CAREER

Numerous technical and environmental forces are increasing the importance of data privacy for businesses and individuals alike. These forces include the migration of data to Web services, the permanent archiving of large volumes of data and communications by services and ISPs, and legal actions that are forcing individuals and organizations to reveal private (and even encrypted) data. Traditional encryption is an insufficient solution under these conditions, thereby creating new challenges to preserving our digital privacy in an increasingly inter-connected and digital world.

Computer systems security is an arms race between defenders and attackers that has mainly been confined to software technologies. Increases in the complexity of hardware and the rising number of transistors per chip have created opportunities for hardware-based security threats. Among the most pernicious are malicious hardware footholds inserted at design time, which an attacker can use as the basis of a computer system attack. This project explores of the feasibility of foothold attacks and a fundamental design-time methodology for defending against them.

Millions of computers worldwide are estimated to be infected by malware (malicious software) and have become ? unknown to their owners ? part of an army of dangerous ?bots?, which are software applications that run automated tasks over the Internet controlled by cyber criminals. These infected computers are coordinated and used by attackers to launch illegal and destructive network activities including identity theft, sending spam (estimated 100 billion spam messages every day), launching distributed denial of service attacks, and committing click fraud.

To better articulate privacy as a dynamic and dialectic phenomenon in a Web 2.0 world, this project proposes a set of basic empirical research activities to investigate three aspects of privacy in online social networks: conceptualization, intervention, and awareness.

Since the seminal work of Shannon in 1949 cryptography has been founded on unproven computational complexity. The security of cryptographic systems could fall apart if the assumptions behind their design turn out to be false. Thus, it is crucial to base the security of crypto-systems on weakest possible assumptions. A main component of finding minimal assumptions is to ``separate'' cryptographic tasks from assumptions that are weaker than those used in constructions. In light of recent developments in cryptography, the following two directions will be pursued: