CMU

event

Visible to the public  Science of Security Lablet Quarterly Meeting (CMU) - July 2017
Jul 10, 2017 8:30 am - Jul 11, 2017 12:00 pm EDT

The 2017 Summer Science of Security Quarterly Meeting will be hosted at Carnegie Mellon University on Monday, July 10 8:30AM - 5:00PM and Tuesday, July 11 2017 8:30AM - 12:00PM. The meeting will take place on the CMU Campus in the Gates Hillman Center Room 6115.

group_project

Visible to the public Real-time Privacy Risk Evaluation and Enforcement

Critical infrastructure is increasingly comprised of distributed, inter---dependent components and information that is vulnerable to sophisticated, multi---stage cyber---attacks. These attacks are difficult to understand as isolated incidents, and thus to improve understanding and response, organizations must rapidly share high quality threat, vulnerability and exploit---related, cyber---security information. However, pervasive and ubiquitous computing has blurred the boundary between work---related and personal data. This includes both the use of workplace computers for p

group_project

Visible to the public Usable Formal Methods for the Design and Composition of Security and Privacy Policies

Security-Metrics-Driven-Evaluation, Design, Development and Deployment. Our research evaluates security pattern selection and application by designers in response to attack patterns. The evaluation is based on formal models of attack scenarios that are used to measure security risk and promote risk reduction strategies based on assurance cases constructed by the analyst. The aim is to improve the usability of formal methods for studying security design and composition.

group_project

Visible to the public Highly Configurable Systems

In highly configurable software systems the configuration space is too big for (re-)certifying every configuration in isolation. In this project, we combine software analysis with network analysis to detect which configuration options interact and which have local effects. Instead of analyzing a system as Linux and SELinux for every combination of configuration settings one by one (>10^2000 even considering compile-time configurations only), we analyze the effect of each configuration option once for the entire configuration space.

group_project

Visible to the public Limiting Recertification in Highly Configurable Systems: Analyzing Interactions and Isolation among Configuration Options

In highly configurable systems the configuration space is too big for (re-)certifying every configuration in isolation. In this project, we combine software analysis with network analysis to detect which configuration options interact and which have local effects. Instead of analyzing a system as Linux and SELinux for every combination of configuration settings one by one (>10^2000 even considering compile-time configurations only), we analyze the effect of each configuration option once for the entire configuration space.

group_project

Visible to the public Multi-model run-time security analysis

Our research focuses on creating the scientific foundations to support model-based run-time diagnosis and repair of security attacks. Specifically, our research develops models that (a) scale gracefully with the size of system and have appropriate real-time characteristics for run-time use, and (b) support composition through multi-model analysis. Network models will complement architectural models in two ways: (a) to characterize the organizational context of a system, and (b) to detect anomalies through network representations of architectural behavior.

group_project

Visible to the public Epistemic Models for Security

Noninterference defines a program to be secure if changes to high-security inputs cannot alter low-security outputs thereby indirectly stating the epistemic property that no low-security principal acquires knowledge of high-security data. We consider a directly epistemic account of information-flow control focusing on the knowledge flows engendered by the program's execution. Storage effects are of primary interest, since principals acquire and disclose knowledge from the execution only through these effects. The information-flow properties of the individual effectful acti

group_project

Visible to the public Improving the Usability of Security Requirements by Software Developers through Empirical Studies and Analysis

This project aims to discover general theory to explain what cues security experts use to decide when to apply security requirements and how to present those cues in the form of security patterns to novice designers in a way that yields improved security designs.

TEAM

PIs: Travis Breaux (CMU), Laurie Williams, & Jianwei Niu (CMU)
Student: Maria Riaz