Small

In today's world, private companies, hospitals, governments, and other entities frequently maintain large databases that would be hugely valuable to researchers in many fields. However, privacy concerns prevent these databases from being fully utilized. Differential privacy defines conditions under which information about these databases can be released while provably protecting the privacy of the individuals whose data they contain. This project develops differentially private hypothesis tests.

In recent years, fuzz testing has evolved as one of the most effective testing techniques for finding security vulnerabilities and correctness bugs in real-world software systems. It has been used successfully by major software companies for security testing and quality assurance. State-of-the-art fuzz testing tools have found numerous security vulnerabilities and bugs in widely used software such as Web browsers, network tools, image processors, popular system libraries, C compilers, and interpreters.

Computing on personal data is critical for both personal and social good. For example, we write programs that predict early onset medical conditions and detect the spread of diseases before they become epidemics. However, such computing is fraught with privacy concerns because programs, and the hardware they run on, create a trail of clues that an attacker can observe to reconstruct personal data without ever seeing the data directly. This project will create computer systems that proactively leave no clues, i.e., no side-effects that can leak personal secrets.

Defending against a malicious insider who attempts to abuse his computer privileges is one of the most critical problems facing the information security segment. This is because the damage inflicted is potentially catastrophic. While the insider threat is of increasing interest in the research community, major challenges remain in addressing aspects specific to information infrastructure protection. This project aims to develop an innovative, demonstrable approach to mitigate insider threats to an organization.

Software architecture plays a fundamental role in addressing security requirements by enforcing the necessary authentication, authorization, confidentiality, data integrity, privacy, accountability, availability and non-repudiation requirements, even when the system is under attack. Therefore, a design flaw in a software system's architecture could lead to attacks with enormous consequences. Most of the research, techniques, and tools that address security focus on secure coding.