Division of Computer and Network Systems (CNS)
group_project
Submitted by Massoud Amin on Mon, 05/28/2018 - 5:01pm
Energy infrastructure is a critical underpinning of modern society that any compromise or sabotage of its secure and reliable operation will have a prominent impact on people's daily lives and the national economy. Past failures such as the massive northeastern power blackout in August 2003 and the recent Florida blackout in February 2008 have revealed serious defects in both system-level management and device-level designs.
group_project
Submitted by Douglas Reeves on Mon, 05/28/2018 - 4:43pm
Software is a common target of attacks on the current computing / communications infrastructure. Software continues to be vulnerable to attacks that exploit obscure or misunderstood language and program features. Detection of these software exploits (also called "malware") will therefore be needed for the forseeable future as one part of an effective defense. Virus checkers detect many known exploits, and are now widely used, but attackers have adapted by obfuscating and mutating their code to evade virus checkers.
group_project
Submitted by Tal Malkin on Mon, 05/28/2018 - 4:39pm
This research project focuses on the development of cryptographic mathematical models and constructions that address realistic security requirements at the implementation level. This is a fundamental problem as cryptographic security formalisms are often criticized for lack of relevance given the wide range of attacks available at the implementation level.
group_project
Submitted by smithg on Mon, 05/28/2018 - 4:35pm
Protecting the confidentiality and integrity of sensitive information is central to trustworthy computing. This project focuses on one aspect of the problem, namely, the difficulty of developing software that satisfies critical information flow properties. The approach of secure information flow analysis is to do a static analysis, usually in the form of a type system, on a program prior to executing it, with the goal of proving that it does not leak any information from its high inputs to its low outputs; this is formalized as a property called noninterference.
group_project
Submitted by HNissenbaum on Mon, 05/28/2018 - 4:29pm
Modern organizations, such as businesses, non-profits, government agencies, and universities, collect and use personal information from a range of sources, shared with specific expectations about how it will be managed and used. Accordingly, they must find ways to comply with expectations, which may be complex and varied, as well as with relevant privacy laws and regulations, while they minimize operational risk and carry out core functions of the organization efficiently and effectively.
group_project
Submitted by Stefan S on Mon, 05/28/2018 - 1:22pm
Computer security is a field in which defenses are pitted against adversaries. Thus, it is critical to understand the capabilities and motivations of the adversary if one is to plan effective defenses. However, modern Internet-based attacks are largely driven by economic factors that are only understood in the abstract. While we know that it is sufficiently cheap to compromise Internet hosts that large-scale botnets have become a compelling platform for launching attacks, we simply do not understand the scale of the revenue that that such activities bring in.
group_project
Submitted by Phil P on Mon, 05/28/2018 - 1:17pm
Layer-8 attacks (e.g., spam and phishing) are launched from a malicious service platform, e.g., botnet, which consists of a large number of infected machines (or bots). Such an attack platform relies on lower-layer network services to achieve efficiency, robustness, and stealth in communication and attack activities. These services include look-up (e.g., DNS), hosting (e.g., Web servers), and transport (e.g., BGP).
The main research goals and approaches of the CLEANSE project are:
group_project
Submitted by Michael Bailey on Mon, 05/28/2018 - 1:13pm
Layer-8 attacks (e.g., spam and phishing) are launched from a malicious service platform, e.g., botnet, which consists of a large number of infected machines (or bots). Such an attack platform relies on lower-layer network services to achieve efficiency, robustness, and stealth in communication and attack activities. These services include look-up (e.g., DNS), hosting (e.g., Web servers), and transport (e.g., BGP).
The main research goals and approaches of the CLEANSE project are:
group_project
Submitted by Anupam Datta on Thu, 05/03/2018 - 3:42pm
Modern organizations, such as businesses, non-profits, government agencies, and universities, collect and use personal information from a range of sources, shared with specific expectations about how it will be managed and used. Accordingly, they must find ways to comply with expectations, which may be complex and varied, as well as with relevant privacy laws and regulations, while they minimize operational risk and carry out core functions of the organization efficiently and effectively.
group_project
Submitted by Alexandra Boldyreva on Thu, 05/03/2018 - 3:16pm
The project aims at studying properties of hash and trapdoor functions that are motivated by practical applications and are implicitly held by the random oracles or easy to realize in the idealistic random oracle model. But, are not well-defined and/or not known to be realizable in the standard model. In particular, the research studies non-malleable hash functions and (possibly trapdoor) functions that hide partial information. The project investigates the new appropriate notions of security for these primitives and seeks constructions that probably meet the security definitions.
