Data science

group_project

Visible to the public SBE: Medium: Towards Personalized Privacy Assistants

Submitted by Norman Sadeh on Wed, 10/11/2017 - 11:14am

Whether it is on their smartphones, in their browsers or on social networks, people are confronted with an increasingly unmanageable number of privacy settings. What is needed is a new, more scalable paradigm that empowers them to regain control over the collection and use of their data. This is particularly the case for mobile apps people download on their smartphones. These apps have been shown to collect and share a wide variety of sensitive data, with users unable to keep up.

group_project

Visible to the public TWC: Medium: Collaborative: Exposing and Mitigating Cross-Channel Attacks that Exploit the Convergence of Telephony and the Internet

Submitted by Mustaque Ahamad on Mon, 10/09/2017 - 5:09pm

Rapid advances in technology now enable simultaneous access to both telephony and Internet services from smart phone devices that people carry with them at all times. Although this convergence of telephony with the Internet offers many benefits, it also provides cyber criminals the ability to develop increasingly sophisticated attacks that combine resources from both the telephony and Internet channels.

group_project

Visible to the public TTP: Small: Network-Level Security Posture Assessment and Predictive Analytics: From Theory to Practice

Submitted by Mingyan Liu on Mon, 10/09/2017 - 4:30pm

This project addresses the following two key questions in cyber security: (1) how is the security condition of a network assessed, and (2) to what extent can we predict data breaches or other cyber security incidents for an organization. The ability to answer both questions has far-reaching social and economic impact. Recent data breaches such as those at Target, JP Morgan, Home Depot, Office of Personnel Management (OPM), and Anthem Healthcare, to name just a few, highlight the increasing social and economic impact of such cyber security incidents.

group_project

Visible to the public TWC: Small: Understanding Network Level Malicious Activities: Classification, Community Detection and Inference of Security Interdependence

Submitted by Mingyan Liu on Mon, 10/09/2017 - 4:20pm

This goal of this project is development of a formal method to quantitatively assess the security posture of large networks and assign them a numeric score. Large networks are made up of a collection of individual machines, which exhibit more stable behavior and features as a group than at the IP level, where each host is inspected separately. Networks at an aggregate level thus carry more predictive power, enabling a more robust and accurate policy design.

group_project

Visible to the public EDU: Collaborative: Enhancing Education in Genetic Privacy with Integration of Research in Computer Science and Bioinformatics

Submitted by Xinghua Shi on Mon, 10/09/2017 - 2:56pm

The era of personal genomics, where genetic information is ubiquitously available for research, clinical practice or personal curiosity, is quickly approaching. At the same time, there is a growing concern of genetic privacy and the existing educational resources are focused mostly on legal, regulatory or ethical issues in personal genomics.

Outcomes Report URL: 
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1523154
group_project

Visible to the public CRII: SaTC: Empirical and Analytical Models for the Deployment of Software Updates in Large Vulnerable Populations

Submitted by tdumitra on Mon, 10/09/2017 - 2:13pm

Software vulnerabilities are an important vector for malware delivery. The software updating mechanisms, responsible for deploying the vulnerability patches, are in a race with the cyber attackers seeking to exploit the vulnerabilities. Moreover, these updating mechanisms have multiple, potentially conflicting, design goals, as they must quickly deploy patches on millions of hosts worldwide, must not overburden the users, and must avoid breaking dependencies in the deployment environment.

group_project

Visible to the public TWC: Frontier: Collaborative: Rethinking Security in the Era of Cloud Computing

Submitted by reiter on Mon, 10/09/2017 - 12:29pm

There are at least two key features of the move to cloud computing that introduce the opportunity for significant leaps forward in computer security for tenant services. First, a compute cloud provides a common software, hardware and management basis for rolling out cross-cutting services en masse that have resisted incremental deployment in a one-service-at-a-time fashion. Second, compute clouds offer providers a broad view of activity across an unprecedented diversity of tenant services.

group_project

Visible to the public TWC: Medium: Collaborative: Re[DP]: Realistic Data Mining Under Differential Privacy

Submitted by Michael Hay on Mon, 10/09/2017 - 11:06am

The collection and analysis of personal data about individuals has revolutionized information systems and fueled US and global economies. But privacy concerns regarding the use of such data loom large. Differential privacy has emerged as a gold standard for mathematically characterizing the privacy risks of algorithms using personal data. Yet, adoption of differentially private algorithms in industry or government agencies has been startlingly rare.

group_project

Visible to the public EAGER: Can You Trust Apps Age Recommendations? Inconsistent and Unreliable Maturity Ratings on Mobile Platforms

Submitted by Yilu Zhou on Fri, 10/06/2017 - 3:21pm

While smart phones provide an excellent way for communication, entertaining and education, they also raise many privacy and security concerns. Children are facing the risks of being exposed to inappropriate content due to mis-rated Apps. Both Android and iOS apps come with maturity ratings that examine the existence and intensity of mature themes within each app. However, each mobile platform adopts its own rating policy and rating strategy which creates inconsistency and inaccurate ratings. The maturity ratings for Android apps are purely a result of app developers' self-report.

group_project

Visible to the public CRII: SaTC: Camera-based mobile device end-user authentication

Submitted by Matthias Kirchner on Fri, 10/06/2017 - 2:42pm

Secure and useable end-user authentication is a major challenge in a modern society that allocates and relocates more and more resources online. As many users nowadays carry a mobile device (e.g., a smartphone), authentication approaches beyond the often-criticized traditional password leverage auxiliary information that can be received by, displayed on, computed by or sent from these omnipresent personal companions.