Systems

The explosion in data gathering has greatly exacerbated existing privacy issues in computing systems and created new ones due to the increase in the scale and the scope of available data as well as the advances in the capabilities of computational data analysis. Software professionals typically have no formal training or education on sociotechnical aspects of privacy. As a result, addressing privacy issues raised by a system is frequently an afterthought and/or a matter of compliance-check during the late phases of the system development lifecycle.

Despite an emphasis the security community places on the importance of producing secure software, the number of new security vulnerabilities in software increases every year. This research is based on the assumption that software vulnerabilities are caused by misunderstandings, or lack of knowledge, called blind spots, which the developers experience while they are building systems. When building systems, developers often focus more on functional requirements than on non-functional ones, such as security.

The ability to generate random numbers -- to flip coins -- is crucial for many computing tasks, from Monte Carlo simulation to secure communications. The theory of building such subsystems to generate random numbers is well understood, but the gap between theory and practice is surprisingly wide. As built today, these subsystems are opaque and fragile. Flaws in these subsystems can compromise the security of millions of Internet hosts.

Every time someone uses a phone or computer to connect to an Internet site, software determines whether the connection is safe or being intercepted by attackers. Unfortunately, this software is error-prone, leaving users vulnerable to having their privacy violated or their personal information stolen due to phishing attacks, identity theft, and unauthorized inspection of their encrypted traffic. A number of solutions are being proposed, but the software is fragmented across many platforms and redundantly or incorrectly implemented.

Wireless systems have become an inseparable part of our social fabric, which allow users to move around and access the services from different locations while on the move. However, wireless security is often cited as a major technical barrier that must be overcome before widespread adoption of mobile services can occur. Traditional approaches have focused on addressing security threats on a case-by-case basis in an ad-hoc manner as new and specialized threats are uncovered.