Division of Computer and Network Systems (CNS)
group_project
Submitted by Kangjie Lu on Tue, 03/12/2019 - 3:10pm
System software such as operating system kernels, libraries, and application frameworks provide the foundation for all of the functionality of computing devices, from personal computers and servers to mobile and embedded devices. Security vulnerabilities in system software are particularly serious because they can undermine any of the software running on a device. The most common vulnerabilities in system software are semantic errors such as missing security checks.
group_project
Submitted by Stephen Miller on Tue, 03/12/2019 - 3:03pm
This award supports research in the mathematical underpinnings of cryptography. Since the late 1970s, widely-used cryptosystems have been developed based on the perceived difficulty of certain mathematical problems. New applications, as well as improvements in attacks on existing cryptosystems, call for a better understanding of these underlying mathematical problems.
group_project
Submitted by Yevgeniy Dodis on Tue, 03/12/2019 - 3:01pm
Today, hash functions are ubiquitous in that they are widely used in almost every cryptographic application. Thus, accurately analyzing their security is of paramount importance. Unfortunately, traditional analyses of hash functions do not take into account the ability of the attacker to perform (possibly expensive but only one-time) preprocessing attacks, which might dramatically speed up the time to repeatedly attack the respective application in real time. For example, the famous rainbow tables preprocessing attack is the most successful and practical approach to crack passwords.
group_project
Submitted by Jelena Mirkovic on Tue, 03/12/2019 - 2:59pm
Low-rate denial-of-service (LRD) attacks deny access to services by depleting some limited resource at the end host or a network device. This makes the device unable to process legitimate clients' traffic. LRD attacks are very challenging to detect and handle at the network level, since they are very low-rate. It makes the attack traffic a needle in a haystack of legitimate traffic. On the other hand, detecting LRD at the application would require changes to many applications, and would only be effective against specific attack variants.
group_project
Submitted by Pau Closas on Tue, 03/12/2019 - 2:40pm
This project develops novel anti-jamming techniques for Global Navigation Satellite Systems (GNSS) that are effective, yet computationally affordable. GNSS is ubiquitous in civilian, security and defense applications, causing a growing dependence on such technology for position and timing purposes, particularly in critical infrastructures. The threat of a potential disruption of GNSS is real and can lead to catastrophic consequences. This project studies methods to secure GNSS receivers from jamming interference, and doing so within size, weight, and power (SWAP) requirements.
group_project
Submitted by Adwait Nadkarni on Tue, 03/12/2019 - 2:37pm
Mobile devices have become the fabric of our current consumer computing landscape, driven by the diverse "apps" they support, which allow users to carry out complex computing tasks. These devices and apps have become deeply personal, and as such have access to privacy-sensitive resources and information. To prevent misuse of this access, it is imperative to understand the challenges in securing mobile apps, and in effect, the true capabilities of current approaches for security analysis.
group_project
Submitted by Joerg Kliewer on Tue, 03/12/2019 - 2:32pm
This project explores secret and efficient (preferably covert) communications by harnessing the resources brought in by smart everyday devices in emerging Internet of Things (IoT) environments. Reliability, efficiency, and secrecy are essential requirements in communication networks. Hiding that communication is even taking place is often crucial in adversarial environments and automatically achieves the increasingly important societal goals of privacy and anonymity.
group_project
Submitted by Aleksander Madry on Tue, 03/12/2019 - 2:30pm
Machine learning has witnessed tremendous progress over the last decade and is rapidly becoming a critical part of key aspects of our lives, from health care and financial services, to the way we evaluate job applications, commute to work, or even use media. This gives rise to a fundamental question: how will all these machine learning solutions fare when applied in real-world settings that are safety-sensitive or even security-critical? Will these solutions be sufficiently reliable and resistant to malicious tampering? These concerns are hardly unjustified.
group_project
Submitted by Lannan Luo on Tue, 03/12/2019 - 2:20pm
During the past decade, middleware on mobile platforms (such as the Application Framework in Android and the Core Services layer in iOS) has been flourishing, but the insecurity analysis of such middleware has been lagging behind. For example, while comprehensive studies have been conducted at the application layer of the Android system, there is very limited work analyzing the Android Application Framework (Android Framework, for short), a middleware layer in the Android system.
group_project
Submitted by M. Zubair Shafiq on Fri, 03/08/2019 - 4:41pm
The mobile ecosystem has become an attractive target for various types of abuses. For instance, many mobile applications leak sensitive user information, such as email addresses and location, which is a privacy issue. Second, attackers routinely disguise malware in seemingly legitimate mobile apps to launch attacks, which poses security threats. Third, many mobile apps and sites push intrusive und undesirable ads, such as auto-play and pop-ups, which harm usability.
