Scientific Foundations

group_project

Visible to the public TWC: TTP Option: Frontier: Collaborative: MACS: A Modular Approach to Cloud Security

Submitted by Ran Canetti on Thu, 10/12/2017 - 3:13pm

The goal of the Modular Approach to Cloud Security (MACS) project is to develop methods for building information systems with meaningful multi-layered security guarantees. The modular approach of MACS focuses on systems that are built from smaller and separable functional components, where the security of each component is asserted individually, and where the security of the system as a whole can be derived from the security of its components. The project concentrates on building outsourced, cloud-based information services with client-centric security guarantees.

group_project

Visible to the public TWC: Small: Belling the CAD: Towards Security-Centric Electronic System Level Design

Submitted by Ramesh Karri on Thu, 10/12/2017 - 3:08pm

An Integrated Circuit (ICs) is at the core of many critical applications from financial and healthcare to avionics and military applications. Trustworthy ICs are therefore fundamental in ensuring the safety and security of our society. Unfortunately, cost considerations and globalization have pushed the IC design to a decentralized and distributed paradigm, where the design of a system-on-an-IC (SOC) spans various companies and countries with the fabrication of these SoCs taking place in third party (offshore) foundries.

group_project

Visible to the public TWC: Small: A platform for enhancing security of binary code

Submitted by Ramasubramanian S... on Thu, 10/12/2017 - 1:56pm

Cyberattacks are enabled by software vulnerabilities that allow attackers to plant software exploits. As old vulnerabilities are found and fixed, attackers continue to find new ones. As a result, software vendors, system administrators and security professionals have come to rely increasingly on techniques that insert additional code into software for detecting and/or blocking cyber attacks in progress.

group_project

Visible to the public TWC: Small: Attribute Based Access Control for Cloud Infrastructure as a Service

Submitted by RAM KRISHNAN on Thu, 10/12/2017 - 1:53pm

When an organization moves its hardware resources to a cloud infrastructure as a service (IaaS) provider, it faces 2 major issues: (1) cumbersome abstractions of access control facilities provided by the cloud service provider over its virtual assets (compute, storage, networking, etc.), and (2) multi-tenancy and availability concerns arising due to lack of control of virtual resource placement in the physical infrastructure.

Outcomes Report URL: 
https://www.research.gov/research-portal/appmanager/base/desktop?_nfpb=true&_win...
group_project

Visible to the public CAREER: Group-Centric Secure Information Sharing - Models, Properties, and Implementation

Submitted by RAM KRISHNAN on Thu, 10/12/2017 - 1:51pm

One of the oldest and most challenging problems in cyber security is to enable secure information sharing (SIS) (i.e., maintaining some control over information even after it has been shared.) For example, a product manufacturer may need to share customer account information with a company that ships the products and bills the customers. The manufacturer cannot allow its partner to then misuse those customer records by direct marketing or selling customer records. This project focuses on the policy challenge of specifying, analyzing and enforcing SIS policies.

group_project

Visible to the public SaTC-BSF: TWC: Small: Using Individual Differences to Personalize Security Mitigations

Submitted by Serge Egelman on Wed, 10/11/2017 - 4:07pm

Over the past decade, people have realized that failure to account for human factors has resulted in many software security problems. Yet, when software does feature user-centric design, it takes into account average user behavior rather than catering to the individual. Thus, systems designers have gone from designing for security experts to now appealing to the least common denominator.

group_project

Visible to the public NSFSaTC-BSF: TWC: Small: Cryptography and Communication Complexity

Submitted by Rafail Ostrovsky on Wed, 10/11/2017 - 2:27pm

Current cloud based systems enable distributed access to both information and computational resources. In this setting, it is imperative to have secure communication, and powerful and expensive cryptographic techniques have been proposed to address this issue. A severely limiting factor, however, is that these methods for securely accessing or processing data between participating parties can result in communication overheads when processing large amounts of data.

group_project

Visible to the public NSFSaTC-BSF: TWC: Small: Practical Plausibly Deniable Encryption through Low-Level Storage Device Behavior

Submitted by Radu Sion on Wed, 10/11/2017 - 2:25pm

Plausibly deniable encryption is the ability to hide that given data is on a device, whether the ability exists to decrypt it, or even that the data exists. Plausible deniability is a powerful property to protect data on devices the user has lost physical control over, such as protecting consumers from accidental mass disclosures of private data through misplaced devices. This issue is of particular concern for anyone who travels internationally with sensitive data, including human rights workers, diplomats, military personnel, or even business travelers.

group_project

Visible to the public TTP: Medium: A Campus Pilot For A Privacy-Enabled Cloud Storage, Search, and Collaboration Portal for Education

Submitted by Radu Sion on Wed, 10/11/2017 - 2:23pm

As higher education institutions consider moving services to the cloud to save costs and improve collaboration, significant challenges to successful large-scale adoption still exist. Institutions are unwilling to risk cloud deployment because provable technological defenses have thus far been lacking. Control over sensitive data is relinquished without the institution's knowledge, liability is shifted and data breach risks are significantly increased. Further, regulatory-sensitive data has become an increasingly attractive target.

group_project

Visible to the public TWC: Medium: Collaborative: Aspire: Leveraging Automated Synthesis Technologies for Enhancing System Security

Submitted by mittal on Wed, 10/11/2017 - 2:06pm

Designing secure systems and validating security of existing systems are hard challenges facing our society. For implementing secure applications, a serious stumbling block lies in the generation of a correct system specification for a security policy. It is non-trivial for both system designers and end users to express their intent in terms of formal logic. Similar challenges plague users' trying to validate security properties of existing applications, such as web or cloud based services, which often have no formal specifications.