Access control

group_project

Visible to the public TWC: Medium: Collaborative: Security and Privacy for Wearable and Continuous Sensing Platforms

Submitted by Serge Egelman on Wed, 10/25/2017 - 7:50am

This research project studies security and privacy for wearable devices. Wearable computing is poised to become widely deployed throughout society. These devices offer many benefits to end users in terms of realtime access to information and the augmentation of human memory, but they are also likely to introduce new and complex privacy and security problems. People who use wearable devices need assurances that their privacy will be respected, and we also need ways to minimize the potential for wearable devices to intrude on the privacy of bystanders and others.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

Submitted by Vinod Ganapathy on Wed, 10/25/2017 - 7:09am

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

Submitted by Trent Jaeger on Wed, 10/25/2017 - 7:05am

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.

group_project

Visible to the public TWC: Small: Analysis and Tools for Auditing Insider Accesses

Submitted by Daniel Fabbri on Mon, 10/23/2017 - 7:00pm

Compliance officers specify organizations' policies and procedures for mitigating risk to sensitive data. However, demands for employees' quick access to organizational data often limit which security technologies can be deployed. As a result, many organizations configure an open access environment in which authenticated employees can access any piece of data (e.g., a common practice across health care facilities).

group_project

Visible to the public TWC: Small: Managing User-Level Compromises in Enterprise Networks

Submitted by Craig Shue on Mon, 10/23/2017 - 6:09pm

Organizations need to protect their computer systems from attackers. They often group their own computers into risk pools to reduce threat propagation and monitor the communication between these groups. Unfortunately, this boundary monitoring is unable to see traffic within groups and, since each monitor is segmented, they cannot form a holistic picture of the entire network. Finally, modern approaches must examine network traffic in isolation, without the ability to know what action on the originating computer caused it.

group_project

Visible to the public TWC: Small: Collaborative: Secure Data Charging Architecture for Mobile Devices in 3G/4G Cellular Networks: Vulnerabilities and Solutions

Submitted by Chunyi Peng on Wed, 10/18/2017 - 6:55pm

Wireless cellular networks serve as an essential cyber-infrastructure for mobile users. Unlike the Internet, cellular networks have adopted usage-based charging, rather than the simpler flat-rate charging. Data-plan subscribers have to pay their data bills based on the consumed traffic volume in 3G/4G networks. Although this metered charging system has been operational and generally successful for years, the security study of such a system remains largely unaddressed.

group_project

Visible to the public CAREER: Contextual Protection for Private Data Storage and Retrieval

Submitted by Christopher Kanich on Wed, 10/18/2017 - 6:26pm

This research is building an understanding of what data is useful to attackers and what data is private for its legitimate owners so that security systems can incorporate these values into a data-driven, defense-in-depth approach to securing our digital lives. We are exploiting the fact that both users and attackers must sift through vast amounts of data to find useful information.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

Submitted by Christian Skalka on Wed, 10/18/2017 - 6:10pm

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.

group_project

Visible to the public STARSS: Small: Collaborative: Zero-Power Dynamic Signature for Trust Verification of Passive Sensors and Tags

Submitted by Shantanu Chakraba... on Wed, 10/18/2017 - 3:13pm

As passive tagging technologies like RFID become more economical and ubiquitous, it can be envisioned that in the future, millions of sensors integrated with these tags could become an integral part of the next generation of smart infrastructure and the overall concept of internet-of-things. As a result, securing these passive assets against data theft and counterfeiting would become a priority, reinforcing the importance of the proposed dynamic authentication techniques.