Dr. Bhavani Thuraisingham was recently elected a Fellow of the British-based Institute of Mathematics and its Applications (IMA) for her research on the Foundations of Secure Data Management. She is already a Fellow of the ACM, IEEE, AAAS, NAI, and the British Computer Society (BCS). She was interviewed by Dr. Ovidiu Daescu, the Associate Department Head of Computer Science and member of the Theoretical Computer Science Group. Below are the questions posed by Dr. Daescu and the answers given by Dr. Thuraisingham on her recent award as well as her views on bridging theory and practice in Computer Science.
Congratulations on being elected Fellow of the British-based IMA (Institute of Mathematics and its Applications). We know about your work in Cyber Security and Data Science. Tell us about your work related to Theoretical Computer Science.
After my education in the United Kingdom in Theory of Computation, I have had a 40-year career in the United States, including in the commercial industry (Honeywell), The MITRE Corporation (a federal research lab), the National Science Foundation (US Government) and in academia. My educational background is in Mathematics and Physics (B.Sc.), Mathematical Logic (M.Sc.), and the Theory of Computation (Ph.D.), and I have applied my Mathematical Logic and Theory of Computation expertise in cybersecurity on multiple projects.
My early work between 1980 and 1985 was on the study of decision problems in Recursion Theory and Complexity Theory. My research also included work in Algorithmic Information Theory. This research was published in top tier journals such as the Journal of Computer and Systems Sciences, Notre Dame Journal of Formal Logic, and the Mathematical Logic Quarterly (as a sole author). Subsequently, in 1985, I started working in cybersecurity and data science (what used to be called computer security and data management). Throughout the mid to late 1980s, 1990s, and early 2000s, I conducted research on applying mathematical logic for database security, including developing formal models. Later, together with the team at Honeywell (Patricia Dwyer, Paul Stachour, et al.), we pioneered techniques for the design of one of the early secure database systems based on formal models and type enforcement. This work was published in top tier journals and conferences, including the IEEE Transactions on Knowledge and Data Engineering and Computes and Security. Afterwards, with the team at the University of Minnesota (Wei-Tec Tsai, Tom Keefe, et al.), we were the first to introduce security for object systems. This work was published in ACM OOPSLA and Computers and Security Journal. In addition, our team also developed a formal execution model for dependable distributed systems, and this work was published in the IEEE Transactions on Software Engineering.
My major breakthrough in applying Theory of Computation and Mathematical Logic to Cyber Security was in 1990 when I proved that the inference problem was unsolvable, and presented the results at the IEEE Computer Security Foundations Workshop and at Rome Air Development Center’s New Directions in Database Security Workshop. This work was quoted by NSA (National Security Agency) as a significant development in database security in the Proceedings of the 1990 National Computer Security Conference by Dr. John Campbell. NSA.
Then in 1991, I developed a logic called NTML, Non-Monotonic Typed Multilevel Logic, for secure data and knowledge base systems. This was the first effort to develop a theory for secure database systems. This work was also published in the Proceedings of the IEEE Computer Security Foundations Workshop in 1991 and 1992. I continued to apply mathematical logic to multiple secure database systems, including models for object databases and distributed systems. I also applied deductive reasoning for the inference problem and subsequently designed and developed logic programming-based systems for inference controllers.
During the 1990s, together with the team (Sang Son, Victor Wolfe, John Maurer, et al.), we were the first to integrate secure data management with real-time data management. This work was published in top-tier venues, including IEEE Transactions on Parallel and Distributed Systems and the IEEE Transactions on Knowledge and Data Engineering. At the same time, our team (Harvey Rabinowitz, William Ford, and Marie Collins, et al.) also pioneered techniques based on fundamental principles for designing secure distributed database systems and Database Inference Controllers. This work appeared in the Journal of Systems and Software, Data and Knowledge Engineering, and IEEE Transactions on Knowledge and Data Engineering. At the same time, I was among the first to introduce the notion of applying Artificial Intelligence models (e.g., semantic nets and conceptual graphs) to represent and reason about secure database applications. This work was published in the IFIP Database Security Conference.
Since joining UT Dallas, I have wanted to focus more on software design and development. Therefore, I have carried out research in three directions (together with my colleagues Latifur Khan and Murat Kantarcioglu, et al.). One is to develop novel machine learning techniques for solving challenging problems such as Insider Threat Detection. The second is to apply existing logics (e.g., description logic) for semantic web to develop inference controllers and security models for social media systems. The third is to design and develop a framework for Privacy-Aware, Policy-based Data Management. While this research is based on fundamental principles, my focus has been to apply the principles to build systems. This work was published in top tier venues and received the ACM SACMAT 10-year test of time awards in 2018 and 2019 for papers published in 2008 and 2009. However, my most recent work with researchers at Kings College, London (Maribel Fernandez et al), has focused on applying Mathematical Logic (e.g., rewriting systems) for formalizing the Internet of Things (IoT). Our team was the first to carry out such research, and this work has been published in top tier venues such as ACM CODASPY (Data and Applications Security and Privacy) and ACM SACMAT.
So, in summary, while my focus has been on the design and development of secure systems for most of my career, I have also developed new logics and applied existing logics as well as techniques in Theory of Computation to prove properties as well as to design secure systems.
How do you compare this fellowship with the others you have received?
My work from theory to practice in cybersecurity and data science has resulted in me receiving many prestigious awards, including the IEEE Computer Society’s 1997 Technical Achievement Award, the ACM SIGSAC 2010 Outstanding Contributions Award, ACM CODASPY 2017 Lasting Research Award, IEEE Services Computing 2017 Research Innovation Award and the IEEE Communications Society’s 2019 Technical Recognition Award. In addition, I am also a Fellow of the ACM (2018), IEEE (2003), AAAS (2003), and NAI (2018). These fellowships have been given mainly for my work on designing and developing secure systems and carrying out technology transfer to commercial products and operational systems. Every award and fellowship is special and important. However, receiving the British-based IMA Fellow has really made me complete with respect to being recognized for my research contributions. To me, it is the icing on the cake for being recognized mainly for my contributions to Mathematical Logic and the Theory of Computation and applying them to Cyber Security and Data Science.
What do you think is the place of Theoretical Computer Science within the Computer Science discipline?
Having worked at both ends of the spectrum – one focusing on the logic and foundations of secure systems and the other designing and implementing systems, I believe that Theoretical Computer Science is vital to building secure and dependable systems. We hear so much these days about cyber-attacks. Many of these attacks occur because the adversary has found a loophole in the system design. This is where areas like formal methods are hugely important. We need to design and develop systems that are based on formal models and that the design and implementation meet the specifications and have been proven. The early secure systems did that. Unfortunately, these days, because of the immense pressure to get the products out the door or get the paper published, we tend not to pay as much attention to the foundations of the systems. Fortunately, our team at UTD (e.g., Kevin Hamlen et al.) is carrying out outstanding research on applying formal methods for cybersecurity.
What is your view on bringing together theoreticians and practitioners in Computer Science?
When I mentioned to one of my Ph.D. advisors, Dr. Roger Hindley, who is a Mathematical Logician and an expert in Lambda Calculus and the co-inventor of the Milner-Hindley type system (which Turing award winner Robin Milner and Hindley developed independently), he was very pleased. The first thing he said was, “you can now bring the Theoreticians and Practitioners together as you will be credible to both communities” because he says the two communities really do not talk to each other, and they don’t even speak the same language, from a computing point of view. Many of the systems being developed are not based on formal models, and they are not formally verified. He pointed out that I am in an ideal position to bring the two communities together and make this part of my mission for the rest of my career.
Do you have any plans to restart working in Theoretical Computer Science?
While I have accomplished a lot of what I set out to do in my career, I still have so much more work to do. I do want to make it my mission to bring theory and practice together. And for that, I need to seriously restart my research in the Theory of Computation and apply the techniques to secure systems as I did in the 1980s and 1990s. As I mentioned, I am very pleased that my work with my Kings College colleagues has enabled me to restart my research in Theoretical Computer Science. But there are also two additional areas upon which I want to focus wherein I would start where I left off in the 1980s and 1990s. One is in Algorithmic Information Theory. One of the challenging problems I was investigating back in the early 1980s was on finding an equivalent to Gödel’s Completeness and Incompleteness theorems in Algorithmic Information Theory. I was exploring the work of Chaitin and Kolmogorov to accomplish this. Unfortunately, that was also about the time I got very interested in system implementation, and soon the latter took over my work. The next piece of work was on the Inference Problem. Here the question is, can we come up with a Theory of the Inference Problem based on the complexity classes defined by the Turing award winners such as Rabin, Blum, and the others? I plan to focus on these two areas together with my work on formal models for IoT systems.
More importantly, our Computer Science department has an excellent group in Theoretical Computer Science. In fact, it has one of the largest research groups in Computational Geometry as well as strong expertise in Combinatorial Optimization, Algorithms, and the Theory of Machine Learning. I have collaborated with some of the members from this group especially applying optimization techniques to block rumors in social media (DZ Du et al.), as well as applying computation geometry to geospatial data systems (Sergey Bereg et al.). I have also been fascinated by the Algorithmic Information Theory research carried out by DT Huynh et al. I would like to continue with my research with members of our outstanding Theory group and also get into new areas jointly.
In summary, there are plenty of opportunities to restart my research in Theory, not only starting from where I left off in complexity theory and algorithmic information theory as they related to cyber security, but also collaborate with our professors both within and outside of UTD working in Theory on interesting research problems.
ABOUT THE UT DALLAS COMPUTER SCIENCE DEPARTMENT
The UT Dallas Computer Science program is one of the largest Computer Science departments in the United States with over 3,600 bachelors-degree students, more than 800 master’s students, 160Ph.D. students, 51 tenure-track faculty members, and 44 full-time senior lecturers, as of Fall 2020. With the University of Texas at Dallas’ unique history of starting as a graduate institution first, the CS Department is built on a legacy of valuing innovative research and providing advanced training for software engineers and computer scientists.