Systems

group_project

Visible to the public TWC: Medium: Toward Trustworthy Mutable Replay for Security Patches

Submitted by Gail Kaiser on Mon, 11/13/2017 - 6:43am

Society is increasingly reliant on software, but deployed software contains security vulnerabilities and other bugs that can threaten privacy, property and even human lives. When a security vulnerability or critical error is discovered, a software patch is issued to attempt to fix the problem, but patches themselves can be incorrect, inadequate, and break necessarily functionality.

group_project

Visible to the public CRII: SaTC: Improving Computer Security Technologies through Analyzing Security Needs and Practices of Journalists

Submitted by Franziska Roesner on Mon, 11/13/2017 - 6:33am

Advances in digital communication technologies, and their proliferation in recent decades, have had a remarkable impact on journalism. Security weaknesses in these technologies have put journalists and their sources increasingly at risk, hindering efforts at investigative reporting, transparency, and whistleblowing. Because of their willingness to be early adopters, and to openly communicate their issues, journalists provide an opportunity to identify security issues and requirements in new communication methods.

group_project

Visible to the public TWC: Medium: Collaborative: Seal: Secure Engine for AnaLytics - From Secure Similarity Search to Secure Data Analytics

Submitted by Feifei Li on Mon, 11/13/2017 - 6:09am

Many organizations and individuals rely on the cloud to store their data and process their analytical queries. But such data may contain sensitive information. Not only do users want to conceal their data on a cloud, they may also want to hide analytical queries over their data, results of such queries, and data access patterns from a cloud service provider (that may be compromised either from within or by a third party).

group_project

Visible to the public TWC: Medium: Collaborative: Active Security

Submitted by Eric Keller on Mon, 11/13/2017 - 5:49am

Computer and network security is currently challenged by the need to secure diverse network environments including clouds and data-centers, PCs and enterprise infrastructures. This diversity of environments is coupled to increased attack sophistication. Today's tools for securing network and computing infrastructures can be painstakingly composed and configured using available components, but fail to automatically learn from their environment and actively protect it.

group_project

Visible to the public  TWC: Medium: Collaborative: Automated Reverse Engineering of Commodity Software

Submitted by Engin Kirda on Mon, 11/13/2017 - 5:45am

Software, including common examples such as commercial applications or embedded device firmware, is often delivered as closed-source binaries. While prior academic work has examined how to automatically discover vulnerabilities in binary software, and even how to automatically craft exploits for these vulnerabilities, the ability to answer basic security-relevant questions about closed-source software remains elusive.

group_project

Visible to the public TWC: Small: Collaborative: EVADE: Evidence-Assisted Detection and Elimination of Security Vulnerabilities

Submitted by Emery Berger on Thu, 11/09/2017 - 5:54am

Today's software remains vulnerable to attack. Despite decades of advances in areas ranging from testing to static analysis and verification, all large real-world software is deployed with errors. Because this software is either written in or underpinned by unsafe languages, errors often translate to security vulnerabilities. Although techniques exist that could prevent or limit the risk of exploits, high performance overhead blocks their adoption, leaving today's systems open to attack.

group_project

Visible to the public TWC: Medium: Collaborative: Towards a Binary-Centric Framework for Cyber Forensics in Enterprise Environments

Submitted by Dongyan Xu on Tue, 11/07/2017 - 6:11am

Emerging attacks such as Advanced Persistent Threats pose significant threat to cyberspace. These attacks are often stealthy, low-and-slow, and disguised via deceptive campaigns. This research focuses on the forensics of cyber attacks targeting enterprise environments, with the goals of (1) understanding an attack's intent, strategy, steps, and targets, (2) collecting digital evidence for legal proceedings, (3) revealing hidden attack behaviors to prevent or minimize damage.

group_project

Visible to the public SaTC-EDU: EAGER: INCUBATE - INjecting and assessing Cybersecurity edUcation with little internal suBject mATter Expertise

Submitted by David Voorhees on Tue, 10/31/2017 - 4:49am

This project will develop novel ways to teach cybersecurity topics. It is challenging for computer science (CS) programs with limited faculty resources to cover the breadth and depth of the discipline. The challenge increases as CS curriculum guidelines places more emphasis on emerging areas such as cybersecurity.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

Submitted by Vinod Yegneswaran on Wed, 10/25/2017 - 3:34pm

The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

Submitted by V. Venkatakrishnan on Wed, 10/25/2017 - 3:31pm

The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services.