engineering program offering BS, MS, and PhD degrees. This student talent base is accessible for work on cooperative software engineering and security research projects that fall within the scope of this IUCRC site and S2ERC. The addition of this site to S2ERC will broaden and improve the Center's research in two of the nation's most important disciplines: software engineering and security. Membership fees from new industry affiliates will increase the overall program income of S2ERC. With a larger pool of funding, the center will be able to attract more proposals in response to industry needs and develop advanced technology applications for dependable and secure software development at a reduced cost. This will not only attract additional companies to join, but also profoundly impact the nation's technological innovation and improve the country's economy. This site will follow the same data management plan used by S2ERC. Each project will release its data to the public at the earliest reasonable time and the access to such data will be available for at least three years after conclusion of the project. A designated website (http://paris.utdallas.edu/stqa ) will be used for management and dissemination of all data generated by research projects sponsored via this site, whereas S2ERC has a more comprehensive repository that comprises projects within the center as well as those conducted at other sites. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria. Read More >

1650540

Security and Software Engineering Research Center (S2ERC) at Virginia Tech - Phase 2

This project supports Virginia Tech's membership in the Security and Software Engineering Research Center (S2ERC) Industry/University Cooperative Research Center (I/UCRC). The mission of S2ERC is to conduct a program of applied and basic research on software security, system security, and software technology problems of interest to its members. The goal of this research is to enable security and software technology gains within member organizations. Virginia Tech's site specifically focuses on challenges with software and security for cyber-physical systems, with a particular emphasis on the emerging areas of critical infrastructure and the Internet of Things. Addressing security and privacy challenges with these technologies are critical to protecting homeland security and preserving civil liberties in an increasingly interconnected world. Research executed through this program will be principally funded by industry partners who join the consortium as members, with the goal of developing commercialization paths for resulting innovation. Additionally students who will be supported on projects will gain insight into real-world problems of direct interest to industry, and will forge relationships that can lead to recruiting and future career placement in an increasingly competitive technology discipline. Ultimately the specific technical problems tackled and approaches considered will be determined by the Industry Advisory Board (IAB) who provides governance for S2ERC. However Virginia Tech seeks to focus on recruiting and sustaining members with a specific interest in the security and privacy challenges with cyber-physical systems. Given the experience of the faculty and researchers involved, research undertaken is expected to leverage deep expertise in security for embedded systems, control systems, and wireless systems. Within the embedded systems domain, we will develop and leverage tools in program analysis and software synthesis to develop provably safe and secure firmware for embedded devices. For control systems we will seek to translate functions typically found in the defense of computer networks into components used in embedded control networks to detect and block anomalous control signaling. Within the wireless area, we seek to ensure resilience within networks such that attempts to disrupt wireless infrastructure have minimal effect on critical functions using the network. With the umbrella of the larger center, we seek to synthesize these concepts into tools and techniques that can transcend each in order to address security overall for systems and systems of systems. Lastly we seek to understand the human element in these cyber-physical systems and work to ensure security technologies integrate with the user experience and are effective in real-world deployments. Read More >