CAREER

group_project

Visible to the public CAREER: Efficient Fuzzing with Neural Program Smoothing

Submitted by Suman Jana on Wed, 08/07/2019 - 12:33pm

Fuzzing is an automated software testing technique that involves feeding a stream of invalid, unexpected, or rare data as inputs to a computer program for discovering bugs leading to crashes, assertion failures, or memory corruption. Fuzzing is the de facto standard technique for finding software vulnerabilities. However, despite their tremendous promise, popular fuzzers, especially for large programs, often tend to get stuck trying redundant test inputs and struggle to find security vulnerabilities hidden deep into the program logic.

group_project

Visible to the public CAREER: FormalDP: Formally Verified, Private, Accurate and Efficient Data Analysis

Submitted by Marco Gaboardi on Wed, 08/07/2019 - 12:30pm

Data-driven technology is having an impressive impact on society but privacy concerns restrict the way data can be used and released. Differential privacy has emerged as a leading notion supporting efficient and accurate data analyses that respect privacy. But designing and implementing efficient differentially private data analyses with high utility can be challenging and error prone. Even privacy experts have released code with bugs or designed incorrect algorithms.

group_project

Visible to the public CAREER: Securing Cyberspace: Gaining Deep Insights into the Online Underground Ecosystem

Submitted by Yanfang Ye on Wed, 08/07/2019 - 12:24pm

As the Internet becomes increasingly ubiquitous, it offers a low-risk harbor for cybercrime -- illegal activities such as hacking and online scams. Cybercrime is increasingly enabled by an online underground ecosystem, within which are anonymous forums and so-called dark web platforms for cybercriminals to exchange knowledge and trade in illicit products and services.

group_project

Visible to the public CAREER: Amplifying Developer-Written Tests for Code Injection Vulnerability Detection

Submitted by Jonathan Bell on Wed, 08/07/2019 - 12:22pm

Code injection vulnerabilities are a class of security vulnerabilities that have been exploited increasingly often, including in the high-profile 2017 Equifax breach as well as in many recent attacks on our country's election and financial systems. These vulnerabilities are very tricky to detect, and there are no existing automated techniques to protect critical software from being released with these dangerous flaws. This project is developing new and transformative approaches for detecting code injection vulnerabilities in complex, large-scale systems.

group_project

Visible to the public CAREER: Towards Automated Security Vulnerability and Patch Management for Power Grid Operations

Submitted by qinghual on Wed, 08/07/2019 - 10:33am

The power grid is a critical infrastructure for national security, the economy, and daily life, and faces many cybersecurity threats. A proof-of-concept attack hit the Ukraine in 2015, and cut off the power supply to hundreds of thousands of people for several hours. In many successful cyber attacks so far, security vulnerabilities in software have played an important role, exposing systems to attackers who aim to compromise and hence control the system.

group_project

Visible to the public CAREER: Parameter Obfuscation: A Novel Methodology for the Protection of Analog Intellectual Property

Submitted by Ioannis Savidis on Wed, 08/07/2019 - 10:29am

Hardware security, specifically the protection of integrated circuit intellectual property (IP), has gained importance as adversaries have the financial and experiential means to reverse engineer and replicate competitors' IP. Significant research effort has been devoted to protecting digital circuits, but the protection of analog circuits from an adversary has largely been ignored. The focus of this work is to explore techniques to enhance the security of analog circuits from attacks such as reverse engineering and cloning, both of which can lead to IP theft.

group_project

Visible to the public CAREER: Science of Security for Mobile User Authentication

Submitted by jannel on Wed, 08/07/2019 - 10:27am

Mobile devices contain a collection of personal, private, and financial information that, if accessed by an unauthorized user, has the potential to be severely compromising. Thus, it is important for mobile devices to verify whether their users are allowed to access the device and its services. We call this mobile authentication, and it is frequent, prevalent, and necessary. The need to protect data from unauthorized access is important to understand, irrespective of whether an end-user ultimately opts out of using authentication.

group_project

Visible to the public CAREER: The Role of Emotion and Social Motives in Communicating Risk: Implications for User Behavior in the Cyber Security Context

Submitted by Mohammad Khan on Wed, 08/07/2019 - 10:20am

Prior research notes that many cyberattacks are preventable if end users take precautionary measures, such as keeping systems updated, but they often fail to do so. This proposal builds upon theories of risk communication, emotional intelligence, and self-determination to design new approaches to cybersecurity risk communication and training. The goals are to enable users to assess risks, costs, and benefits consistently and correctly, to promote task-focused coping responses, and to facilitate their internalization of values, promoting spontaneous diffusion of cybersecurity knowledge.

group_project

Visible to the public CAREER: Taming the Side-Channel Hazards in the Shielded Execution Paradigm

Submitted by Yinqian Zhang on Wed, 08/07/2019 - 10:15am

Intel's Software Guard Extension (SGX) is a hardware extension available in recent Intel processors, which provides software applications with shielded execution environments, called enclaves, to protect their confidentiality and integrity against compromised operating systems. The wide adoption of SGX will foster a shielded execution paradigm for enhancing software security in situations where the operating systems are not entirely trusted, such as public clouds.

group_project

Visible to the public CAREER: Encrypted Computation

Submitted by Daniel Wichs on Wed, 08/07/2019 - 10:13am

Traditionally, the main goal of cryptography has been to secure data in transit over an insecure channel, by providing the digital analogue of a "lock box" that can only be unlocked by the intended recipient but whose contents cannot be observed or manipulated by anyone else. In recent years, new technologies and applications such as the rise of cloud computing are forcing us to fundamentally change our perspective.