Building Frameworks for Future Cybersecurity

Professor Lan with Ph.D. student
December 18, 2017

By Lujain Al-Khawi

Electrical engineering professor and researcher Tian Lan’s motto is to bridge the gap between theory and practice in computer security. For the last three years, he has worked with existing cyber systems and protocols to make them more intelligent, personalized, and user-friendly.

What makes his solution significant is its novelty. His research team’s designed framework is capable of solving a wide-spectrum of security problems leveraging an integrated engine that mimics both human reasoning and reflexive thinking, prompting modern-day computers to run more efficiently and more securely.

Since 2010, he has joined the GW team working with cyber security. Working especially with optimization, he has built prototypes for the Pentagon and Hawaii’s naval command center. Both are currently in tech transition with the military. Lan’s research entails four different key components of cyber security: reasoning, optimization, customization, and delivery.

In working with reasoning and optimization, he and his collaborators developed a mission-oriented, resilient cloud for the Defense Advanced Research Projects Agency (DAPRA), which is able to self-optimize and fight through cyber/physical attacks. As cyber systems are increasing and becoming more complex, Lan utilizes machine learning together with model-based approach to speed up the discovery of software bugs and vulnerabilities by several orders of magnitude in his recent project Symbiotic and Integrated Reasoning Engine (SIREN) for Autonomic CyberSystems.

When you buy a phone, computer, or IoT device, the manufacturer is most likely to ship a standard software, one with superfluous code and program features that are never needed by most customers but are susceptible to cyber attacks. This standardized, one-size-fits-all approach, termed feature bloating, has becoming the cause of many security problems we face today, and this is where Lan’s research in customization comes into play.

Collaborating with Professor Guru Venkataramani and the Office of Naval Research (ONR), Lan’s research team is working to develop a somewhat maverick solution and to deliver highly individualized, secure frameworks to reduce unnecessary code that often leads to bugs, backdoors, and unauthorized access to cyber systems, as indicated by his recent project DIALECT: Communication Protocols Customization via Feature Diagnosis.

Lastly, Lan is able to bridge theory and practice through providing Security-as-a-Service. Working alongside professors Suresh Subramaniam and Howie Huang in a National Science Foundation (NSF) project focusing on new security delivery models, they are designing a pay-per-usage mechanism that offers security as an on-demand utility to customers. Instead of having to pay for a standardized service that could be either too expensive or inadequate, Lan’s collaboration aims to enable a pay-per-use business model for security services. Therefore, the customer of a computer system would pay in proportion to the service he or she is receiving, allowing for more customization for both the user and provider.

Before reaching his career in communication and networks, Lan completed his undergraduate degree at Tsinghua University in China. After graduation, he brought his passion to study his Ph.D. at Princeton University, working with network optimization. As soon as he successfully defended his Ph.D., he hopped on his car and rode all the way to Washington, D.C. to join the GW faculty.

Outside of research, he, his wife, and three-year-old son enjoy travelling around the world, especially visiting museums and science centers.