Past Projects
| Project Title | |
|---|---|
| Does the Presence of Honest Users Affect Intruder Behavior? | More appropriate and efficient security solutions against system trespassing incidents can be developed once the attack threat is better understood. However, few empirical studies exist to assess the attack threat. Our proposed research applies "soft... |
| Empirical Models for Vulnerabilities and Attacks | The security of deployed and actively used systems is a moving target, influenced by factors that are not captured in the existing security models and metrics. For example, estimating the number of vulnerabilities in source code does not account for the... |
| Human Behavior and Cyber Vulnerabilities | Past studies have shown that vulnerabilities in software are often exploited for years after the existence of the vulnerability is disclosed. Our project will leverage Symantec's WINE data set to understand the rate at which vulnerabilities are patched... |
| Reasoning about Protocols with Human Participants | Existing protocol analysis are typically confined to the electronic messages exchanged among computer systems running at the endpoints. In this project we take a broader view in which a protocol additionally encompasses both physical technologies as well... |
| Trust, Recommendation Systems, and Collaboration | Our goal is to develop a transormational framework for a science of trust, and its impact on local policies for collaboration, in networked multi-agent systems. The framework will take human bahavior into account from the start by treating humans as... |
| Trustworthy and Composable Software Systems with Contracts | Over the past decade, language-based security mechanisms--such as type systems, model checkers, symbolic executors, and other program analyses--have been successfully used to uncover or prevent many important (exploitable) software vulnerabilities, such... |
| Understanding Developers' Reasoning about Privacy and S... | Cloud and mobile computing creates new platforms where applications developed by third-party vendors can access users' devices and computer users' private data. Examples include iPhone and Android apps, and cloud-based application marketplaces. This... |
| User-Centered Design for Security | Human choice and behavior are critical to the effectiveness of many security systems; unfortunately, security designers often take little consideration of user preferences, perceptions, abilities, and usability workflow. To address these challenges, we... |
| Verification of Hyperproperties |
Hyperproperties [Clarkson and Schneider 2010] can express security policies, such as secure information flow and service level agreements, which the standard kinds of trace properties used in program verification cannot. Our objective is to develop... |