NCSU

group_project

Visible to the public Modeling the risk of user behavior on mobile devices

Submitted by watsonb on Wed, 02/26/2014 - 4:48pm

It is already true that the majority of users' computing experience is a mobile one. Unfortunately that mobile experience is also more risky: users are often multitasking, hurrying or uncomfortable, leading them to make poor decisions. Our goal is to use mobile sensors to predict when users are distracted in these ways, and likely to behave insecurely. We will study this possibility in a series of lab and field experiments.

TEAM

PIs: Benjamin Watson, Will Enck, Anne McLaughlin, Michael Rappa

group_project

Visible to the public An Adoption Theory of Secure Software Development Tools

Submitted by emerson on Wed, 02/26/2014 - 4:47pm

Programmers interact with a variety of tools that help them do their jobs, from "undo" to FindBugs' security warnings to entire development environments. However, programmers typically know about only a small subset of tools that are available, even when many of those tools might be valuable to them. In this project, we investigate how and why software developers find out about -- and don't find out about -- software security tools. The goal of the project is to help developers use more relevant security tools, more often.

TEAM

group_project

Visible to the public Low-level Analytics Models of Cognition for Novel Security Proofs

Submitted by vouk on Wed, 02/26/2014 - 4:46pm

A key concern in security is identifying differences between human users and "bot" programs that emulate humans. Users with malicious intent will often utilize wide-spread computational attacks in order to exploit systems and gain control. Conventional detection techniques can be grouped into two broad categories: human observational proofs (HOPs) and human interactive proofs (HIPs).

group_project

Visible to the public Normative Trust Toward a Principled Basis for Enabling Trustworthy Decision Making

Submitted by mpsingh on Wed, 02/26/2014 - 4:44pm

This project seeks to develop a deeper understanding of trust than is supported by current methods, which largely disregard the underlying relationships based on which people trust or not trust each other. Accordingly, we begin from the notion of what we term normative relationships--or norms for short--directed from one principal to another. An example of a normative relationship is a commitment: is the first principal committed to doing something for the second principal?

group_project

Visible to the public A Science of Timing Channels in Modern Cloud Environments

Submitted by reiter on Wed, 02/26/2014 - 4:43pm

The eventual goal of our research is to develop a principled design for comprehensively mitigating access-driven timing channels in modern compute clouds, particularly of the "infrastructure as a service" (IaaS) variety. This type of cloud permits the cloud customer to deploy arbitrary guest virtual machines (VMs) to the cloud. The security of the cloud-resident guest VMs depends on the virtual machine monitor (VMM), e.g., Xen, to adequately isolate guest VMs from one another.

group_project

Visible to the public Studying Latency and Stability of Closed-Loop Sensing-Based Security Systems

Submitted by rudra on Wed, 02/26/2014 - 4:41pm

In this project, our focus is on understanding a class of security systems in analytical terms at a certain level of abstraction. Specifically, the systems we intend to look at are (I) multipath routing (for increasing reliability), (ii) dynamic firewalls. For multipath routing, the threat scenario is jamming - the nodes that are disabled due to the jamming take the place of compromised components in that they fail to perform their proper function. The multipath and diverse path mechanisms are inten

group_project

Visible to the public Spatiotemporal Security Analytics and Human Cognition

Submitted by robertsd@csc.ncsu... on Wed, 02/26/2014 - 4:40pm

A key concern in security is identifying differences between human users and "bot" programs that emulate humans. Users with malicious intent will often utilize wide-spread computational attacks in order to exploit systems and gain control. Conventional detection techniques can be grouped into two broad categories: human observational proofs (HOPs) and human interactive proofs (HIPs).

group_project

Visible to the public Towards a Scientific Basis for User Center Security Design

Submitted by rproctor on Wed, 02/26/2014 - 4:38pm

Human interaction is an integral part of any system. Users have daily interactions with a system and make many decisions that affect the overall state of security. The fallibility of users has been shown but there is little research focused on the fundamental principles to optimize the usability of security mechanisms. We plan to develop a framework to design, develop and evaluate user interaction in a security context.

group_project

Visible to the public Quantifying Mobile Malware Threats

Submitted by Anonymous on Wed, 02/26/2014 - 4:37pm

In this project, we aim to systematize the knowledge base about existing mobile malware (especially on Android) and quantify their threats so that we can develop principled solutions to provably determine their presence or absence in existing marketplaces. The hypothesis is that there exist certain fundamental commonalities among existing mobile malware.

group_project

Visible to the public An Investigation of Scientific Principles Involved in Software Security Engineering

Submitted by Laurie Williams on Wed, 02/26/2014 - 4:35pm

Fault elimination part of software security engineering hinges on pro-active detection of potential vulnerabilities during software development stages.