Division of Computer and Network Systems (CNS)
group_project
Submitted by Qi Chen on Tue, 03/19/2019 - 2:37pm
Transportation systems are being profoundly transformed with the emergence of a series of software-based smart transportation solutions such as intelligent traffic signal control and autonomous driving. In these systems, the key enabler of their functional intelligence is the sensing capability, which collects necessary road information to enable better control decisions. However, sensor data are collected from a public channel, i.e., the physical transportation environment, which thus inevitably creates opportunities for attackers to tamper with the sensing process.
group_project
Submitted by Anonymous on Tue, 03/19/2019 - 12:38pm
Many organizations and companies have recently chosen to use so-called bug-bounty programs, which allow outside security experts to evaluate the security of an organization's products and services and to report security vulnerabilities in exchange for rewards. Bug-bounty programs provide unique benefits by allowing organizations to publicly signal their commitment to security and to harness the diverse expertise of thousands of security experts in an affordable way. Despite their rapidly growing popularity, bug-bounty programs are not well understood and can be mismanaged.
group_project
Submitted by Yuan Tian on Tue, 03/19/2019 - 11:46am
Mobile users hold people's sensitive information such as passwords, locations, and health information. Users are permitted to control the use of some of this information by configuring their privacy settings in the apps they use. These settings, however, are often difficult to locate and understand, even in popular apps such as Facebook. Moreover, the settings are often set to share user data by default, exposing personal data without users' explicit consent.
group_project
Submitted by Taejoong Chung on Tue, 03/19/2019 - 11:41am
The Border Gateway Protocol (BGP) is responsible for managing how packets are routed across the Internet by exchanging routing related messages (path announcements) between routers. While the Border Gateway Protocol plays a critical role in the Internet communications, it remains highly vulnerable to many attacks. This is because the protocol was originally designed for each BGP router to trust all protocol related messages, especially path announcements, sent by its neighboring routers.
group_project
Submitted by Ashish Venkat on Tue, 03/19/2019 - 11:33am
Modern high-performance processors implement complex microarchitectural optimizations involving speculative execution which has recently been shown to be vulnerable to a type of malicious attack called Spectre. This project will investigate a microarchitectural solution framework to secure against such attacks. This framework, called context-sensitive fencing, will seek to automatically track and detect malicious execution patterns dynamically to trigger defense code without programmer intervention and with minimal impact on processor performance.
group_project
Submitted by alexbardas on Tue, 03/19/2019 - 11:22am
Current information technology (IT) systems are relatively static from a configuration perspective and give adversaries the valuable advantage of time for breaching them. A new concept, called Moving Target Defense or MTD, dynamically reconfigures systems to increase uncertainty and complexity for attackers, reduce their window of opportunity, and raise the costs of their reconnaissance and attack endeavors. All of these contribute towards increased security.
group_project
Submitted by Yonghwi Kwon on Tue, 03/19/2019 - 11:17am
Cyber attackers are increasingly targeting emerging smart devices (e.g., Internet of Things devices) causing devastating damages to various enterprises and government agencies. To combat these attacks, rapid and effective investigation is critical to understand attack paths and measure the damages. Unfortunately, forensic logging infrastructures are not efficient and effective enough. Many devices completely lack forensic logging systems and others rely on ineffective logging schemes, delaying or often completely preventing forensic investigation.
group_project
Submitted by Max Schuchard on Tue, 03/19/2019 - 11:07am
Distributed Denial of Service (DDoS) attacks disrupt the ability of computers to communicate over the Internet by flooding victims with large volumes of unwanted network traffic. Due to their high economic impact and low technical complexity, such attacks remain one of the most problematic and common attacks experienced by companies, organizations, and high-profile individuals.
group_project
Submitted by Hui Lin on Tue, 03/19/2019 - 10:49am
Control-related attacks are a severe threat to cyber-physical systems (CPSs) such as smart grids, because they can introduce catastrophic physical damage by using malicious control commands crafted in a legitimate format. While current research efforts have focused on detecting malicious commands that lead to physical damage, the investigator proposes to preemptively prevent the damage by disrupting and misleading adversaries' preparation before they issue the malicious commands.
group_project
Submitted by Aydin Aysu on Tue, 03/19/2019 - 10:35am
The emergence of quantum computers poses a serious threat for existing security standards, which motivates post-quantum cryptography (PQC) research. Various PQC schemes have been proposed for standardization, whose mathematical soundness are under investigation. Unfortunately, even a mathematically sound cryptography scheme may be attacked at the implementation level. The primary research goal of this project is to develop secure implementations for lattice-based cryptosystems, a major class of PQC encryption proposals.