Systems

Database Management Systems (DBMS) have been used to store and process data in organizations for decades. Larger organizations use a variety of databases (commercial, open-source or custom-built) for different departments. However, neither users nor Database Administrators (DBAs) know exactly where the data is stored on the system or how it is processed. Most relational databases store internal data using universal principles that can be inferred and captured.

Security and privacy concerns in the increasingly interconnected world are receiving much attention from the research community, policymakers, and general public. However, much of the recent and on-going efforts concentrate on security of general-purpose computation and on privacy in communication and social interactions.

This capacity building project seeks to addresses the lack of opportunities for students for experiential learning of Cybersecurity. Although there is no overall shortage of labs anymore, many instructors do not feel comfortable using them in their courses. This project has a potential to help many instructors to provide hands-on learning opportunities to their students. The project is based on the 30 SEED labs, which were developed and tested by the PI over the last ten years and are used by over 150 instructors from 26 countries.

Despite our growing reliance on mobile phones for a wide range of daily tasks, their operation remains largely opaque even for experts. Mobile users have little insight into how their mobile apps operate and perform in the network, into how (or whether) they protect the information that users entrust to them, and with whom they share user's personal information. A number of previous studies have addressed elements of this problem in a partial fashion, trading off analytic comprehensiveness and deployment scale.

Cross-site scripting (XSS) vulnerabilities -- though being known for more than ten years -- are still one of the most commonly-found web application vulnerabilities in the wild. Among all the defenses proposed by researchers, one widely-adopted approach is called Content Security Policy (CSP) -- which has been standardized by W3C and adopted by all major commercial browsers, such as Google Chrome, Internet Explorer, Safari, and Firefox.