Systems

group_project

Visible to the public TWC: Small: Cross-application and Cross-platform Tracking of Web Users: Techniques and Countermeasures

There are many applications in business and end-user applications where user tracking is part of the core functionality or feature set. However, user tracking can intrude on user privacy and even may lead to online crimes. Recent research has shown that tracking companies have started using advanced web tracking techniques that are more subtle and less transparent than traditional online tracking.

group_project

Visible to the public TWC: Small: Emerging Attacks Against the Mobile Web and Novel Proxy Technologies for Their Containment

Users entrust their mobile devices with sensitive data, including business emails, as well as health and financial information. Thus, mobile devices have become an increasingly popular target for attackers. Mobile devices house powerful browsers that are vulnerable to at least as many attacks as their desktop counterparts. Yet, the security of these mobile browsers is understudied by researchers, leading to a lack of current information about ongoing attacks and possible defenses.

group_project

Visible to the public TC: Large: Collaborative Research: Facilitating Free and Open Access to Information on the Internet

This project develops methods to provide citizens information about technologies that obstruct, restrict, or tamper with their access to information. Internet users need an objective, independent, third-party service that helps them determine whether their Internet service provider or government is restricting access to content, specific protocols, or otherwise degrading service. Towards this goal, we are (1) monitoring attempts to block or manipulate Internet content and communications; and (2) evaluating various censorship circumvention mechanisms in real-world deployments}.

group_project

Visible to the public TWC: Small: Collaborative: Practical Hardware-Assisted Always-On Malware Detection

The project explores building support for malware detection in hardware. Malware detection is challenging and resource intensive, as the number and sophistication of malware increases. The resource requirements for malware detection limit its use in practice, leaving malware unchecked on many systems. We use a low level hardware detector to identify malware as a computational anomaly using low level features such as hardware events, instruction mixes and memory address patterns.

group_project

Visible to the public TWC: Medium: Collaborative: Black-Box Evaluation of Cryptographic Entropy at Scale

The ability to generate random numbers -- to flip coins -- is crucial for many computing tasks, from Monte Carlo simulation to secure communications. The theory of building such subsystems to generate random numbers is well understood, but the gap between theory and practice is surprisingly wide. As built today, these subsystems are opaque and fragile. Flaws in these subsystems can compromise the security of millions of Internet hosts.

group_project

Visible to the public TWC: Medium: Collaborative: Exposing and Mitigating Cross-Channel Attacks that Exploit the Convergence of Telephony and the Internet

Rapid advances in technology now enable simultaneous access to both telephony and Internet services from smart phone devices that people carry with them at all times. Although this convergence of telephony with the Internet offers many benefits, it also provides cyber criminals the ability to develop increasingly sophisticated attacks that combine resources from both the telephony and Internet channels.

group_project

Visible to the public CAREER: Exo-Core: An Architecture to Detect Malware as Computational Anomalies

Applications that run on billions of mobile devices backed by enormous datacenters hold the promise of personal, always-on healthcare; of intelligent vehicles and homes; and thus of a healthier, more efficient society. It is imperative to make such applications secure by protecting their integrity and keeping their data confidential. However, malicious programs (``malware'') today can subvert the best software-level defenses by impersonating benign processes on mobile devices or by attacking victim processes through the hardware on shared datacenter servers.

group_project

Visible to the public EDU: Automated Platform for Cyber Security Learning and Experimentation (AutoCUE)

One of the main obstacles in providing extensive hands-on experience in cybersecurity classes is the substantial amount of manual work involved in creating and grading the exercise. Combined with the frequent need to update the exercises, this obstacle effectively limits that amount of hands-on work that gets incorporated into cybersecurity education. This project seeks to eliminate such barriers, and to greatly improve the efficiency of the educational process by automating the most time-consuming tasks.

group_project

Visible to the public EDU: A Capture-the-Flag Service for Computer Security Courses

Security games such as Capture-the-Flag (CTF) competitions tap into and cultivate the intrinsic motivation in people to solve puzzles. Such games provide a compelling experience for security practitioners looking to test their skills. Given the level of engagement these games produce, there have been efforts to bring the format into the classroom. While CTFs are ideal for measuring the level of expertise of its participants, there are significant issues that must be overcome before the format can be used in the classroom.

group_project

Visible to the public CRII: SaTC: Empirical and Analytical Models for the Deployment of Software Updates in Large Vulnerable Populations

Software vulnerabilities are an important vector for malware delivery. The software updating mechanisms, responsible for deploying the vulnerability patches, are in a race with the cyber attackers seeking to exploit the vulnerabilities. Moreover, these updating mechanisms have multiple, potentially conflicting, design goals, as they must quickly deploy patches on millions of hosts worldwide, must not overburden the users, and must avoid breaking dependencies in the deployment environment.