Scientific Foundations

group_project

Visible to the public TWC: Frontier: Collaborative: CORE: Center for Encrypted Functionalities

Submitted by Susan Hohenberger on Mon, 10/23/2017 - 2:57pm

The Center for Encrypted Functionalities (CORE) tackles the deep and far-reaching problem of general-purpose "program obfuscation," which aims to enhance cybersecurity by making an arbitrary computer program unintelligible while preserving its functionality.

group_project

Visible to the public TWC: Frontier: Collaborative: Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives

Submitted by Vern Paxson on Mon, 10/23/2017 - 2:54pm

This project tackles the social and economic elements of Internet security: how the motivations and interactions of attackers, defenders, and users shape the threats we face, how they evolve over time, and how they can best be addressed. While security is a phenomenon mediated by the technical workings of computers and networks, it is ultimately a conflict driven by economic and social issues that merit a commensurate level of scrutiny.

group_project

Visible to the public TWC SBE: TTP Option: Medium: Collaborative: EPICA: Empowering People to Overcome Information Controls and Attacks

Submitted by Wenke Lee on Mon, 10/23/2017 - 2:48pm

This project studies the security of representative personalized services, such as search engines, news aggregators, and on-line targeted advertising, and identifies vulnerabilities in service components that can be exploited by pollution attacks to deliver contents intended by attackers.

group_project

Visible to the public TWC SBE: Small: Establishing market based mechanisms for CYBer security information EXchange (CYBEX)

Submitted by Shamik Sengupta on Mon, 10/23/2017 - 2:43pm

Robust cybersecurity information sharing infrastructure is required to protect the firms from future cyber attacks which might be difficult to achieve via individual effort. The United States federal government clearly encourage the firms to share their discoveries on cybersecurity breach and patch related information with other federal and private firms for strengthening the nation's security infrastructure.

group_project

Visible to the public TTP: Medium: Securing the Wireless Philadelphia Network

Submitted by Steven Weber on Thu, 10/19/2017 - 10:56pm

The Wireless Philadelphia Network (WPN) is a metropolitan?area network (MAN) consisting of thousands of Tropos 5210 wireless mesh routers distributed across the entire city of Philadelphia and connected by a fiber backbone. This project is employing this network as a testbed to investigate three diverse security challenges facing any large-scale wireless network servicing a heterogeneous population.

group_project

Visible to the public STARSS: TTP Option: Small: A Quantum Approach to Hardware Security: from Theory to Optical Implementation

Submitted by Yaoyun Shi on Thu, 10/19/2017 - 10:48pm

The problem of ensuring that computer hardware is not surreptitiously malicious is a growing concern. The case of random number generators (RNGs) is particularly important because random numbers are foundational to information security. All current solutions in practice require trusting the hardware, and are therefore vulnerable to hardware attacks. This project explores a quantum-based solution to hardware security by designing and implementing a new class of RNGs that can prove their own integrity to the user.

group_project

Visible to the public STARSS: Small: Collaborative: Specification and Verification for Secure Hardware

Submitted by saseshia on Thu, 10/19/2017 - 5:04pm

There is a growing need for techniques to detect security vulnerabilities in hardware and at the hardware-software interface. Such vulnerabilities arise from the use of untrusted supply chains for processors and system-on-chip components and from the scope for malicious agents to subvert a system by exploiting hardware defects arising from design errors, incomplete specifications, or maliciously inserted blocks.

group_project

Visible to the public TWC: Medium: Collaborative: New Protocols and Systems for RAM-Based Secure Computation

Submitted by Samuel Gordon on Thu, 10/19/2017 - 4:57pm

Secure computation allows users to collaboratively compute any program on their private data, while ensuring that they learn nothing beyond the output of the computation. Existing protocols for secure computation primarily rely on a boolean-circuit representation for the program being evaluated, which can be highly inefficient. This project focuses on developing secure-computation protocols in the RAM model of computation. Particularly challenging here is the need to ensure that memory accesses are oblivious, and do not leak information about private data.

group_project

Visible to the public TWC: Small: Employing Information Theoretic Metrics to Quantify and Enhance the Security of Hardware Designs

Submitted by rck289 on Thu, 10/19/2017 - 4:50pm

Computing devices control much of the world around us. They power smart phones, kitchen appliances, cars, power grids, medical devices, and many of the other objects that we rely upon in our everyday lives. The foundation of these systems is the hardware, which are complex multi-billion transistor chips. Gaining control of the hardware provides unfettered access to every part of the system. This makes it a highly attractive target for attackers.

group_project

Visible to the public CAREER: At-scale Analysis of Issues in Cyber-Security and Software Engineering

Submitted by jules on Wed, 10/18/2017 - 7:30pm

One of the most significant challenges in cybersecurity is that humans are involved in software engineering and inevitably make security mistakes in their implementation of specifications, leading to software vulnerabilities. A challenge to eliminating these mistakes is the relative lack of empirical evidence regarding what secure coding practices (e.g., secure defaults, validating client data, etc.), threat modeling, and educational solutions are effective in reducing the number of application-level vulnerabilities that software engineers produce.