Systems

group_project

Visible to the public CAREER: Private Communication in Strongly Adversarial Networks

The ability to communicate and readily access information helps make possible positive social and political change. The Internet's effects on developing nations' educational, economic, and governmental institutions have been well explored by social scientists and technical experts. However, in unfortunately many instances, undemocratic governments monitor and censor Internet communication to attempt to control their populations.

group_project

Visible to the public TC: Large: Collaborative Research: Privacy-Enhanced Secure Data Provenance

Data provenance refers to the history of the contents of an object and its successive transformations. Knowledge of data provenance is beneficial to many ends, such as enhancing data trustworthiness, facilitating accountability, verifying compliance, aiding forensics, and enabling more effective access and usage controls. Provenance data minimally needs integrity assurance to realize these benefits.

group_project

Visible to the public TC: Large: Collaborative Research: Practical Secure Two-Party Computation: Techniques, Tools, and Applications

Many compelling applications involve computations that require sensitive data from two or more individuals. For example, as the cost of personal genome sequencing rapidly plummets many genetics applications will soon be within reach of individuals such as comparing one?s genome with the genomes of different groups of participants in a study to determine which treatment is likely to be most effective. Such comparisons could have tremendous value, but are currently infeasible because of the privacy concerns both for the individual and study participants.

group_project

Visible to the public EAGER: Cybercrime Susceptibility in the Sociotechnical System: Exploration of Integrated Micro- and Macro-Level Sociotechnical Models of Cybersecurity

This project develops a holistic approach to sociotechnical system security that combines innovations in both criminology and engineering/computer science. We design unified sociotechnical security models that capture how sociotechnical intrusions against social as well as technical aspects of the system (i.e., modeled as hidden sequences of system security states) result in observed hard data such as security sensor alerts and soft data produced by human/social sensors such as reports about slow machines.

group_project

Visible to the public Identifying Research Approaches, Technologies, Options, and Tradeoffs for Encrypted Communications Access

This National Academies study examines the tradeoffs associated with mechanisms to provide authorized government agencies with access to the plaintext version of encrypted information. The study describes the context in which decisions about such mechanisms would be made and identifies and characterizes possible mechanisms and alternative means of obtaining information sought by the government for law enforcement or intelligence investigations.

group_project

Visible to the public CAREER: User-Space Protection Domains for Compositional Information Security

Attacks on software applications such as email readers and web browsers are common. These attacks can cause damages ranging from application malfunction, loss of private data, to a complete takeover of users' computers. One effective strategy for limiting the damage is to adopt the principle of least privilege in application design: the application is split into several protection domains and each domain is given only the necessary privileges to perform its task.

group_project

Visible to the public CAREER: Securing Critical Infrastructure with Autonomously Secure Storage

Embedded systems currently rely on local and often insecure state retention for process control and subsequent forensic analysis. As critical embedded control systems (e.g., smart grids, SCADA) generate increasing amounts of data and become ever more connected to other systems, secure retention and management of that data is required. Attacks such as Stuxnet show that SCADA and other systems comprising critical infrastructure are vulnerable to the compromise of controllers and sensing devices, as well as falsification of data to circumvent anomaly detection mechanisms.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services.

group_project

Visible to the public TWC: Small: Using a Capability-Enhanced Microkernel as a Testbed for Language-based Security (CEMLaBS)

This project is investigating the potential for language-based security techniques in the construction of low-level systems software. The specific focus is on the development of an open, capability-enhanced microkernel whose design is based on seL4, a "security enhanced" version of the L4 microkernel that was developed, by a team in Australia, as the first fully verified, general purpose operating system.

group_project

Visible to the public TWC: TTP Option: Frontier: Collaborative: MACS: A Modular Approach to Cloud Security

The goal of the Modular Approach to Cloud Security (MACS) project is to develop methods for building information systems with meaningful multi-layered security guarantees. The modular approach of MACS focuses on systems that are built from smaller and separable functional components, where the security of each component is asserted individually, and where the security of the system as a whole can be derived from the security of its components. The project concentrates on building outsourced, cloud-based information services with client-centric security guarantees.