Software

The goal of this project is to develop a lightweight infrastructure for supporting hands-on network security education (NSE) and a compelling set of exercises that rely on the infrastructure, covering the three basic aspects of the security: attack, analysis, and defense. Historically, building realistic Cybersecurity exercises has been both a laborious and resource-intensive task.

Natural language privacy policies have become a de facto standard to address expectations of notice and choice on the Web. Yet, there is ample evidence that users generally do not read these policies and that those who occasionally do struggle to understand what they read. Initiatives aimed at addressing this problem through the development of machine implementable standards or other solutions that require website operators to adhere to more stringent requirements have run into obstacles, with many website operators showing reluctance to commit to anything more than what they currently do.

As the use of Web applications has increased, malicious content and cyber attacks are rapidly increasing in both their frequency and their sophistication. For unwary users and their organizations, social media sites such as Tumblr, Facebook, MySpace, Twitter, and LinkedIn pose a variety of serious security risks and threats. Recent studies show that social media sites are more in use for delivering malware than were previously popular methods of email delivery. Because of this, many organizations are looking for ways to implement effective security policies.

This proposal provides funding for the second GREPSEC: Underrepresented Groups in Security Research workshop, which will be affiliated with the annual IEEE Symposium on Research in Security & Privacy, in May 2015, in San Jose CA. The first event, held in May 2013, attracted 50 participants, two-thirds of them students, and almost all from underrepresented groups.

Software is responsible for many critical government, business, and educational functions. This project aims to develop new methods for finding and repairing some of the most challenging, poorly understood security vulnerabilities in modern software that have the potential to jeopardize the security and reliability of the nation's cyber infrastructure.