|
A Human Information-Processing Analysis of Online Deception... |
Human interaction is an integral part of any system. Users have daily interactions with a system and make many decisions that affect the overall state of security. The fallibility of users has been shown but there is little research focused on the... |
|
A Science of Timing Channels in Modern Cloud Environments |
The eventual goal of our research is to develop a principled design for comprehensively mitigating access-driven timing channels in modern compute clouds, particularly of the "infrastructure as a service" (IaaS) variety. This type of cloud permits the... |
|
An Adoption Theory of Secure Software Development Tools |
Programmers interact with a variety of tools that help them do their jobs, from "undo" to FindBugs' security warnings to entire development environments. However, programmers typically know about only a small subset of tools that are available, even when... |
|
An Investigation of Scientific Principles Involved in Attack... |
High-assurance systems, for which security is especially critical, should be designed to a) auto-detect attacks (even when correlated); b) isolate or interfere with the activities of a potential or actual attack; and (3) recover a secure state and... |
|
An Investigation of Scientific Principles Involved in Softwa... |
Fault elimination part of software security engineering hinges on pro-active detection of potential vulnerabilities during software development stages. This project is currently working on a) an attack operational profile definition based on known... |
|
Argumentation as a Basis for Reasoning about Security |
This project involves the application of argumentation techniques for reasoning about policies, and security decisions in particular. Specifically, we are producing a security-enhanced argumentation framework that (a) provides not only inferences to draw... |
|
Attack Surface and Defense-in-Depth Metrics |
|
|
Attaining Least Privilege Through Automatic Partitioning of... |
This project investigates the hard problem of resilient architectures from the standpoint of enabling new potential for incorporating privilege separation into computing systems. However, privilege separation alone is insufficient to achieve strong... |
|
Automated Synthesis of Resilient Architectures |
|
|
Developing a User Profile to Predict Phishing Susceptibility... |
Phishing has become a serious threat in the past several years, and combating it is increasingly important. Why do certain people get phished and others do not? In this project, we aim to identify the factors that cause people to be susceptible and... |
