Networking, wired

The proliferation and increasing sophistication of censorship warrants continuing efforts to develop tools to evade it. Yet, designing effective mechanisms for censorship resistance ultimately depends on accurate models of the capabilities of censors, as well as how those capabilities will likely evolve. In contrast to more established disciplines within security, censorship resistance is relatively nascent, not yet having solid foundations for understanding censor capabilities or evaluating the effectiveness of evasion technologies.

Two methods used for vulnerability discovery in network protocols are testing and a semi-automated technique called model checking. Testing and model checking implementations of network protocols is a tedious and time-consuming task, where significant manual effort goes into designing test cases and protocol property specifications. Both approaches require detailed and structured information about the tested protocols, in the form of messages, state machine, invariants, etc. Most of the time this information is derived manually by people with different levels of expertise.

This project aims to reduce the impact of software vulnerabilities in Internet-connected systems by developing data-driven techniques for vulnerability measurement, assessment, and notification. Recent advances in Internet-wide scanning make it possible to conduct network surveys of the full public IPv4 address space in minutes.

Security and privacy are prominent concerns in modern communications. Although cryptographic approaches have been widely studied to protect a message's content from deciphering by an eavesdropper, there are many times when hiding the very existence of the communication is critical. The hiding of communication, termed covert (private) communication, is important in many domains such as covert military operations, and removing the ability of users to be tracked in their everyday activities.

This project addresses several key emerging security challenges that arise due to the wildly successful large-scale adoption of mobile devices with diverse network capabilities. The novel approach focuses on to understanding how various information that are legitimately and willingly provided by smartphone users due to the requested permissions of downloaded applications can be potentially abused. The second research focus is to identify improvements in the design of cellular network middlebox (e.g., firewall) policies by detailed exposure and explicitly defining the key requirements.