Access control

group_project

TWC: Small: Noisy Secrets as Alternatives to Passwords and PKI

Submitted by Leonid Reyzin on Mon, 11/20/2017 - 3:46pm

In order to establish a secure communication channel, each communicating party needs some method to authenticate the other, lest it unwittingly establish a channel with the adversary instead. Current techniques for authentication often rely on passwords and/or the public-key infrastructure (PKI). Both of these methods have considerable drawbacks since passwords are frequently breached, and PKI relies on central authorities which have proven to be less than reliable. Thus there is a need to use other sources of information for the communicating parties to authenticate each other.

group_project

TWC: Medium: Collaborative: Hiding Hay in a Haystack: Integrating Censorship Resistance into the Mainstream Internet

Submitted by Joan Feigenbaum on Tue, 11/14/2017 - 10:44am

Freedom and openness of the Internet are under threat. Government censors in non-democratic countries are deploying network filters to block sources of uncensored information, suppress dissent, and prevent citizens from using the Internet to exercise their human rights such as freedom of speech and freedom of assembly.

group_project

EAGER: TWC: Collaborative: iPrivacy: Automatic Recommendation of Personalized Privacy Settings for Image Sharing

Submitted by Jianping Fan on Tue, 11/14/2017 - 10:35am

The objective of this project is to investigate a comprehensive image privacy recommendation system, called iPrivacy (image Privacy), which can efficiently and automatically generate proper privacy settings for newly shared photos that also considers consensus of multiple parties appearing in the same photo. Photo sharing has become very popular with the growing ubiquity of smartphones and other mobile devices.

group_project

TWC: TTP Option: Medium: Collaborative: Identifying and Mitigating Trust Violations in the Smartphone Ecosystem

Submitted by Giovanni Vigna on Mon, 11/13/2017 - 7:21am

The adoption of smartphones has steadily increased in the past few years, and smartphones have become the tool with which millions of users handle confidential information, such as financial and health-related data. As a result, these devices have become attractive targets for cybercriminals, who attempt to violate the trust assumptions underlying the smartphone platform in order to compromise the security and privacy of users.

group_project

TWC: Small: Benchmarking Testing Methods for Access Control Policies

Submitted by Dianxiang Xu on Tue, 11/07/2017 - 5:32am

Access control policies specify which users may perform which actions on which resources within which environments. Defective policies may have serious impacts, allowing unintended access (e.g., bank account withdrawals by a stranger) or preventing critical legitimate access (e.g., a doctor cannot view her patient's x-ray). As computer systems become more complex, policy defects have become more common.

group_project

TWC: TTP Option: Medium: Collaborative: Identifying and Mitigating Trust Violations in the Smartphone Ecosystem

Submitted by Yan Chen on Wed, 10/25/2017 - 3:29pm

The adoption of smartphones has steadily increased in the past few years, and smartphones have become the tool with which millions of users handle confidential information, such as financial and health-related data. As a result, these devices have become attractive targets for cybercriminals, who attempt to violate the trust assumptions underlying the smartphone platform in order to compromise the security and privacy of users.

group_project

TWC: Small: Towards Trustworthy Access Control Policies

Submitted by sdstoller on Wed, 10/25/2017 - 3:03pm

Getting access control policies right is challenging, especially in large organizations. This project is developing techniques and tools to support efficient and trustworthy administration of Attribute-Based Access Control (ABAC) policies. ABAC is a flexible, high-level, and increasingly popular security policy framework.

group_project

TWC: Small: Exposing Attack Vectors and Identifying Defense Solutions for Data Cellular Networks

Submitted by Zhuoqing Mao on Wed, 10/25/2017 - 10:45am

This project addresses several key emerging security challenges that arise due to the wildly successful large-scale adoption of mobile devices with diverse network capabilities. The novel approach focuses on to understanding how various information that are legitimately and willingly provided by smartphone users due to the requested permissions of downloaded applications can be potentially abused. The second research focus is to identify improvements in the design of cellular network middlebox (e.g., firewall) policies by detailed exposure and explicitly defining the key requirements.

group_project

TWC: Small: Collaborative: Cellular Network Services in Peril: A Perspective on Control-Plane and Data-Plane Design

Submitted by Songwu Lu on Wed, 10/25/2017 - 8:29am

The cellular network is the largest wireless infrastructure deployed today. It offers users mobile Internet access and carrier-grade voice service. Each such service (e.g., data or voice) typically involves operations on both data and control planes. The former transfers service content to users, whereas the latter performs control functions of service instantiation, maintenance, update, and termination. Securing control and data planes is thus critical to mobile network service.

group_project

TWC: Medium: Collaborative: The Theory and Practice of Key Derivation

Submitted by Yevgeniy Dodis on Wed, 10/25/2017 - 8:00am

Most cryptographic applications crucially rely on secret keys that are chosen randomly and are unknown to an attacker. Unfortunately, the process of deriving secret keys in practice is often difficult, error-prone and riddled with security vulnerabilities. Badly generated keys offer a prevalent source of attacks that render complex cryptographic applications completely insecure, despite their sophisticated design and rigorous mathematical analysis.