Division of Computer and Network Systems (CNS)

Modern computing systems are under constant attack by organized crime syndicates, nation-state adversaries, and regular cyber-criminals alike. Among the most damaging attacks are those that exploit so-called memory corruption vulnerabilities which often confer the attacker with access to sensitive information or allow the attacker to execute arbitrary code on the victim's machine. To counter the threat posed by memory corruption vulnerabilities, this project will research and develop new defensive capabilities realized through the joint design of hardware and software.

Numerous challenges confront law enforcement investigations and prosecutions of cybercrime offenses, including under-reporting by victims, jurisdictional conflicts and limitations, insufficient resources, training, and expertise, as well as organizational constraints. This research is a study of cybercrime investigators, their departments, and the challenges they face in fighting cybercrime. The research consists of social scientific research on how law enforcement investigators and their units conduct cybercrime investigations.

This research has a foundational, multi-disciplinary research agenda that examines the role of technology in intimate partner violence and investigates the development of new tools, techniques, and theories to combat technology-enabled abuse. The work is important because digital technologies play an increasingly prominent role in domestic violence, stalking, and surveillance by abusive partners and others known to the victim. The research builds on prior work detailing the ways in which abusers exploit technology to monitor, harass, track, and control victims.

The goal of the project is to develop a multi-layer security framework to provide control technicians and engineers with far superior mechanisms to address the increasing risk of cybersecurity attack on vulnerable water treatment plants and reduce latent risks to public health and safety, industry, and national security. The findings will generate knowledge base and forensic tools to help control engineers to quickly detect and mitigate potential security flaws in central components across control systems, including industrial control software, sensors, and actuators.

Data collection and analysis enable great advancements in digital technology, but the stewards of this data have a responsibility to society to ensure that the practices of collection, storage, and user control abide by user expectations. Policies and regulations governing data privacy play a critical role in communicating privacy expectations to users and defining the bounds of permissible data use. However, in practice, there are severe mismatches between user expectations and the actual practices of software companies, even when those practices conform with their privacy policies.