CAREER

group_project

Visible to the public CAREER: A Policy-Agnostic Programming Framework for Statistical Privacy

Submitted by Jean Yang on Wed, 08/07/2019 - 9:11am

This project develops a new programming model that incorporates a theory of differential privacy. Differential privacy is a formulation of statistical privacy that protects individual data values while still allowing the release of results from privacy-preserving analyses. Prior work on language-based techniques for differential privacy has focused on preventing leaks, rejecting programs either statically, before they run, or dynamically, as they run, before they leak too much information.

group_project

Visible to the public CAREER: Graph-Based Security Analytics: New Algorithms, Robustness under Adversarial Settings, and Robustness Enhancements

Submitted by Neil Gong on Wed, 08/07/2019 - 9:09am

The goal of this project is to make graph-based security analytics practical and robust. General-purpose graph algorithms and graph-based machine learning methods have had some success when applied to a number of security problems ranging from detecting malicious websites and compromised devices in computer networks to detecting compromised or inauthentic accounts in social networks. However, because the existing methods are designed for generic contexts rather than for specific security problems, there is room to improve their performance in detecting bad actors in networks.

group_project

Visible to the public CAREER: Resilient Execution with Bounded-Time Recovery (REBOUND)

Submitted by linhphan on Wed, 08/07/2019 - 9:07am

This project develops new ways to defend critical infrastructure systems, such as factory control networks, medical devices, or power plants, against attacks. These systems directly interact with the physical world, so a successful attack can have serious consequences: for instance, a compromised chemical plant could have severe environmental consequences, and a compromised medical device could result in injury or death. Contemporary security mechanisms, however, can be inadequate for at two reasons.

group_project

Visible to the public CAREER: Machine Learning Assisted Crowdsourcing for Phishing Defense

Submitted by Gang Wang on Wed, 08/07/2019 - 9:00am

This project aims to address the growing threat of phishing attacks, messages that try to trick people into revealing sensitive information, by combining human and machine intelligence. Existing detection methods based on machine learning and blacklists are both brittle to new attacks and somewhat lenient, in order to avoid blocking legitimate messages; as a result, widely used email systems are vulnerable to carefully crafted phishing emails.

group_project

Visible to the public CAREER: Building Secure Decentralized Applications with Trusted Hardware and Blockchains

Submitted by Owen Arden on Tue, 08/06/2019 - 2:43pm

This project explores a new, integrated approach to securing decentralized applications. The key problem is that decentralized applications are executed by mutually distrusting entities in a decentralized distributed system (such as a blockchain), where the entities must collaborate to execute the desired computation, despite not trusting each other. Building decentralized applications is difficult and error prone because the low-level security mechanisms are too removed from the high-level policies, thus it is difficult for programmers to correctly implement the policies.

group_project

Visible to the public CAREER: Scalable Information Flow Monitoring and Enforcement through Data Provenance Unification

Submitted by Adam Bates on Tue, 08/06/2019 - 2:39pm

System intrusions have becoming more subtle and complex. Attackers now covertly observe and probe systems for prolonged periods before launching devastating attacks. In such an environment, it has grown prohibitively difficult for system administrators to identify suspicious events, correlate these events into an attack pattern, and determine an appropriate response.

group_project

Visible to the public CAREER: Principled and Practical Software Shielding against Advanced Exploits

Submitted by Michail Polychron... on Tue, 08/06/2019 - 2:37pm

The exploitation of memory corruption vulnerabilities in popular software is among the leading causes of system compromise and malware infection. While there are several reasons behind this proliferation of exploitable bugs, the reliance on unsafe programming languages such as C and C++ and the complexity of modern software play a major role.

group_project

Visible to the public CAREER: Supply Chain Security for Integrated Circuits

Submitted by Daniel Holcomb on Tue, 08/06/2019 - 2:33pm

The integrated circuits (ICs) that underpin critical systems in modern society are produced by a global supply chain that involves a variety of actors in many countries. Some of the actors are trusted, but others are not. Untrusted actors give rise to supply chain threats such as counterfeit ICs of uncertain quality or the possibility of malicious changes to the function of ICs. To secure electronic systems in defense, critical infrastructure, and healthcare, it is increasingly important to secure the global IC supply chain.

group_project

Visible to the public CAREER: Cryptography and Privacy in the Age of Quantum Computers

Submitted by Mark Zhandry on Tue, 08/06/2019 - 2:26pm

Quantum computers, which harness the peculiarities of quantum physics to solve hard computational problems, are poised to deliver significant and far-reaching impacts to cryptography and privacy. Significant progress is being made in developing these devices, indicating that quantum computing will likely be viable in the next couple decades. Once viable, quantum computers will open up new attack vectors that will render many current cryptosystems insecure.

group_project

Visible to the public CAREER: System Techniques to Improve Fuzzing Performance

Submitted by Taesoo Kim on Tue, 08/06/2019 - 2:19pm

Fuzzing is an automatic software-testing technique that repeatedly injects a randomly mutated input to a target program. Proven to be effective in finding bugs in complex, real-world programs, fuzzing has become a core technique for finding security vulnerabilities. There are now examples of major companies building large-scale, distributed fuzzing infrastructure, which runs on hundreds of virtual machines that relentlessly process over millions of test cases per day.