TTP

group_project

Visible to the public TWC TTP: Small: Security, Privacy, and Trust for Systems of Coordinating Medical Devices

Submitted by eyv on Wed, 12/20/2017 - 5:31pm

To lower costs and improve outcomes in current medical practice we need integrated interoperable medical systems to provide machine-assisted care, interaction detection, and improved alarm accuracy, to name just a few uses. This project is developing both the theory and practice to ensure the safety of next-generation medical devices by allowing secure coordination and composition, in facilities as small as a local doctor's office or as large as a multi-campus hospital.

Outcomes Report URL: 
https://www.research.gov/research-portal/appmanager/base/desktop?_nfpb=true&_win...
group_project

Visible to the public TWC: TTP Option: Large: Collaborative: Towards a Science of Censorship Resistance

Submitted by Katie Dey on Wed, 12/20/2017 - 2:10pm

The proliferation and increasing sophistication of censorship warrants continuing efforts to develop tools to evade it. Yet, designing effective mechanisms for censorship resistance ultimately depends on accurate models of the capabilities of censors, as well as how those capabilities will likely evolve. In contrast to more established disciplines within security, censorship resistance is relatively nascent, not yet having solid foundations for understanding censor capabilities or evaluating the effectiveness of evasion technologies.

Outcomes Report URL: 
https://www.research.gov/research-portal/appmanager/base/desktop?_nfpb=true&_win...
group_project

Visible to the public TTP: Small: A Kit for Exploring Databases under the Hood for Security, Forensics and Data Recovery

Submitted by Alexander Rasin on Tue, 12/19/2017 - 1:15pm

Database Management Systems (DBMS) have been used to store and process data in organizations for decades. Larger organizations use a variety of databases (commercial, open-source or custom-built) for different departments. However, neither users nor Database Administrators (DBAs) know exactly where the data is stored on the system or how it is processed. Most relational databases store internal data using universal principles that can be inferred and captured.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: ENCORE - ENhanced program protection through COmpiler-REwriter cooperation

Submitted by Kevin Hamlen on Tue, 11/21/2017 - 6:50am

Critical errors in widely used software are discovered almost every day. They currently leave users of that software vulnerable to cyber attacks until the manufacturer eventually supplies a fix - sometimes this takes unacceptably long. There currently is no way that users of commercial off-the-shelf software that is distributed as binary code can go and fix such vulnerabilities themselves, ex post facto, because software is not easily changeable once it has been compiled to binary form. This research project investigates techniques for enabling consumer-side rewriting of binary software.

group_project

Visible to the public TWC: TTP Option: Small: Collaborative: SRN: On Establishing Secure and Resilient Networking Services

Submitted by Kishor.Trivedi on Tue, 11/21/2017 - 6:44am

Almost every organization depends on cloud-based services. The backend of cloud-based services are designed for multiple tenants and reside in data centers spread across multiple physical locations. Network security and security management are major hurdles in such a complex, shared environment. This research investigates mitigating the security challenges by taking a moving target defense (MTD) approach.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

Submitted by Long Lu on Mon, 11/20/2017 - 7:04am

The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services.

group_project

Visible to the public TWC: TTP Option: Frontier: Collaborative: MACS: A Modular Approach to Cloud Security

Submitted by Marten van Dijk on Tue, 11/14/2017 - 12:48pm

The goal of the Modular Approach to Cloud Security (MACS) project is to develop methods for building information systems with meaningful multi-layered security guarantees. The modular approach of MACS focuses on systems that are built from smaller and separable functional components, where the security of each component is asserted individually, and where the security of the system as a whole can be derived from the security of its components. The project concentrates on building outsourced, cloud-based information services with client-centric security guarantees.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: ENCORE - ENhanced program protection through COmpiler-REwriter cooperation

Submitted by Mathias Payer on Tue, 11/14/2017 - 12:40pm

Critical errors in widely used software are discovered almost every day. They currently leave users of that software vulnerable to cyber attacks until the manufacturer eventually supplies a fix - sometimes this takes unacceptably long. There currently is no way that users of commercial off-the-shelf software that is distributed as binary code can go and fix such vulnerabilities themselves, ex post facto, because software is not easily changeable once it has been compiled to binary form. This research project investigates techniques for enabling consumer-side rewriting of binary software.

group_project

Visible to the public TWC: TTP Option: Small: Understanding the State of TLS Using Large-scale Passive Measurements

Submitted by Johanna Amann on Tue, 11/14/2017 - 11:38am

The Transport Layer Security (TLS) protocol constitutes the key building block for today's Internet security and is, for example, used for encrypted web connections using the HTTPS protocol. However, from its first version in 1994 until today, researchers and practitioners keep discovering TLS deficiencies undermining the protocol's security on a regular basis. While the academic community has applied intense scrutiny to the TLS/X.509 ecosystem, much of such work depends on access to difficult to acquire representative data on the protocol's deployment and usage.

group_project

Visible to the public TWC: TTP Option: Large: Collaborative: Towards a Science of Censorship Resistanc

Submitted by Jedidiah Crandall on Tue, 11/14/2017 - 6:54am

The proliferation and increasing sophistication of censorship warrants continuing efforts to develop tools to evade it. Yet, designing effective mechanisms for censorship resistance ultimately depends on accurate models of the capabilities of censors, as well as how those capabilities will likely evolve. In contrast to more established disciplines within security, censorship resistance is relatively nascent, not yet having solid foundations for understanding censor capabilities or evaluating the effectiveness of evasion technologies.