Activity Stream

CMU Science of Security Lablet Research Initiative

page

Visible to the public CMU SoS 2013 Quarterly Lablet PI Meeting

Submitted by Jamie Presken on Wed, 09/25/2013 - 9:00am

Science of Security Quarterly Lablet PI Meeting
September 26-27, 2013 | Gates Hillman Center, Room 4405 | 8:30 am – 4:30 pm

 

    Day 1: September 26, 2013:  Open Workshop Sessions

group_project

Visible to the public Geo-Temporal Characterization of Security Threats

Submitted by kathleen.carley on Wed, 01/30/2013 - 10:17am

Cyber security is a global phenomenon. For example, recent socially-engineered attacks that target CEOs of global corporations appear to be instigated by the Chinese group dubbed the "comment crew." In their 2011 survey Symantec found that the number one cyber risk business concern was external cyber-attacks, followed by concerns about both unintentional insider error (2nd risk) and intentional insider error ( 3rd risk).

group_project

Visible to the public Race Vulnerability Study and Hybrid Race Detection

Submitted by JonathanAldrich on Thu, 01/24/2013 - 9:32am

The prevalence of multi-core systems has resulted in increasingly common concurrency faults, challenging computer systems' reliability and security. Races, including low-level data races and high-level atomicity violations, are one of the most common concurrency faults. Races impair not only the correctness of programs, but may also threaten system security in a variety of ways. It is therefore critical to efficiently and precisely detect races in order to defend against attacks.

group_project

Visible to the public Composability of Big Data and Algorithms for Social Networks Analysis Metrics

Submitted by Pfeffer Juergen on Mon, 01/21/2013 - 2:34pm

Applying social network analysis to Social Media data supports better assessment of cyber-security threats by analyzing underground Social Media activities, dynamics between cyber-criminals, and topologies of dark networks. However, Social Media data are big and state of the art algorithms for social network analysis metrics require >=O(n + m) space and run in >=O(nm) time - some in O(n^2) or O(n^3) - with n = number of nodes, m = number of edges.

group_project

Visible to the public Trust from Explicit Evidence; Integrating Digital Signatures and Formal Proofs

Submitted by Pfenning Frank on Wed, 11/07/2012 - 8:27pm

ABOUT THE PROJECT:

OUR TEAM:

Frank Pfenning

group_project

Visible to the public Using Crowdsourcing to analyze and Summarize the Security of Mobile Applications

Submitted by Heather Lucas on Wed, 11/07/2012 - 8:27pm

ABOUT THE PROJECT:

OUR TEAM:

Norman Sadeh

group_project

Visible to the public Systematic Testing of Distributed and Multi-Threaded Systems at Scale

Submitted by Garth Gibson on Wed, 11/07/2012 - 8:26pm

ABOUT THE PROJECT:

OUR TEAM:

Garth Gibson

group_project

Visible to the public USE: User Security Behavior

Submitted by Heather Lucas on Wed, 11/07/2012 - 8:02pm

Our ability to design appropriate information security mechanisms and sound security policies depends on our understanding of how end-users actually behave. To improve this understanding, we will establish a large panel of end-users whose complete online behavior will be captured, monitored, and analyzed over an extended period of time.

group_project

Visible to the public Architecture-based Self Securing Systems

Submitted by David Garlan on Wed, 11/07/2012 - 8:01pm

An important emerging trend in the engineering of complex software-based systems is the ability to incorporate self-adaptive capabilities. Such systems typically include a set of monitoring mechanisms that allow a control layer to observe the running behavior of a target system and its environment, and then repair the system when problems are detected.

group_project

Visible to the public Learned Resiliency: Secure Multi-Level Systems

Submitted by kathleen.carley on Wed, 11/07/2012 - 7:58pm

The objective of this project is to develop a theory of system resiliency for complex adaptive socio-technical systems. A secondary objective is to develop the modeling framework and associated metrics for examining the resiliency of complex socio-technical systems in the face of various cyber and non-cyber attacks, such that the methodology can be used to support both basic level simulation

group_project

Visible to the public Security Reasoning for Distributed Systems with Uncertainties

Submitted by Heather Lucas on Wed, 11/07/2012 - 7:56pm
Phenomena like Stuxnet make apparent to the public what experts knew long ago: security is not an isolated question of securing a single door against lockpicking or securing a single computer against a single hacker trying to gain access via a single network activity. Because the strength of a security system is determined by its weakest link, security is much more holistic and affects more and more elements of a system design.
group_project

Visible to the public Secure Composition of Systems and Policies

Submitted by Heather Lucas on Wed, 11/07/2012 - 7:47pm

Compositional security is a recognized central scientific challenge for trustworthy computing. Contemporary systems are built up from smaller components. However, even if each component is secure in isolation, the composed system may not achieve the desired end-to-end security property: an adversary may exploit complex interactions between components to compromise security. Such attacks have shown up in the wild in many different settings, including web browsers and infrastructure, network protocols and infrastructure, and application and systems software.

group_project

Visible to the public Improving the Usability of Security Requirements by Software Developers through Empirical Studies and Analysis

Submitted by Travis Breaux on Mon, 10/15/2012 - 6:46pm

Secure software depends upon the ability of software developers to respond to security risks early in the software development process. Despite a wealth of security requirements, often called security controls, there is a shortfall in the adoption and implementation of these requirements. This shortfall is due to the extensive expertise and higher level cognitive skillsets required to comprehend, decompose and reassemble security requirements concepts in the context of an emerging s

group_project

Visible to the public A Language and Framework for Development of Secure Mobile Applications

Submitted by JonathanAldrich on Mon, 10/15/2012 - 6:43pm

Mobile applications are a critical emerging segment of the software industry, and security for web-based mobile applications is of increasing concern. We hypothesize that many of the most important security vulnerabilities in web-based mobile applications are a consequence of expressing programs at a low level of abstraction, in which important security properties are implicit and only indirectly related to code. In order to test this hypothesis, we are building a system for expressing web-based mobile applications at a higher level of abstraction, in which security properties a

page

Visible to the public CMU Lablet Homepage

Submitted by scherlis on Fri, 07/27/2012 - 9:02am

CMU'S SCIENCE OF SECURITY LABLET INITIATIVE

The broad goal of the Science of Security Lablet (SOSL) is to identify scientific principles that can lead to approaches to the development, evaluation, and evolution of secure systems at scale. The focus on scalability derives from a recognition that modern software-intensive systems have more components and a greater diversity of suppliers.

page

Visible to the public Lorrie Faith Cranor

Submitted by ttodd on Fri, 06/29/2012 - 12:44pm

Lorrie Faith Cranor is an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab and Usable Privacy and Security Laboratory (CUPS).

page

Visible to the public USE: User Security Behavior

Submitted by ttodd on Fri, 06/29/2012 - 12:41pm

Team: Lorrie Cranor, Nicolas Christian, Alessandro Acquisti, Rahul Telang

Abstract:

page

Visible to the public Travis Breaux

Submitted by ttodd on Fri, 06/29/2012 - 12:31pm

Travis D. Breaux is an Assistant Professor of Computer Science, appointed in the Institute for Software Research of the School of Computer Science at Carnegie Mellon University (CMU), and Director of CMU's Requirements Engineering Laboratory. Dr.

page

Visible to the public Improving the Usability of Security Requirements by Software Developers through Empirical Studies and Analysis

Submitted by ttodd on Fri, 06/29/2012 - 12:27pm

Team: Travis Breaux, Laurie Williams, Jianwei Niu

Hard Problem:

page

Visible to the public Anupam Datta & Team

Submitted by ttodd on Fri, 06/29/2012 - 12:13pm

Anupam Datta is an Assistant Research Professor at Carnegie Mellon University where he has appointments in CyLab, Electrical & Computer Engineering, and (by courtesy) Computer Science Departments. He is currently based in the Carnegie Mellon Silicon Valley Campus. His research focuses on the scientific foundations of security and privacy. Dr.