Scientific Foundations

group_project

Visible to the public  TWC: Large: Collaborative: Verifiable Hardware: Chips that Prove their Own Correctness

Submitted by Mariana Raykova on Mon, 11/20/2017 - 6:43am

This project addresses how semiconductor designers can verify the correctness of ICs that they source from possibly untrusted fabricators. Existing solutions to this problem are either based on legal and contractual obligations, or use post-fabrication IC testing, both of which are unsatisfactory or unsound. As a sound alternative, this project designs and fabricates verifiable hardware: ICs that provide proofs of their correctness for every input-output computation they perform in the field.

group_project

Visible to the public TWC: Medium: Collaborative: New Protocols and Systems for RAM-Based Secure Computation

Submitted by Mariana Raykova on Mon, 11/20/2017 - 6:40am

Secure computation allows users to collaboratively compute any program on their private data, while ensuring that they learn nothing beyond the output of the computation. Existing protocols for secure computation primarily rely on a boolean-circuit representation for the program being evaluated, which can be highly inefficient. This project focuses on developing secure-computation protocols in the RAM model of computation. Particularly challenging here is the need to ensure that memory accesses are oblivious, and do not leak information about private data.

group_project

Visible to the public CAREER: The Value of Privacy

Submitted by Katrina Ligett on Mon, 11/20/2017 - 6:37am

This project takes a new approach to problems involving sensitive data, by focusing on rigorous mathematical modeling and characterization of the value of private information. By focusing on quantifying the loss incurred by affected individuals when their information is used -- and quantifying the attendant benefits of such use -- the approaches advanced by this work enable concrete reasoning about the relative risks and rewards of a wide variety of potential computations on sensitive data.

group_project

Visible to the public TWC: Small: Bridging the Gap Between Cutting-Edge Cryptography and Practice

Submitted by Mark Zhandry on Tue, 11/14/2017 - 1:00pm

The cloud is becoming increasingly integral to our daily lives, the business ecosystem, and society at large. Recently, cutting-edge cryptosystems have been developed that provide the first-ever theoretical solutions to many cloud-related tasks. Such tasks include fine-grained access control to encrypted data, broadcasting to a set of recipients with minimal communication overhead, hiding secrets in public code, and much more.

group_project

Visible to the public TWC: Small: Using a Capability-Enhanced Microkernel as a Testbed for Language-based Security (CEMLaBS)

Submitted by Mark Jones on Tue, 11/14/2017 - 12:53pm

This project is investigating the potential for language-based security techniques in the construction of low-level systems software. The specific focus is on the development of an open, capability-enhanced microkernel whose design is based on seL4, a "security enhanced" version of the L4 microkernel that was developed, by a team in Australia, as the first fully verified, general purpose operating system.

group_project

Visible to the public TWC: TTP Option: Frontier: Collaborative: MACS: A Modular Approach to Cloud Security

Submitted by Marten van Dijk on Tue, 11/14/2017 - 12:48pm

The goal of the Modular Approach to Cloud Security (MACS) project is to develop methods for building information systems with meaningful multi-layered security guarantees. The modular approach of MACS focuses on systems that are built from smaller and separable functional components, where the security of each component is asserted individually, and where the security of the system as a whole can be derived from the security of its components. The project concentrates on building outsourced, cloud-based information services with client-centric security guarantees.

group_project

Visible to the public TWC: Medium: Leakage of Communications Signatures: Analysis of Eavesdropping Attacks and Proactive Countermeasures

Submitted by Marwan Krunz on Tue, 11/14/2017 - 12:43pm

As society continues to depend on the rapidly expanding wireless ecosystem, we are challenged with serious threats related to user privacy, data confidentiality, and critical system availability. A significant portion of these threats is attributed to the broadcast nature of wireless transmissions. Using commodity radio hardware, unauthorized parties can easily eavesdrop on over-the-air transmissions and breach the privacy of communicating users by tracking their whereabouts and movements, and inferring their associations, health state, and preferences.

group_project

Visible to the public TWC: Medium: Collaborative: Active Security

Submitted by Jonathan Smith on Tue, 11/14/2017 - 12:35pm

Computer and network security is currently challenged by the need to secure diverse network environments including clouds and data-centers, PCs and enterprise infrastructures. This diversity of environments is coupled to increased attack sophistication. Today's tools for securing network and computing infrastructures can be painstakingly composed and configured using available components, but fail to automatically learn from their environment and actively protect it.

group_project

Visible to the public TWC: Medium: Collaborative: Efficient Repair of Learning Systems via Machine Unlearning

Submitted by Junfeng Yang on Tue, 11/14/2017 - 12:25pm

Today individuals and organizations leverage machine learning systems to adjust room temperature, provide recommendations, detect malware, predict earthquakes, forecast weather, maneuver vehicles, and turn Big Data into insights. Unfortunately, these systems are prone to a variety of malicious attacks with potentially disastrous consequences. For example, an attacker might trick an Intrusion Detection System into ignoring the warning signs of a future attack by injecting carefully crafted samples into the training set for the machine learning model (i.e., "polluting" the model).

group_project

Visible to the public TWC: Small: Secure Near Field Communications between Mobile Devices

Submitted by Kai Zeng on Tue, 11/14/2017 - 12:20pm

By the end of this decade, it is estimated that Internet of Things (IoT) could connect as many as 50 billion devices. Near Field Communication (NFC) is considered as a key enabler of IoT. Many useful applications are supported by NFC, including contactless payment, identification, authentication, file exchange, and eHealthcare, etc. However, securing NFC between mobile devices faces great challenges mainly because of severe resource constraints on NFC devices, NFC systems deployed without security, and sophisticated adversaries.