Cyber-Physical Systems (CPS)

group_project

Visible to the public TWC: Large: Collaborative: Living in the Internet of Things

Submitted by Tadayoshi Kohno on Tue, 10/24/2017 - 12:51pm

More and more objects used in daily life have Internet connectivity, creating an "Internet of Things" (IoT). Computer security and privacy for an IoT ecosystem are fundamentally important because security breaches can cause real and significant harm to people, their homes, and their community.

group_project

Visible to the public SaTC: An Architecture for Restoring Trust in Our Personal Computing Systems

Submitted by David August on Mon, 10/23/2017 - 11:03pm

Computers today are so complex and opaque that a user cannot possibly hope to know, let alone trust, everything occurring within the machine. While software security techniques help ensure the integrity of user computations, they are only as trustworthy as the underlying hardware. Even though many proposals provide some relief to the problem of hardware trust, the user must ultimately rely on the assurances of other parties. This work restores hardware trust through a simple, small, and slow pluggable hardware element.

group_project

Visible to the public TWC SBE: Small: From Threat to Boon: Understanding and Controlling Strategic Information Transmission in Cyber-Socio-Physical Systems

Submitted by Cedric Langbort on Wed, 10/18/2017 - 5:05pm

As cyber-socio-physical and infrastructure systems are increasingly relying on data and integrating an ever-growing range of disparate, sometimes unconventional, and possibly untrusted data sources, there is a growing need to consider the problem of estimation in the presence of strategic and/or self-interested sensors. This class of problems, called "strategic information transmission" (SIT), differs from classical fault-tolerant estimation since the sensors are not merely failing or malfunctioning, but are actively trying to mislead the estimator for their own benefit.

group_project

Visible to the public STARSS: Small: Collaborative: Zero-Power Dynamic Signature for Trust Verification of Passive Sensors and Tags

Submitted by Shantanu Chakraba... on Wed, 10/18/2017 - 3:13pm

As passive tagging technologies like RFID become more economical and ubiquitous, it can be envisioned that in the future, millions of sensors integrated with these tags could become an integral part of the next generation of smart infrastructure and the overall concept of internet-of-things. As a result, securing these passive assets against data theft and counterfeiting would become a priority, reinforcing the importance of the proposed dynamic authentication techniques.

group_project

Visible to the public SaTC: Hardware-Assisted Methods for Operating System Integrity

Submitted by Vinod Ganapathy on Wed, 10/18/2017 - 10:09am

Operating systems (OS) form the core of the trusted computing base on most computer platforms. The security of a platform therefore crucially relies on the correct and secure operation of its OS. Unfortunately, malicious software such as rootkits infect the OS by compromising the integrity of its code and data, thereby jeopardizing the security of the entire platform.

group_project

Visible to the public EAGER: Collaborative: PRICE: Using process tracing to improve household IoT users' privacy decisions

Submitted by Bart Knijnenburg on Tue, 10/17/2017 - 12:54pm

Household Internet-of-Things (IoT) devices are intended to collect information in the home and to communicate with each other, to create powerful new applications that support our day-to-day activities. Existing research suggests that users have a difficult time selecting their privacy settings on such devices. The goal of this project is to investigate how, why and when privacy decisions of household IoT users are suboptimal, and to use the insights from this research to create and test a simple single user interface that integrates privacy settings across all devices within a household.

group_project

Visible to the public CAREER: Applying a Criminological Framework to Understand Adaptive Adversarial Decision-Making Processes in Critical Infrastructure Cyberattacks

Submitted by arege on Mon, 10/16/2017 - 4:43pm

Infrastructure systems (such as power, water and banking) have experienced a surge in cyberattacks over the past decade. These attacks are becoming more sophisticated and resilient, suggesting that the perpetrators are intelligent, determined and dynamic. Unfortunately, current cyberdefense measures are reactive and frequently ineffective. Defenders need to move to a proactive approach, which will require an understanding of the human characteristics and behaviors of the people behind these cyberattacks.

group_project

Visible to the public TWC: Option: Medium: Collaborative: Semantic Security Monitoring for Industrial Control Systems

Submitted by Adam Slagell on Mon, 10/16/2017 - 10:29am

Industrial control systems differ significantly from standard, general-purpose computing environments, and they face quite different security challenges. With physical "air gaps" now the exception, our critical infrastructure has become vulnerable to a broad range of potential attackers. In this project we develop novel network monitoring approaches that can detect sophisticated semantic attacks: malicious actions that drive a process into an unsafe state without however exhibiting any obvious protocol-level red flags.