CRII

Computers are increasingly pervasive and diverse, embedded in devices ranging from smart phones and wearable computers to home automation devices and automotive systems. This explosive growth has far outpaced the speed with which device behaviors can be analyzed and understood, creating unprecedented opportunities for "Internet of Things" devices to engage in nefarious activities such as violating users' privacy or spreading malware.

The goal of this project is to develop practical non-malleable codes, which are encoding schemes that have the property that modifying an encoded message results in either decoding the original message or a totally unrelated message. This will improve upon previous constructions and create practical methods to secure against memory attacks for both computers and portable devices. The practical designs developed in this project would immediately improve the performance in applications that use non-malleable codes.

As software controls an ever-increasing number of devices that perform critical tasks, their security and robustness are of paramount importance to society. In addition, malicious software and "greyware" that violates the privacy of users causes billions in damage every year and erodes public confidence in computing systems. However, despite decades of work on techniques to analyze software with automated techniques, it remains a difficult and largely manual task.

Modern society relies on computers to manage and transmit sensitive data. These computers run our banks, provide our telecommunications services (such as phone, TV, and Internet), and operate critical systems found in automobiles and power grids. The software on these systems is vulnerable to automated attacks and, if attacked successfully, can be used to cause the loss of money, property, and life. While researchers have developed automated, easy-to-use countermeasures to thwart such attacks, it is unclear whether these countermeasures work.

Software systems are under constant attack: extracting sensitive data from running computer systems is a prime and highly lucrative target for attackers. Yet, current defense mechanisms fail to protect confidential or private data along with the integrity and availability of the underlying system. While it is important to find and fix vulnerabilities, it is unlikely that all vulnerabilities will ever be discovered. Therefore, there is an argument to be had for stronger defense mechanisms that protect software systems even in the presence of vulnerabilities.