Privacy, applied

group_project

Visible to the public TWC: Medium: Collaborative: Scaling and Prioritizing Market-Sized Application Analysis

Submitted by Somesh Jha on Wed, 10/25/2017 - 8:47am

The emergence of smartphones and more generally mobile platforms as a vehicle for communication, entertainment, and commerce has led to a revolution of innovation. Markets now provide a dizzying array of applications that inform and aid every conceivable human need or desire. At the same time, application markets allow previously unknown multitudes of application developers access to user devices through fast- tracked software publishing with well-documented consequent security concerns.

group_project

Visible to the public TWC: Medium: Collaborative: Extending Smart-Phone Application Analysis

Submitted by Somesh Jha on Wed, 10/25/2017 - 7:50am

This research is focused on the creation of new techniques and algorithms to support comprehensive analysis of Android applications. We have developed formally grounded techniques for extracting accurate models of smartphone applications from installation images. The recovery formalization is based on TyDe, a typed meta-representation of Dalvik bytecode (the code structure used by the Android smartphone operating system).

group_project

Visible to the public TWC: Large: Collaborative: Living in the Internet of Things

Submitted by Tadayoshi Kohno on Tue, 10/24/2017 - 1:51pm

More and more objects used in daily life have Internet connectivity, creating an "Internet of Things" (IoT). Computer security and privacy for an IoT ecosystem are fundamentally important because security breaches can cause real and significant harm to people, their homes, and their community.

group_project

Visible to the public CAREER: Cryptography for Secure Outsourcing

Submitted by David Cash on Tue, 10/24/2017 - 12:31am

Individuals and organizations routinely trust third party providers to hold sensitive data, putting it at risk of exposure. While the data could be encrypted under a key that is kept secret from the provider, it rarely is, due to the inconvenience and increased cost of managing the cryptography. This project will develop technologies for working with encrypted data efficiently and conveniently. In particular, it will enable searching on encrypted data, which is prevented by currently deployed encryption, and running arbitrary programs efficiently on encrypted data.

group_project

Visible to the public SaTC: An Architecture for Restoring Trust in Our Personal Computing Systems

Submitted by David August on Tue, 10/24/2017 - 12:03am

Computers today are so complex and opaque that a user cannot possibly hope to know, let alone trust, everything occurring within the machine. While software security techniques help ensure the integrity of user computations, they are only as trustworthy as the underlying hardware. Even though many proposals provide some relief to the problem of hardware trust, the user must ultimately rely on the assurances of other parties. This work restores hardware trust through a simple, small, and slow pluggable hardware element.

group_project

Visible to the public EAGER: Transparency Bridges: Exploring Transparency Requirements in Smartphone Ecosystems

Submitted by Danny Weitzner on Mon, 10/23/2017 - 11:36pm

Transparency Bridges undertakes a cross-cultural investigation of the differences in privacy attitudes between the US and the EU, as a means of exploring the design requirements for user control mechanisms. We (1) investigate the currently available mechanisms in smartphone ecosystems to inform people of collection and use of their personal data, (2) examine how these mechanisms comply with US and EU data privacy legal frameworks, and (3) analyze how different mechanisms respond to requirements in both jurisdictions.

group_project

Visible to the public TWC SBES: Medium: Utility for Private Data Sharing in Social Science

Submitted by Daniel Kifer on Mon, 10/23/2017 - 11:29pm

One of the keys to scientific progress is the sharing of research data. When the data contain information about human subjects, the incentives not to share data are stronger. The biggest concern is privacy - specific information about individuals must be protected at all times. Recent advances in mathematical notions of privacy have raised the hope that the data can be properly sanitized and distributed to other research groups without revealing information about any individual. In order to make this effort worthwhile, the sanitized data must be useful for statistical analysis.

group_project

Visible to the public TWC: Small: Analysis and Tools for Auditing Insider Accesses

Submitted by Daniel Fabbri on Mon, 10/23/2017 - 8:00pm

Compliance officers specify organizations' policies and procedures for mitigating risk to sensitive data. However, demands for employees' quick access to organizational data often limit which security technologies can be deployed. As a result, many organizations configure an open access environment in which authenticated employees can access any piece of data (e.g., a common practice across health care facilities).

group_project

Visible to the public TWC: Frontier: Collaborative: Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives

Submitted by Damon McCoy on Mon, 10/23/2017 - 7:23pm

This project tackles the social and economic elements of Internet security: how the motivations and interactions of attackers, defenders, and users shape the threats we face, how they evolve over time, and how they can best be addressed. While security is a phenomenon mediated by the technical workings of computers and networks, it is ultimately a conflict driven by economic and social issues that merit a commensurate level of scrutiny.