CAREER

group_project

Visible to the public CAREER: Contextual Protection for Private Data Storage and Retrieval

Submitted by Christopher Kanich on Wed, 10/18/2017 - 6:26pm

This research is building an understanding of what data is useful to attackers and what data is private for its legitimate owners so that security systems can incorporate these values into a data-driven, defense-in-depth approach to securing our digital lives. We are exploiting the fact that both users and attackers must sift through vast amounts of data to find useful information.

group_project

Visible to the public CAREER: Towards Practical Systems for Trustworthy Cloud Computing

Submitted by cpap on Wed, 10/18/2017 - 5:44pm

An increasing number of individuals, enterprises, and governments migrate their data and applications to the cloud. Computations delegated to the cloud may return erroneous results, outsourced files may be lost or discarded, and sensitive information may be arbitrarily accessed for advertising purposes. This project enhances the ability of cloud companies to integrate advanced protection mechanisms into their products, benefiting the online safety of cloud clients.

group_project

Visible to the public CAREER: Applying a Criminological Framework to Understand Adaptive Adversarial Decision-Making Processes in Critical Infrastructure Cyberattacks

Submitted by arege on Mon, 10/16/2017 - 4:43pm

Infrastructure systems (such as power, water and banking) have experienced a surge in cyberattacks over the past decade. These attacks are becoming more sophisticated and resilient, suggesting that the perpetrators are intelligent, determined and dynamic. Unfortunately, current cyberdefense measures are reactive and frequently ineffective. Defenders need to move to a proactive approach, which will require an understanding of the human characteristics and behaviors of the people behind these cyberattacks.

group_project

Visible to the public CAREER: PROTEUS: A Practical and Rigorous Toolkit for Privacy

Submitted by mvnak on Mon, 10/16/2017 - 4:31pm

Statistical privacy, or the problem of disclosing aggregate statistics about data collected from individuals while ensuring the privacy of individual level sensitive properties, is an important problem in today's age of big data. The key challenge in statistical privacy is that applications for data collection and analysis operate on varied kinds of data, and have diverse requirements for the information that must be kept secret, and the adversaries that they must tolerate.

group_project

Visible to the public CAREER: Non-Commutative Cryptography from Hard Learning Problems: Theory and Practice

Submitted by Antonio Nicolosi on Mon, 10/16/2017 - 3:00pm

The resiliency of much of the modern information technology ecosystem is predicated on the strength of the cryptographic constructions at its core. Uncovering new intractable problems suitable for cryptosystem design enhances the robustness of the overall infrastructure to breakthroughs like the development of quantum computers or unforeseen cryptanalytic advances against any specific computational problem.

group_project

Visible to the public CAREER: User-Centered Multiparty Access Control for Collective Content Management

Submitted by Anna Squicciarini on Mon, 10/16/2017 - 2:52pm

This CAREER project will develop models and techniques to facilitate controlled information sharing of users' data in domains where the data is associated with and co-managed by multiple users, such as bio-repositories, remote teleworking, and social computing.

group_project

Visible to the public CAREER: Automated Analysis of Security Hyperproperties

Submitted by Rohit Chadha on Mon, 10/16/2017 - 2:47pm

Computer programs and cryptographic protocols are increasingly being used to access confidential and private information on the Internet. Due to their complex nature, they often have subtle errors that can be exploited by malicious entities. As security flaws can have serious consequences, it is important to ensure that computer programs and cryptographic protocols achieve their security objectives.

group_project

Visible to the public CAREER: Sustainable Censorship Resistance Systems for the Next Decade

Submitted by Amir Houmansadr on Mon, 10/16/2017 - 1:57pm

The Internet enables people around the world to communicate, fostering free speech, a free press, and democracy. For billions of people, however, the freedom to communicate via the Internet is regulated, monitored and restricted by governments or corporations. To combat such censorship, researchers have designed and deployed a variety of censorship circumvention systems. Unfortunately, such systems have been designed based on ad hoc heuristics (rather than on solid, theoretical foundations) and can be defeated by typical state-level censors.

group_project

Visible to the public CAREER: UCPriv: User-Centric Privacy Management

Submitted by Adam Lee on Mon, 10/16/2017 - 10:15am

To date, the application of quantitative security and privacy metrics metrics has seen its greatest successes when exploring the worst-case properties of a system. That is, given a powerful adversary, to what extent does the system preserve some relevant set of properties? While such analyses allow experts to build systems that are resistant to strong attackers, many deployed systems were not designed in this manner. In fact, there is growing evidence that users' privacy is routinely compromised as a byproduct of using social, participatory, and distributed applications.

group_project

Visible to the public CAREER: Next Generation Black-Box Web Application Vulnerability Analysis

Submitted by Adam Doupe on Thu, 10/12/2017 - 5:21pm

Recent sensitive data breaches are caused by overlooked vulnerabilities in web applications. To secure their web applications, companies typically hire professional hackers to break into their web applications. While this process finds vulnerabilities, it is costly and does not scale. Black-box vulnerability scanners attempt to automate this process. By treating the web application as a black-box (no knowledge of the source code of the application), these tools can discover unknown vulnerabilities.