Data science

group_project

Visible to the public TWC: Frontier: Collaborative: Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives

Submitted by Damon McCoy on Mon, 10/23/2017 - 7:23pm

This project tackles the social and economic elements of Internet security: how the motivations and interactions of attackers, defenders, and users shape the threats we face, how they evolve over time, and how they can best be addressed. While security is a phenomenon mediated by the technical workings of computers and networks, it is ultimately a conflict driven by economic and social issues that merit a commensurate level of scrutiny.

group_project

Visible to the public TWC: Frontier: Collaborative: Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives

Submitted by Vern Paxson on Mon, 10/23/2017 - 2:54pm

This project tackles the social and economic elements of Internet security: how the motivations and interactions of attackers, defenders, and users shape the threats we face, how they evolve over time, and how they can best be addressed. While security is a phenomenon mediated by the technical workings of computers and networks, it is ultimately a conflict driven by economic and social issues that merit a commensurate level of scrutiny.

group_project

Visible to the public TWC SBE: TTP Option: Medium: Collaborative: EPICA: Empowering People to Overcome Information Controls and Attacks

Submitted by Wenke Lee on Mon, 10/23/2017 - 2:48pm

This project studies the security of representative personalized services, such as search engines, news aggregators, and on-line targeted advertising, and identifies vulnerabilities in service components that can be exploited by pollution attacks to deliver contents intended by attackers.

group_project

Visible to the public TTP: Medium: Securing the Wireless Philadelphia Network

Submitted by Steven Weber on Thu, 10/19/2017 - 10:56pm

The Wireless Philadelphia Network (WPN) is a metropolitan?area network (MAN) consisting of thousands of Tropos 5210 wireless mesh routers distributed across the entire city of Philadelphia and connected by a fiber backbone. This project is employing this network as a testbed to investigate three diverse security challenges facing any large-scale wireless network servicing a heterogeneous population.

group_project

Visible to the public CAREER: Using Analytics on Security Data to Understand Negative Innovations

Submitted by Samuel Ransbotham on Thu, 10/19/2017 - 4:59pm

The world increasingly relies on computer systems and associated software, yet attackers continue to exploit vulnerabilities in this software to threaten security in new and sophisticated ways. This research views exploitations of software vulnerabilities as critical, but not unique, examples of innovations that society would like to discourage? many other examples (e.g., biological weapons, sports doping, terrorist devices, privacy intrusions) exist.

group_project

Visible to the public CAREER: Contextual Protection for Private Data Storage and Retrieval

Submitted by Christopher Kanich on Wed, 10/18/2017 - 7:26pm

This research is building an understanding of what data is useful to attackers and what data is private for its legitimate owners so that security systems can incorporate these values into a data-driven, defense-in-depth approach to securing our digital lives. We are exploiting the fact that both users and attackers must sift through vast amounts of data to find useful information.

group_project

Visible to the public TWC SBE: Small: From Threat to Boon: Understanding and Controlling Strategic Information Transmission in Cyber-Socio-Physical Systems

Submitted by Cedric Langbort on Wed, 10/18/2017 - 6:05pm

As cyber-socio-physical and infrastructure systems are increasingly relying on data and integrating an ever-growing range of disparate, sometimes unconventional, and possibly untrusted data sources, there is a growing need to consider the problem of estimation in the presence of strategic and/or self-interested sensors. This class of problems, called "strategic information transmission" (SIT), differs from classical fault-tolerant estimation since the sensors are not merely failing or malfunctioning, but are actively trying to mislead the estimator for their own benefit.

group_project

Visible to the public TWC: Medium: Collaborative: Broker Leads for Privacy-Preserving Discovery in Health Information Exchange

Submitted by Carl Gunter on Wed, 10/18/2017 - 3:18pm

Support for research on distributed data sets is challenged by stakeholder requirements limiting sharing. Researchers need early stage access to determine whether data sets are likely to contain the data they need. The Broker Leads project is developing privacy-enhancing technologies adapted to this discovery phase of data-driven research. Its approach is inspired by health information exchanges that are based on a broker system where data are held by healthcare providers and collected in distributed queries managed by the broker.

group_project

Visible to the public SBE TWC: Small: Collaborative: Privacy Protection in Social Networks: Bridging the Gap Between User Perception and Privacy Enforcement

Submitted by Bo Luo on Wed, 10/18/2017 - 1:29pm

Online social networks, such as Facebook, Twitter, and Google+, have become extremely popular. They have significantly changed our behaviors for sharing information and socializing, especially among the younger generation. However, the extreme popularity of such online social networks has become a double-edged sword -- while promoting online socialization, these systems also raise privacy issues.

group_project

Visible to the public SBE: TTP Option: Medium: Data-Driven Cyber Vulnerability Maintenance

Submitted by Theodore Allen on Wed, 10/18/2017 - 11:33am

Researchers have found that over 90% of successful cyber attacks exploit vulnerabilities that could have been fixed with available patches. Vulnerabilities can be weak passwords or software with bugs on personal computers, mobile devices, or printers. Yet, decision-making about manually applying patches is difficult. First, a substantial fraction of vulnerabilities are fixed each month by automatic patching. Second, applying patches can have side-effects, making software unusable. Third, organizations have limited abilities to estimate the profit from applying patches.