Division of Computer and Network Systems (CNS)
group_project
Submitted by linhphan on Wed, 08/07/2019 - 9:07am
This project develops new ways to defend critical infrastructure systems, such as factory control networks, medical devices, or power plants, against attacks. These systems directly interact with the physical world, so a successful attack can have serious consequences: for instance, a compromised chemical plant could have severe environmental consequences, and a compromised medical device could result in injury or death. Contemporary security mechanisms, however, can be inadequate for at two reasons.
group_project
Submitted by Gang Wang on Wed, 08/07/2019 - 9:00am
This project aims to address the growing threat of phishing attacks, messages that try to trick people into revealing sensitive information, by combining human and machine intelligence. Existing detection methods based on machine learning and blacklists are both brittle to new attacks and somewhat lenient, in order to avoid blocking legitimate messages; as a result, widely used email systems are vulnerable to carefully crafted phishing emails.
group_project
Submitted by Kelsy Kretschmer on Tue, 08/06/2019 - 3:50pm
Grassroots groups seek to protect their digital security but also to be transparent and open, and to affirm their legitimacy and authority. This research will examine how organizations and groups shape the ways they balance what may be conflicting needs to avoid censure and harassment while being open enough to encourage trust and participation. The research will examine the role of organizational structure and digital security practices, and to uncover processes, practices, or behaviors that increase or reduce security threats to online groups.
group_project
Submitted by Mayank Varia on Tue, 08/06/2019 - 3:18pm
This interdisciplinary project investigates whether existing cryptographic techniques for analyzing siloed data comport with participants' legal restrictions on data disclosure. Secure multi-party computation (MPC) is a technique from cryptography that allows several participants, each with sensitive information, to analyze their data collectively without ever sharing it.
group_project
Submitted by Owen Arden on Tue, 08/06/2019 - 2:43pm
This project explores a new, integrated approach to securing decentralized applications. The key problem is that decentralized applications are executed by mutually distrusting entities in a decentralized distributed system (such as a blockchain), where the entities must collaborate to execute the desired computation, despite not trusting each other. Building decentralized applications is difficult and error prone because the low-level security mechanisms are too removed from the high-level policies, thus it is difficult for programmers to correctly implement the policies.
group_project
Submitted by Adam Bates on Tue, 08/06/2019 - 2:39pm
System intrusions have becoming more subtle and complex. Attackers now covertly observe and probe systems for prolonged periods before launching devastating attacks. In such an environment, it has grown prohibitively difficult for system administrators to identify suspicious events, correlate these events into an attack pattern, and determine an appropriate response.
group_project
Submitted by Michail Polychron... on Tue, 08/06/2019 - 2:37pm
The exploitation of memory corruption vulnerabilities in popular software is among the leading causes of system compromise and malware infection. While there are several reasons behind this proliferation of exploitable bugs, the reliance on unsafe programming languages such as C and C++ and the complexity of modern software play a major role.
group_project
Submitted by Daniel Holcomb on Tue, 08/06/2019 - 2:33pm
The integrated circuits (ICs) that underpin critical systems in modern society are produced by a global supply chain that involves a variety of actors in many countries. Some of the actors are trusted, but others are not. Untrusted actors give rise to supply chain threats such as counterfeit ICs of uncertain quality or the possibility of malicious changes to the function of ICs. To secure electronic systems in defense, critical infrastructure, and healthcare, it is increasingly important to secure the global IC supply chain.
group_project
Submitted by Mark Zhandry on Tue, 08/06/2019 - 2:26pm
Quantum computers, which harness the peculiarities of quantum physics to solve hard computational problems, are poised to deliver significant and far-reaching impacts to cryptography and privacy. Significant progress is being made in developing these devices, indicating that quantum computing will likely be viable in the next couple decades. Once viable, quantum computers will open up new attack vectors that will render many current cryptosystems insecure.
group_project
Submitted by Taesoo Kim on Tue, 08/06/2019 - 2:19pm
Fuzzing is an automatic software-testing technique that repeatedly injects a randomly mutated input to a target program. Proven to be effective in finding bugs in complex, real-world programs, fuzzing has become a core technique for finding security vulnerabilities. There are now examples of major companies building large-scale, distributed fuzzing infrastructure, which runs on hundreds of virtual machines that relentlessly process over millions of test cases per day.
