Access control

Current cybersecurity practice is inadequate to defend against the security threats faced by society. Unlike physical systems, present-day computers lack supervising safety interlocks to help prevent catastrophic failures. Worse, many exploitable vulnerabilities arise from the violation of well-understood safety and security policies that are not enforced due to perceived high performance costs. This project aims to demonstrate how language design and formal verification can leverage emerging hardware capabilities to engineer practical systems with strong security and safety guarantees.

On-line sharing of images has become a key enabler of users' connectivity. Various types of images are shared through social media to represent users' interests and experiences. While extremely convenient and socially valuable, this level of pervasiveness introduces acute privacy concerns. First, once shared images may go anywhere, as copying / resharing images is straightforward. Second, the information disclosed through an image reveals aspects of users' private lives, affecting both the owner and other subjects in the image.

To date, the application of quantitative security and privacy metrics metrics has seen its greatest successes when exploring the worst-case properties of a system. That is, given a powerful adversary, to what extent does the system preserve some relevant set of properties? While such analyses allow experts to build systems that are resistant to strong attackers, many deployed systems were not designed in this manner. In fact, there is growing evidence that users' privacy is routinely compromised as a byproduct of using social, participatory, and distributed applications.

One of the oldest and most challenging problems in cyber security is to enable secure information sharing (SIS) (i.e., maintaining some control over information even after it has been shared.) For example, a product manufacturer may need to share customer account information with a company that ships the products and bills the customers. The manufacturer cannot allow its partner to then misuse those customer records by direct marketing or selling customer records. This project focuses on the policy challenge of specifying, analyzing and enforcing SIS policies.

The proliferation and increasing sophistication of censorship warrants continuing efforts to develop tools to evade it. Yet, designing effective mechanisms for censorship resistance ultimately depends on accurate models of the capabilities of censors, as well as how those capabilities will likely evolve. In contrast to more established disciplines within security, censorship resistance is relatively nascent, not yet having solid foundations for understanding censor capabilities or evaluating the effectiveness of evasion technologies.