Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

Johns Hopkins creates Information Security Institute

By Knile87 in News
Wed Dec 06, 2000 at 04:30:53 PM EST
Tags: Security (all tags)

Recently, the Johns Hopkins University created an Information Security Institute. The ISI will be used as a test center for hardware and software created by private, as well as government groups.

The administrators plan to use resources from the various schools at the University, including the Whiting School of Engineering and the Nitze School of Advanced International Studies. A ten million dollar, anonymous, donation has made the institute possible. There's some speculation, partly due to a Baltimore Sun article, that Bill Gates is the "anonymous donor."

Classes may begin as early as Fall 2001, with undergraduate and graduate programs to follow.

(Yes, I have a personal interest -- I'm a student at Hopkins and have no idea what I want to do with myself after school, but I like these computer things:)

What's troubling is the possibilities this opens up. Who's to say that some black hats won't take the InfoSec classes and run amok with them? That's not a problem really with the math department, or the English department. Does anyone know of other schools with similar programs? How have they fared?


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Related Links
o created an Information Security Institute
o the Whiting School of Engineering
o the Nitze School of Advanced International Studies.
o Baltimore Sun article
o Also by Knile87

Display: Sort:
Johns Hopkins creates Information Security Institute | 6 comments (4 topical, 2 editorial, 0 hidden)
Not really a problem. (4.25 / 4) (#1)
by trhurler on Wed Dec 06, 2000 at 01:44:50 PM EST

With very few exceptions, most of the knowledge security people need is not "how do I find and use this exploit script," which is the way almost all of the so-called "black hats" work. The few that remain among the baddies are talented programmers, and it is more likely that they'd come out of a computer science program than a computer security one, although some few of them are self-taught.

Guys who do penetration testing might be iffy, but then, they already are, so why does having a school make that any worse? The thing about that sort of testing is, you base your decisions on whether you trust someone, and he can give you reasons to trust him(insurance, etc,) but in the end, it is trust, and you either trust him or you don't. This is like hiring people to run a nuclear weapons operation: once you do it, they're in charge, and to a large extent, despite formalities claiming the contrary, you aren't.

'God dammit, your posts make me hard.' --LilDebbie

Kudos to JHU (3.00 / 2) (#2)
by Remy on Wed Dec 06, 2000 at 01:44:52 PM EST

It's times like this that I wish I had given JHU more of a look rather than my current school (Cornell) - actual practical applications like this are what interests me, not a particularly large amount of theory, which is unfortunately what I mostly have left to take. Sigh.

As for the concern about black hats - I would doubt that the course load would involve a lot of "Here's an exploit for (insert your favorite OS here), here's how it works." - rather, it sounds like they're going to take it to a broader level, such as teaching people how to not repeat the SDMI debacle.

In any case, there will always be black hats. If JHU is training people to be white hats, more power to them.
-- "The need to be observed and understood was once satisfied by God. Now we can implement the same functionality with data-mining algorithms." - Morpheus, Deus Ex
Why dangerous? (4.00 / 2) (#5)
by ocelot on Wed Dec 06, 2000 at 01:58:25 PM EST

I don't see why this is any more dangerous than having, say, a chemistry department. Sure, they can use the knowledge to go blow up buildings. The same could be said for many other programs, like physics, medicine, CS in general, anything related to law enforcement... But the possible benefits of the knowledge outweigh this consideration.

I also suspect that the testing of sensitive software is only going to be done by people with special clearance, not any random undergrad taking Computer Security 101. That doesn't prove that they aren't going to turn around and use the information in a dangerous way, but it does lessen the risk.

Purdue had COAST (3.00 / 2) (#6)
by titivillus on Wed Dec 06, 2000 at 02:31:44 PM EST

which has now turned to CERIAS and that's been a great resource.

Johns Hopkins creates Information Security Institute | 6 comments (4 topical, 2 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!