Division of Computing and Communication Foundations (CCF)
group_project
Submitted by Ben Hardekopf on Tue, 02/06/2018 - 6:30pm
Dynamic languages such as JavaScript, Python, and Ruby are ubiquitous; they are employed in critical infrastructure on clients, servers, and desktops, from browsers to the operating systems. The security, maintainability, correctness, and performance of programs written in these languages is becoming increasingly important. Static analysis is a valuable tool to help achieve these goals.
group_project
Submitted by Jing Deng on Tue, 02/06/2018 - 6:04pm
The project aims at quantifying a general network's inner potential for supporting various forms of security by achieving secret common randomness between pairs or groups of its nodes. Statistical and computational secrecy measures are being considered against a general passive adversary. Common-randomness-achieving protocols are classified into two groups: culture-building and crowd-shielding. The former achieves common randomness between nodes situated in close proximity of each other, from correlated observations of specific (natural or induced) network phenomena.
group_project
Submitted by Tan Wong on Tue, 02/06/2018 - 5:57pm
Information-theoretic security is the science of safeguarding information across a communication network based on the use of concepts and techniques in information theory. It encompasses protection against eavesdropping, impersonation, and substitution attacks made by potential adversaries present in the network. Whereas eavesdropping and impersonation attacks (and solutions) are well studied, substitution attacks, in which the adversary replaces messages from a source by different valid messages from the same source, present new risks in an increasingly networked world.
group_project
Submitted by Ozgur Sinanoglu on Tue, 02/06/2018 - 5:52pm
If an Integrated Circuit (IC) is designed and fabricated in a foundry that is outside the direct control of the (fab-less) design house, reverse engineering, malicious circuit modification, and Intellectual Property (IP) piracy are all possible. An attacker, anywhere in this design flow, can reverse engineer the functionality of design, and steal and claim ownership of the IP. An untrustworthy IC foundry may overbuild ICs and sell the excess parts in the gray market.
group_project
Submitted by Ana Milanova on Tue, 02/06/2018 - 5:47pm
Pluggable types allow programmers to extend a language's type system to enhance program correctness and program security. Unfortunately, pluggable types require annotations in the program, and therefore, place a burden on programmers. This annotation burden is one reason why pluggable types have not been widely adopted in practice. This project will develop techniques that will allow programmers to realize the benefits of pluggable types without incurring the annotation burden. One concrete application (and thrust of the project) tackles security and privacy of Android apps.
group_project
Submitted by Negar Kiyavash on Tue, 02/06/2018 - 5:31pm
Providing cyber security against attackers who penetrate the network, insider attackers, and non-malicious user errors or equipment failures is a formidable challenge for the scientific community. The investigator addresses problems in the area of network forensics that arise in packet-based communication of information. A key feature of the research approach is the use of timing as an under-utilized degree of freedom that provides rich statistical structure about the information dynamics.
group_project
Submitted by Travis Breaux on Wed, 01/03/2018 - 3:34pm
Pervasive and distributed computing decreases development time by allowing engineers to reuse software in third-party components, platforms and cloud-based services. Consequently, this software is subject to multiple policies and regulations that impose legal requirements on the behavior of these complex systems. Legal requirements create evolutionary pressure on system design as developers roll out new product features, enter new markets that cross geo-political boundaries, or when existing laws change or new laws are created.
group_project
Submitted by Matthew Might on Wed, 01/03/2018 - 3:23pm
Users of software are all too familiar with its shortcomings: software is slow, software is buggy and software is insecure. When a complex software system fails, it is unhelpfully simplistic to blame the implementors of the system as incompetent. The truth is that software engineers are uniquely disadvantaged among the traditional engineering disciplines because they lack a viable predictive model for the systems they design and build.
group_project
Submitted by Andrew Myers on Wed, 01/03/2018 - 10:33am
This project studies higher-level abstractions for constructing distributed systems that integrate information and computation across administrative and trust domains. Current practice does not offer general, principled techniques for implementing these systems securely. To develop these techniques, fundamental problems of security, consistency, performance, and system evolution are being explored.
group_project
Submitted by Mohammad Mahmoody on Tue, 01/02/2018 - 9:48pm
Since the seminal work of Shannon in 1949 cryptography has been founded on unproven computational complexity. The security of cryptographic systems could fall apart if the assumptions behind their design turn out to be false. Thus, it is crucial to base the security of crypto-systems on weakest possible assumptions. A main component of finding minimal assumptions is to ``separate'' cryptographic tasks from assumptions that are weaker than those used in constructions. In light of recent developments in cryptography, the following two directions will be pursued:
