Activity Stream

Recent Posts

group_project

Visible to the public An Investigation of Scientific Principles Involved in Software Security Engineering

Submitted by Laurie Williams on Wed, 02/26/2014 - 3:35pm

Fault elimination part of software security engineering hinges on pro-active detection of potential vulnerabilities during software development stages.

group_project

Visible to the public Normative Trust Toward a Principled Basis for Enabling Trustworthy Decision Making

Submitted by mpsingh on Wed, 02/26/2014 - 3:44pm

This project seeks to develop a deeper understanding of trust than is supported by current methods, which largely disregard the underlying relationships based on which people trust or not trust each other. Accordingly, we begin from the notion of what we term normative relationships--or norms for short--directed from one principal to another. An example of a normative relationship is a commitment: is the first principal committed to doing something for the second principal?

group_project

Visible to the public Low-level Analytics Models of Cognition for Novel Security Proofs

Submitted by vouk on Wed, 02/26/2014 - 3:46pm

A key concern in security is identifying differences between human users and "bot" programs that emulate humans. Users with malicious intent will often utilize wide-spread computational attacks in order to exploit systems and gain control. Conventional detection techniques can be grouped into two broad categories: human observational proofs (HOPs) and human interactive proofs (HIPs).

group_project

Visible to the public An Adoption Theory of Secure Software Development Tools

Submitted by emerson on Wed, 02/26/2014 - 3:47pm

Programmers interact with a variety of tools that help them do their jobs, from "undo" to FindBugs' security warnings to entire development environments. However, programmers typically know about only a small subset of tools that are available, even when many of those tools might be valuable to them. In this project, we investigate how and why software developers find out about -- and don't find out about -- software security tools. The goal of the project is to help developers use more relevant security tools, more often.

TEAM

group_project

Visible to the public Modeling the risk of user behavior on mobile devices

Submitted by watsonb on Wed, 02/26/2014 - 3:48pm

It is already true that the majority of users' computing experience is a mobile one. Unfortunately that mobile experience is also more risky: users are often multitasking, hurrying or uncomfortable, leading them to make poor decisions. Our goal is to use mobile sensors to predict when users are distracted in these ways, and likely to behave insecurely. We will study this possibility in a series of lab and field experiments.

TEAM

PIs: Benjamin Watson, Will Enck, Anne McLaughlin, Michael Rappa

group_project

Visible to the public An Investigation of Scientific Principles Involved in Attack-Tolerant Software

Submitted by vouk on Wed, 02/26/2014 - 3:51pm

High-assurance systems, for which security is especially critical, should be designed to a) auto-detect attacks (even when correlated); b) isolate or interfere with the activities of a potential or actual attack; and (3) recover a secure state and continue, or fail safely. Fault-tolerant (FT) systems use forward or backward recovery to continue normal operation despite the presence of hardware or software failures. Similarly, an attack-tolerant (AT) system would recognize security anomalies, possibly identify user "intent", and effect an appropriate defense and/or isolation.

group_project

Visible to the public A Science of Timing Channels in Modern Cloud Environments

Submitted by reiter on Wed, 02/26/2014 - 3:43pm

The eventual goal of our research is to develop a principled design for comprehensively mitigating access-driven timing channels in modern compute clouds, particularly of the "infrastructure as a service" (IaaS) variety. This type of cloud permits the cloud customer to deploy arbitrary guest virtual machines (VMs) to the cloud. The security of the cloud-resident guest VMs depends on the virtual machine monitor (VMM), e.g., Xen, to adequately isolate guest VMs from one another.

event

Visible to the public  2016 Science of Security Summer Workshop @ NCSU
Jun 02, 2016 9:00 am - Jun 03, 2016 2:30 pm EDT

Submitted by drwright on Fri, 04/08/2016 - 1:11pm

The NCSU Science of Security Lablet 2016 Summer Workshop will be held June 2 & 3 in room 3211 of Engineering Building 2 on the NCSU Centennial Campus. The general theme of this year's Summer Workshop is "Translating Science of Security Research to Industry."

event

Visible to the public  2017 NC State Healthcare IT Forum
Apr 12, 2017 10:00 am - 2:30 pm EDT

Submitted by drwright on Fri, 02/17/2017 - 11:51am

The NC State Science of Security Lablet will host its annual Healthcare IT Forum on Wednesday, April 12 from 10:00 am - 2:30 pm. The Forum will include presentations from members of the healthcare community and others involved in research and development of solutions to Healthcare IT issues, with an emphasis on security-related issues.

event

Visible to the public  NC State Science of Security Community Forum
Oct 20, 2016 10:00 am - 3:00 pm EDT

Submitted by drwright on Tue, 09/13/2016 - 10:33am

The NC State University Science of Security Lablet will hold our annual Fall Community Forum on Thursday, October 20, 2016.

The Forum will feature short presentations from students and faculty highlighting the many Science of Security research projects currently operating within the Lablet, as well as guest presentations from some of our partners.