Strong security programs?

[GraduateSchoolNut]

Can anyone tell me which are the top 10 programs for security?

[GraduateSchoolNut]

Website links would be helpful, too.

[belowthree]

It would be a lot easier to answer this if you listed the programs you were talking about and people could chime in with their thoughts about each one. Just asking for strong programs out of all programs in existence is going to be tricky and you'll get a bunch of different answers.

I mean you're probably just going to hear the answer that I'll be giving you which is: most of the top 10 schools have strong security groups. There's some ones out of the top 10 with strong security groups too, but it's really hard to just name a top 10.

So what schools are you interested in?

[GraduateSchoolNut]

Princeton, UWashington, Columbia, Texas, Maryland, JHU, Cornell and Brown.

This list includes schools I have not yet heard from.

Thank you.

[belowthree]

I looked at a bunch of these through the application process, I'll go ahead and post some of my notes and comments from when I was looking... I'm making a vague attempt to order them.

 University of Washington, out of the schools you posted, probably has the best security team for systems and networking work. Their security group is large, has plenty of good people and does a lot of good work. If you're interested in doing systems security you should go here unless you really already have a relationship with a really good prof elsewhere and you know he wants to work with you.

JHU - JHU's close proximity to the capital and focus on government money provides them with a fertile funding environment. The reason this is important is because this allows JHU to recruit and do research at far greater levels than most schools around here in the rankings. These guys do research and they do a *lot* of it. Some of it is quite good and some of the people here are quite good, Avi Rubin in particular is well known and excellent. I actually really liked a lot of things about JHU, but I have a feeling while the quantity of research is vast, the quality may suffer some. That said, if you personally feel like you do top notch work without getting pushed to do so, then you may do very well here as given their funding numbers, I'd imagine you'd have plenty of support to do interesting work.

Princeton - So Felton is the big name here. I think it's interesting that they group PL with security and that seems to reflect itself in a lot of the types of research that happens here. If you want to do hardcore arch or systems security work, you're not going to find as much of that here as you might want. Not so much with the crypto either I would think... (though it's certainly there) That said, this is an interesting group because it's one of the most focused on things like policy and some very macro and global concerns and if you find technology policy as related to security interesting, then this is a great department for that part of the field.

Cornell and Brown - I'm grouping these together because my opinion of them is pretty similar. Their security research groups exist, have people doing work in them, but neither are really that good. No major projects or people. (with potentially the exception of Civitas at Cornell which is pretty big within secure voting, but secure voting isn't really really that impressive, it's a great problem, just not that impressive.) Cornell probably gets a slight nudge over Brown, but out of your list, these seem to definitely be on the lower end. This may just be because neither of them are doing any research I actually care about as I originally gave these schools 0-10 scores based on my own research interests.

Texas (UT-Austin, yes?) - When I looked at these guys the first reaction I had was "gee what's this big gaping hole doing where a good security group ought to be?" Their security group has a bunch of professor's names down, but only two of them are really legitimate security people. (Shmatikov and Walfish) It looks like Walfish was *just* hired so it seems UT-Austin is noticing the gaping hole in their department and working to fix it. That said, this also means Walfish has few publications under his belt right now and it remains to be seen whether he ends up making an impact. As for Shmatikov... well... he certainly publishes in good places, but I can't really say I liked his work much. Overall I think UT Austin's security group is underpowered and not that great, which was surprising for a department so well thought of for their other programs.

University of Maryland (College Park) - These guys don't even pretend to have a security group, which is good, because they don't. Arbaugh is a security guy, but he splits his time with Microsoft now and again and I wasn't actually that impressed with his work last time I saw him talk. It's not that he was bad, he just didn't really impress me that much... you certainly could do security work here, but it'd be tricky.

[longhorn]

Texas (UT-Austin, yes?) - When I looked at these guys the first reaction I had was "gee what's this big gaping hole doing where a good security group ought to be?" Their security group has a bunch of professor's names down, but only two of them are really legitimate security people. (Shmatikov and Walfish) It looks like Walfish was *just* hired so it seems UT-Austin is noticing the gaping hole in their department and working to fix it. That said, this also means Walfish has few publications under his belt right now and it remains to be seen whether he ends up making an impact. As for Shmatikov... well... he certainly publishes in good places, but I can't really say I liked his work much. Overall I think UT Austin's security group is underpowered and not that great, which was surprising for a department so well thought of for their other programs.

Dr. Brent Waters also joined UT recently as Assistant Professor.

[darkestfog]

UCSB has a decent security lab. Vigna and Kreugel are dedicated security system researchers, and quite a few other professors are active in security in combination with their other interests, such as Zhao. There is also a crypto professor, Koc.

[okrogius]

I looked at a bunch of these through the application process, I'll go ahead and post some of my notes and comments from when I was looking... I'm making a vague attempt to order them.

UWash - University of Washington, out of the schools you posted, probably has the best security team for systems and networking work. Their security group is large, has plenty of good people and does a lot of good work. If you're interested in doing systems security you should go here unless you really already have a relationship with a really good prof elsewhere and you know he wants to work with you.

JHU - JHU's close proximity to the capital and focus on government money provides them with a fertile funding environment. The reason this is important is because this allows JHU to recruit and do research at far greater levels than most schools around here in the rankings. These guys do research and they do a *lot* of it. Some of it is quite good and some of the people here are quite good, Avi Rubin in particular is well known and excellent. I actually really liked a lot of things about JHU, but I have a feeling while the quantity of research is vast, the quality may suffer some. That said, if you personally feel like you do top notch work without getting pushed to do so, then you may do very well here as given their funding numbers, I'd imagine you'd have plenty of support to do interesting work.

Princeton - So Felton is the big name here. I think it's interesting that they group PL with security and that seems to reflect itself in a lot of the types of research that happens here. If you want to do hardcore arch or systems security work, you're not going to find as much of that here as you might want. Not so much with the crypto either I would think... (though it's certainly there) That said, this is an interesting group because it's one of the most focused on things like policy and some very macro and global concerns and if you find technology policy as related to security interesting, then this is a great department for that part of the field.

Cornell and Brown - I'm grouping these together because my opinion of them is pretty similar. Their security research groups exist, have people doing work in them, but neither are really that good. No major projects or people. (with potentially the exception of Civitas at Cornell which is pretty big within secure voting, but secure voting isn't really really that impressive, it's a great problem, just not that impressive.) Cornell probably gets a slight nudge over Brown, but out of your list, these seem to definitely be on the lower end. This may just be because neither of them are doing any research I actually care about as I originally gave these schools 0-10 scores based on my own research interests.

Texas (UT-Austin, yes?) - When I looked at these guys the first reaction I had was "gee what's this big gaping hole doing where a good security group ought to be?" Their security group has a bunch of professor's names down, but only two of them are really legitimate security people. (Shmatikov and Walfish) It looks like Walfish was *just* hired so it seems UT-Austin is noticing the gaping hole in their department and working to fix it. That said, this also means Walfish has few publications under his belt right now and it remains to be seen whether he ends up making an impact. As for Shmatikov... well... he certainly publishes in good places, but I can't really say I liked his work much. Overall I think UT Austin's security group is underpowered and not that great, which was surprising for a department so well thought of for their other programs.

University of Maryland (College Park) - These guys don't even pretend to have a security group, which is good, because they don't. Arbaugh is a security guy, but he splits his time with Microsoft now and again and I wasn't actually that impressed with his work last time I saw him talk. It's not that he was bad, he just didn't really impress me that much... you certainly could do security work here, but it'd be tricky.

If you wouldn't mind, I'd appreciate your thoughts on UM Ann Arbor with respect to this comparison. Thanks.

[belowthree]

To be terribly honest I went to UMich Ann Arbor's website got a bad taste in my mouth, remembered that it snowed there and immediately stopped looking very far. Michigantrumpet could probably provide a much more informative view.

That said if you're interested: my initial impressions was that UMich is a great school for architecture and the rest of their programs aren't as excellent. I didn't really see a whole lot of security work going on here, but there might be some stuff I didn't catch. However, if you were interested in doing hardware security, this wouldn't be a bad place to go as their hardware group is exceptionally strong.

In the list above I'd probably have put it somewhere in the vicinity of Princeton.

I should mention again that everything I've said in this thread is based on my own impressions and changes depending on what I happen to find interesting while browsing a program's website or looking through a conference archive. Your own research interests are not going to be the same as mine and you're going to find different value in different programs. I ended up selecting a fairly low-ranked institution with an almost non-existent security group because I felt I would get more freedom to do my own work there and I think they have a chance of putting together a good security group over the next few years and I'd like to be a part of that. Your mileage not only may vary, but will.

[timuralp]

I didn't really see a whole lot of security work going on here, but there might be some stuff I didn't catch.

So, there is Farnam Jahanian's group, which looks at security in mobiles, enterprises, and they do some work with spam and botnets. You can read papers by Farnam's students like Jon Oberheide and Sushant Sinha to get a sense for the direction.

Then Atul Prakash is more interested in web security stuff. You can look at his publications.

Lastly, the latest faculty member with security focus is Alex Halderman who did the voting machine stuff that got so much publicity, the shift-key hack, the paper fingerprinting analysis.

Long story short, you can do security research here and actually do quite well.

Side note: Brown would be great if you want to do cryptography. Anna Lysyanskaya does a lot of good work, e.g. anonymous credentials, e-cash.