Software

group_project

Visible to the public SaTC: CORE: Small: Preventing Web Side-channel Attacks via Atomic Determinism

Submitted by Yinzhi Cao on Tue, 03/19/2019 - 4:07pm

Web browsers are vulnerable to side-channel attacks, which usually play an important, first-step role in jump-starting a chain of attacks. For example, a web-level precise clock can help adversaries to break operating system level memory protection mechanisms, such as address-space layout randomization (ASLR). Browser fingerprinting, a variation of web side channels, can be used to obtain users' private information for launching social engineering attacks.

group_project

Visible to the public SaTC: NSF-BSF: CORE: Small: Attacking and Defending the Lifespan of Mobile and Embedded Flash Storage

Submitted by Donald Porter on Wed, 03/13/2019 - 2:19pm

This project explores approaches to attack and defend the lifespan of flash storage in small mobile devices. While the project focuses on smartphones, the research is applicable to any small flash-based device that allows users to install applications, including smart watches, Internet-of-Things (IoT) devices, computerized medical equipment, and computer-managed critical infrastructure. It is well understood that, over time, writing to flash storage will physically wear out the device. This problem is considered a nonissue with respect to enterprise Solid State Drives (SSDs).

group_project

Visible to the public SaTC: CORE: Medium: Collaborative: Bridging the Gap between Protocol Design and Implementation through Automated Mapping

Submitted by tripakis on Tue, 03/05/2019 - 2:45pm

Computer networking and the internet have revolutionized our societies, but are plagued with security problems which are difficult to tame. Serious vulnerabilities are constantly being discovered in network protocols that affect the work and lives of millions. Even some protocols that have been carefully scrutinized by their designers and by the computer engineering community have been shown to be vulnerable afterwards. Why is developing secure protocols so hard?

group_project

Visible to the public  EDU: Collaborative: Using Virtual Machine Introspection for Deep Cyber Security Education

Submitted by ahmirf44 on Thu, 01/04/2018 - 1:05pm

Cybersecurity is one of the most strategically important areas in computer science, and also one of the most difficult disciplines to teach effectively. Historically, hands-on cyber security exercises helped students reinforce basic concepts, but most of them focused on user level attacks and defenses. Since OS kernels provide the foundations to the applications, any compromise to OS kernels will lead to an entirely untrusted computing. Therefore, it is imperative to teach students the practice of kernel level attacks and defenses.

group_project

Visible to the public SaTC-EDU: EAGER: Peer Instruction for Cybersecurity Education

Submitted by ahmirf44 on Thu, 01/04/2018 - 1:02pm

Engineering a secure IT system, in addition to technical skills, requires a particular mindset focused on using cybersecurity solutions effectively against sophisticated and stealthy cyber attacks. The traditional lecture-centric style of teaching has failed to deliver that mindset, which is the direct result of an over-emphasis on specific technical skills (with limited lifespan and insufficient technical depth), abstract rather than deeply technical examination of fundamental concepts, and an impatience in developing broader analytical skills.

group_project

Visible to the public Collaborative: Development and Testing of a Secure Programming Clinic

Submitted by Matt Bishop on Thu, 01/04/2018 - 12:33pm

This capacity building project will create Secure Programming Clinic to enhance student learning and expertise in writing robust, secure software, analogous to a writing clinic in an English department or law school. It provides continual reinforcement of the mechanisms, methods, technologies, and need for programming with security and robustness considerations throughout a student's undergraduate coursework. The clinic would augment courses, not replace them or their content.

group_project

Visible to the public TWC: Small: Collaborative: Discovering Software Vulnerabilities through Interactive Static Analysis

Submitted by emerson on Wed, 01/03/2018 - 11:00pm

Software development is a complex and manual process, in part because typical software programs contain more than hundreds of thousands lines of computer code. If software programmers fail to perform critical checks in that code, such as making sure a user is authorized to update an account, serious security compromises ensue. Indeed, vulnerable software is one of the leading causes of cyber security problems. Checking for security problems is very expensive because it requires examining computer code for security mistakes, and such a process requires significant manual effort.

group_project

Visible to the public  TWC: Medium: Language-Hardware Co-Design for Practical and Verifiable Information Flow Control

Submitted by edwardsuh on Wed, 01/03/2018 - 4:39pm

Current cloud computing platforms, mobile computing devices, and embedded devices all have the security weakness that they permit information flows that violate the confidentiality or integrity of information. This project explores an integrated approach in which software and hardware are co-designed with strong, comprehensive, verifiable security assurance. The goal is to develop a methodology for designing systems in which all forms of information flow are tracked, at both the hardware and software levels, and between these levels.

group_project

Visible to the public TWC: Small: Practical Assured Big Data Analysis in the Cloud

Submitted by aniketpkate on Wed, 01/03/2018 - 4:27pm

The use of "cloud technologies" presents a promising avenue for the requirements of big data analysis. Security concerns however represent a major impediment to the further adoption of clouds: through the sharing of cloud resources, an attack succeeding on one node can tamper with many applications sharing that node.

group_project

Visible to the public Forum on Cyber Resilience

Submitted by Jeisenberg on Wed, 01/03/2018 - 4:17pm

This project provides support for a National Academies Roundtable, the Forum on Cyber Resilience. The Forum will facilitate and enhance the exchange of ideas among scientists, practitioners, and policy makers concerned with the resilience of computing and communications systems, including the Internet, critical infrastructure, and other societally important systems.