In this blog, we have an interview with Dr. Maanak Gupta, Professor in the Department of Computer Science and faculty affiliate at the Cybersecurity Education, Research and Outreach Center (CEROC) at Tennessee Technological University, USA, on cybersecurity and different aspects of his early research career.
Let’s know more about Dr. Gupta, his research works, the journey he is making as a young researcher, advice, and insightful suggestions to peer young professionals.
Hello Dr. Gupta, could you please tell us about your educational background and professional working experience?
I completed my undergraduate in Computer Science and Engineering in 2010 from India. After that, I joined MS in Information Systems program at Northeastern University, Boston, USA, and completed it in 2012. I worked as an assistant professor at a university in India for nearly two years. By then, I developed a passion for pursuing my academic career and looking for exciting research areas, including cybersecurity. In 2014, I got admitted to the Ph.D. program in Computer Science at the University of Texas at San Antonio, recognized as one of the USA’s best cybersecurity programs. Subsequently, I started working at the Institute for Cyber Security with Prof. Ravi Sandhu, an eminent scientist in cybersecurity and a pioneer in foundational security access control models. Working with Dr. Sandhu helped me gain so much experience and perspective in cybersecurity solutions that will be valuable throughout my career. I completed my Ph.D. in Dec 2018 and worked as a Postdoctoral Research Fellow at the Institute for Cyber Security until July 2019. I was also awarded the 2019 computer science outstanding doctoral dissertation research award from UT San Antonio. From August 2019, I am an Assistant Professor in the Department of Computer Science and faculty affiliate at the Cybersecurity Education, Research and Outreach Center (CEROC) at Tennessee Technological University, USA. Apart from researching with graduate students, I enjoy teaching at both undergraduate and graduate courses. Currently, I am also serving as the guest editor for MDPI Information and PC member for several ACM and IEEE conferences. Besides, I am the founder and chair of ACM SaT-CPS and SMARTFARM workshops. I am also a member of IEEE and ACM and have delivered numerous invited lectures and keynotes at different conferences and government agencies.
Could you describe what you are working on lately?
My primary research area includes security and privacy in cyberspace, focused on studying foundational aspects of access control and their application in technologies including cyber-physical systems, cloud computing, IoT, and Big data. I have developed novel security mechanisms, models, and architectures for next-generation smart cars, smart cities, intelligent transportation systems, and smart farming. I am also interested in machine learning-based malware analysis and AI-assisted cybersecurity solutions. Besides, I work in cybersecurity education and promote training next-generation cybersecurity warriors. Primarily, I look into the opportunities which can have a real-world impact and bridge the gap between academic research and industry needs. With my students, we regularly publish scholarly works at top peer-reviewed security venues, including ACM SIGSAC conferences and high-impact refereed journals. Our research is funded by the US National Science Foundation (NSF), NASA, the US Department of Defense (DoD), and private industry.
Interesting! How did your work evolve over the last couple of years, reaching your current research?
My inclination towards security grew manifolds once I started working at the Institute for Cyber Security at UTSA. Working with Dr. Sandhu helped me gain so much experience and the opportunity to work on several cutting-edge and ground-breaking research. During my doctoral study, besides developing the foundational aspects of attribute-based access control (ABAC), I investigated its applicability in Intelligent Transportation Systems, which are among the essential components and major drivers of future cities and the connected world. The interaction among connected entities in this Internet of things (IoT) domain, which also involves smart traffic infrastructure, restaurant beacons, emergency vehicles, etc., will offer many real-time service applications. This ecosystem will provide a safer and more pleasant driving experience to consumers. With more than 100 million lines of code and hundreds of sensors onboard generating vast amounts of data, these vehicles act as ‘datacenter on wheels.’ These connected vehicles (CVs) expose a large attack surface, which can be remotely compromised and exploited by malicious attackers.
I investigated the smart car’s ecosystem and proposed an authorization framework to secure this dynamic and distributed system where interaction among vehicles and infrastructures is not pre-defined. I developed an extended access control-oriented (E-ACO) architecture relevant to connected vehicles and discussed the need for vehicular clouds in this time and location-sensitive environment. I also proposed dynamic groups and attribute-based access control (ABAC) models to secure communication, data exchange, and resource access in the smart vehicle’s ecosystem. This model considers the user-centric privacy preferences along with system-defined policies to make access decisions. Besides, I developed formal models for Hadoop ecosystems which is a widely used Big data processing platform.
After my doctoral research, I started concentrating on other cyber-physical domains and investigating security implications. I mainly focused on smart farming since it is novel. And as a community, it is essential to offer security resilient infrastructure and resources to this domain, critical to many economies worldwide. I developed several solutions in smart farming security. Further, in parallel, I have an active research group that works in AI-assisted cloud security, focusing on detecting and mitigating malware attacks in cloud IaaS. Currently, I am focusing on using AI and machine learning techniques to offer cybersecurity solutions in critical domains and aim to have my research a deep and broader impact on society.
What would you suggest to young researchers to look at in security and privacy?
AI and data-driven applications have transformed the way we look for todays’ and tomorrows’ applications. Similarly, we witness its impact on cybersecurity; AI for Security and Security of AI are the two core areas that will be the future for cybersecurity. I believe the community is still in the infancy stage, and at the same time, our future workforce is also not trained to cater to this growing and essential need for future smart cyberattacks. The challenges are multifold and require a holistic community-wide effort. Even to secure the AI systems, it is crucial to understand what it means to be secure. These AI-assisted techniques can change the asymmetric relationship between adversaries and defenders, skewed already with attackers’ advantages and dilemmas. The AI’s advancement will explode the speed and accuracy for the systems to act autonomously, defend, and reach near-real-time against reconnaissance and attacks.
Automation will be the key, and we must develop resilient reliable, and adaptive automated security solutions which can deter, prevent and detect cyberattacks. Simultaneously, there is still a shortage of research testbeds and datasets that the community can utilize to try and develop new security solutions. With the proliferation of attacks on critical infrastructures, I believe these skills will be imperative to secure national resources. Cybersecurity for Nation’s future will require substantial research and time investment in both AI and cybersecurity.
Can you share any relevant books, courses, or videos that have caught your interest in recent times and help young professionals develop their understanding of changing technologies and challenges?
I believe it would be unfair to narrow down the must-go-to resources for the readers but would like to provide a more general perspective since the resources are too vast and prolific. I would suggest young professionals involve beyond the classroom teaching and get their hands dirty. Move towards experiential learning, attend workshops, guest lectures, security conferences (IEEE S&P, ACM CCS, USENIX, and NDSS are top four security conferences), avail travel grants from these conferences to expand your network of collaborators. IEEE TDSC, ACM TOPS are some of the high impact factor security journals which provide some latest research from the community. RSA conference also offers the opportunity to meet industry leaders in cybersecurity and provides a great platform to know industry cybersecurity needs and challenges. Corporations like SANS provide online courses and training programs that one can enroll. Federal agencies also offer blogs and guidelines along with requirements for future cybersecurity needs. It is essential to subscribe to these mailing lists. I would also recommend having a seasoned security researcher as a mentor who can guide young professionals for future career goals and guidance.