Collaborative

group_project

Visible to the public  SaTC: TTP: Small: Collaborative: Privacy-Aware Wearable-Assisted Continuous Authentication Framework

Submitted by selcuk on Thu, 10/12/2017 - 5:45pm

The login process for a mobile or desktop device does not guarantee that the person using it is necessarily the intended user. If one is logged in for a long period of time, the user's identity should be periodically re-verified throughout the session without impacting their experience, something that is not easily achievable with existing login and authentication systems. Hence, continuous authentication, which re-verifies the user without interrupting their browsing session, is essential.

group_project

Visible to the public TWC SBE: Medium: Collaborative: Incentive Compatible Wireless Security

Submitted by Randall Berry on Thu, 10/12/2017 - 3:21pm

Wireless connectivity has become the primary way most users access cyberspace. The wide use of the internet on wireless and mobile devices is further encouraged with new services that simultaneously engage and connect a large number of users. As a result, the society at large is quickly getting comfortable with the idea of conducting everyday lives on mobile devices most of which require communicating sensitive and confidential information over the wireless medium. Consequently, secure access to cyberspace necessitates wireless security.

group_project

Visible to the public STARSS: Small: Collaborative: Specification and Verification for Secure Hardware

Submitted by Randal Bryant on Thu, 10/12/2017 - 3:19pm

There is a growing need for techniques to detect security vulnerabilities in hardware and at the hardware-software interface. Such vulnerabilities arise from the use of untrusted supply chains for processors and system-on-chip components and from the scope for malicious agents to subvert a system by exploiting hardware defects arising from design errors, incomplete specifications, or maliciously inserted blocks.

group_project

Visible to the public TWC: TTP Option: Frontier: Collaborative: MACS: A Modular Approach to Cloud Security

Submitted by Ran Canetti on Thu, 10/12/2017 - 3:13pm

The goal of the Modular Approach to Cloud Security (MACS) project is to develop methods for building information systems with meaningful multi-layered security guarantees. The modular approach of MACS focuses on systems that are built from smaller and separable functional components, where the security of each component is asserted individually, and where the security of the system as a whole can be derived from the security of its components. The project concentrates on building outsourced, cloud-based information services with client-centric security guarantees.

group_project

Visible to the public SaTC: CORE: Medium: Collaborative: Scalable Dynamic Access Control for Untrusted Cloud Environments

Submitted by Steven Myers on Wed, 10/11/2017 - 4:19pm

When users store their data in the cloud, they take many privacy risks: Will the cloud storage provider allow others to see that data? If the user sets sharing rules for the data, will the cloud storage system follow those rules? Recent news stories of user data exfiltration from cloud storage systems show that users have reason for concern. Encrypting files before storing them in the cloud would provide strong protection, but this approach makes it very difficult for users to share data with others and to change their sharing policies.

group_project

Visible to the public SaTC: CORE: Medium: Collaborative: Privacy Attacks and Defense Mechanisms in Online Social Networks

Submitted by Zhi Tian on Wed, 10/11/2017 - 4:16pm

In online social networks, people and their connections often share personal information, such as demographics, interests, and opinions, and leave traces of their interaction with others and content in the network. Not everyone wants to share personal information; however, people's attributes are correlated with each other among themselves, with attributes of nearby people in the network, and between a person's accounts on different networks. These correlations create risks around inferring attributes people would rather keep private.

group_project

Visible to the public SaTC: CORE: Medium: Collaborative: Cryptographic Data Protection in Modern Systems

Submitted by Vitaly on Wed, 10/11/2017 - 4:10pm

Continuing major breaches and security compromises of computer systems motivate a promising new approach to data protection: encrypt the data so that even if stolen, it will be useless to the attacker, yet reveal just enough information about the data so that commodity systems such as databases and Web servers can still operate on it. This is called property-revealing encryption (PRE), and has already found its way to academic and commercial products that protect sensitive data in cloud services.

group_project

Visible to the public TWC: Small: Collaborative: Improving Android Security with Dynamic Slicing

Submitted by Rajiv Gupta on Wed, 10/11/2017 - 3:31pm

Mobile devices have been very successful and continue to expand their user base. However, the very features that have made these devices successful, e.g., rich sensor inputs (GPS, camera, microphone) and continuous Internet connectivity, have also made the devices a favorite target for attackers. Attacks can have many negative consequences, from stealing users' secrets to spying on the users or installing viruses that render devices inoperable.

group_project

Visible to the public SBE: Small: Collaborative: Modeling Insider Threat Behavior in Financial Institutions: Large Scale Data Analysis

Submitted by Raghav Rao on Wed, 10/11/2017 - 2:30pm

Insiders pose substantial threats to an organization, regardless of whether they act intentionally or accidentally. Because they usually possess elevated privileges and have skills, knowledge, resources, access and motives regarding internal systems and data, insiders can easily circumvent security countermeasures, steal valuable data, and cause damage. Perimeter and host-based countermeasures like firewalls, intrusion detection systems, and antivirus software are ineffective in preventing and detecting insider threats.

group_project

Visible to the public SaTC: CORE: Medium: Collaborative: Measuring the Value of Anonymous Online Participation

Submitted by Rachel Greenstadt on Wed, 10/11/2017 - 2:21pm

Many ordinary people desire anonymous communication for good reason, such as to keep their medical histories confidential or their finances to themselves. People in totalitarian countries may want to communicate about their views anonymously. This project could enable anonymous participation in spaces like Wikipedia and Reddit, while avoiding the negative social behaviors for these online communities of such participation.