Collaborative

group_project

Visible to the public SaTc: EDU: Collaborative: An Assessment Driven Approach to Self-Directed Learning in Secure Programming (SecTutor)

The field of software development needs developers to write secure code, as well as to continuously respond to evolving threats and adapt system designs to meet new security needs. This requires developers to gain a deep understanding of foundational concepts in secure programming, and continuously learn and practice defensive, secure, and robust coding.

group_project

Visible to the public SaTC: EDU: Collaborative: An Assessment Driven Approach to Self-Directed Learning in Secure Programming (SecTutor)

The field of software development needs developers to write secure code, as well as to continuously respond to evolving threats and adapt system designs to meet new security needs. This requires developers to gain a deep understanding of foundational concepts in secure programming, and continuously learn and practice defensive, secure, and robust coding.

group_project

Visible to the public EAGER: Collaborative: Machine-Learning based Side-Channel Attack and Hardware Countermeasures

Digital Encryption is typically performed by specialized circuits to ensure confidentiality and integrity of data. While encryption is mathematically robust, the circuits encrypting data may leak information via the amount of the power drawn from the supply, and the amount of electromagnetic (EM) radiation that emanates from the circuit. This is known as side-channel leakage. An attacker may be able to unravel the secret cryptographic information by analyzing the side-channel leakage, thereby compromising security. Newer analysis techniques based on machine-learning make the attack easier.

group_project

Visible to the public EAGER: Collaborative: Machine-Learning based Side-Channel Attack and Hardware Countermeasures

Digital Encryption is typically performed by specialized circuits to ensure confidentiality and integrity of data. While encryption is mathematically robust, the circuits encrypting data may leak information via the amount of the power drawn from the supply, and the amount of electromagnetic (EM) radiation that emanates from the circuit. This is known as side-channel leakage. An attacker may be able to unravel the secret cryptographic information by analyzing the side-channel leakage, thereby compromising security. Newer analysis techniques based on machine-learning make the attack easier.

group_project

Visible to the public TWC: Medium: Collaborative: Seal: Secure Engine for AnaLytics - From Secure Similarity Search to Secure Data Analytics

Many organizations and individuals rely on the cloud to store their data and process their analytical queries. But such data may contain sensitive information. Not only do users want to conceal their data on a cloud, they may also want to hide analytical queries over their data, results of such queries, and data access patterns from a cloud service provider (that may be compromised either from within or by a third party).

group_project

Visible to the public SaTC: CORE: Medium: Collaborative: Cryptographic Data Protection in Modern Systems

Continuing major breaches and security compromises of computer systems motivate a promising new approach to data protection: encrypt the data so that even if stolen, it will be useless to the attacker, yet reveal just enough information about the data so that commodity systems such as databases and Web servers can still operate on it. This is called property-revealing encryption (PRE), and has already found its way to academic and commercial products that protect sensitive data in cloud services.

group_project

Visible to the public SaTC: CORE: Medium: Collaborative: Presentation-attack-robust biometrics systems via computational imaging of physiology and materials

Many physical characteristics, such as face, fingerprints, and iris as well as behavioral characteristics such as voice, gait, and keystroke dynamics, are believed to be unique to an individual. Hence, biometric analysis offers a reliable solution to the problem of identity verification. It is now widely acknowledged that biometric systems are vulnerable to manipulation where the true biometric is falsified using various attack strategies; such attacks are referred to as Presentation Attacks (PAs).

group_project

Visible to the public SaTC: CORE: Medium: Collaborative: Toward Enforceable Data Usage Control in Cloud-based IoT Systems

In the upcoming evolution of the Internet of Things (IoT), it is anticipated that billions of devices will be connected to the Internet. While IoT promises a more connected and smarter world, this pervasive large-scale data collection, storage, sharing, and analysis raise many privacy concerns. In the current IoT ecosystem, IoT service providers have full control of the collected user data. They use the data for smart IoT system and device control. They could also use the data for other purposes not consented to by the users.

group_project

Visible to the public SaTC: CORE: Medium: Collaborative: Toward Enforceable Data Usage Control in Cloud-based IoT Systems

In the upcoming evolution of the Internet of Things (IoT), it is anticipated that billions of devices will be connected to the Internet. While IoT promises a more connected and smarter world, this pervasive large-scale data collection, storage, sharing, and analysis raise many privacy concerns. In the current IoT ecosystem, IoT service providers have full control of the collected user data. They use the data for smart IoT system and device control. They could also use the data for other purposes not consented to by the users.

group_project

Visible to the public SaTC: CORE: Medium: Collaborative: Doctor WHO: Investigation and Prevention of Online Content Management System Abuse

Over half of the world's 1.8 billion websites run on Content Management Systems (CMS). Unfortunately, CMS deployments make easy targets for attackers, as they are built from an amalgam of layered software and interpreters, with varying degrees of network and system permissions, which execute on an Internet-facing web server.