Formal methods

group_project

Visible to the public TWC: Small: Attribute Based Access Control for Cloud Infrastructure as a Service

Submitted by RAM KRISHNAN on Thu, 10/12/2017 - 12:53pm

When an organization moves its hardware resources to a cloud infrastructure as a service (IaaS) provider, it faces 2 major issues: (1) cumbersome abstractions of access control facilities provided by the cloud service provider over its virtual assets (compute, storage, networking, etc.), and (2) multi-tenancy and availability concerns arising due to lack of control of virtual resource placement in the physical infrastructure.

Outcomes Report URL: 
https://www.research.gov/research-portal/appmanager/base/desktop?_nfpb=true&_win...
group_project

Visible to the public CAREER: Group-Centric Secure Information Sharing - Models, Properties, and Implementation

Submitted by RAM KRISHNAN on Thu, 10/12/2017 - 12:51pm

One of the oldest and most challenging problems in cyber security is to enable secure information sharing (SIS) (i.e., maintaining some control over information even after it has been shared.) For example, a product manufacturer may need to share customer account information with a company that ships the products and bills the customers. The manufacturer cannot allow its partner to then misuse those customer records by direct marketing or selling customer records. This project focuses on the policy challenge of specifying, analyzing and enforcing SIS policies.

group_project

Visible to the public TWC: Phase: Medium: Collaborative Proposal: Understanding and Exploiting Parallelism in Deep Packet Inspection on Concurrent Architectures

Submitted by Somesh Jha on Fri, 10/06/2017 - 1:07pm

Deep packet inspection (DPI) is a crucial tool for protecting networks from emerging and sophisticated attacks. However, it is becoming increasingly difficult to implement DPI effectively due to the rising need for more complex analysis, combined with the relentless growth in the volume of network traffic that these systems must inspect. To address this challenge, future DPI technologies must exploit the power of emerging highly concurrent multi- and many-core platforms.

group_project

Visible to the public TWC: Small: Provably Enforcing Practical Multi-Layer Policies in Today's Extensible Software Platforms

Submitted by Jia Limin on Thu, 08/17/2017 - 9:36pm

A defining characteristic of modern personal computing is the trend towards extensible platforms (e.g., smartphones and tablets) that run a large number of specialized applications, many of uncertain quality or provenance. The common security mechanisms available on these platforms are application isolation and permission systems. Unfortunately, it has been repeatedly shown that these mechanisms fail to prevent a range of misbehaviors, including privilege-escalation attacks and information-flow leakage.