Risk Management

Our nation's information technology (IT) infrastructure is vulnerable to numerous security risks, including security vulnerabilities within the IT supply chain. This research addresses the cyber-security risks and vulnerabilities that exist in the Federal IT infrastructure. It will provide new insights for prioritizing and deploying IT security mitigations in a budget-constrained environment. It will also develop tools that can be used by Federal decision-makers and other large organizations which make investments.

The protection of cyber-physical critical infrastructures such as the power grid, water distribution networks, and transportation networks against computer attacks is a matter of national security, public safety, and economic stability; however, most of these critical assets are owned and operated by private companies with pressing operational requirements, tight security budgets, and aversion to regulatory oversight. As a result it is not clear that market incentives alone will create enough momentum to improve the security posture of these systems.

This project is developing the next generation of network measurement tools for penetration testers, digital forensics experts, and other cybersecurity professionals who sometimes need to know more about the Internet or a specific network. It is developing techniques based on TCP/IP side channel inferences, where it is possible to infer something about a remote machine's view of the network based on the use of shared, limited resources.

Adolescents are at higher risk of engaging in risky behaviors in online social networks. This project develops digital intervention solutions to motivate, educate, support and engender safe social networking behaviors among adolescents. It significantly extends the current understanding of adolescent motivations for engaging in risky online behaviors and the state-of-the-art solutions for reducing adolescent exposure to such behaviors.

Despite an emphasis the security community places on the importance of producing secure software, the number of new security vulnerabilities in software increases every year. This research is based on the assumption that software vulnerabilities are caused by misunderstandings, or lack of knowledge, called blind spots, which the developers experience while they are building systems. When building systems, developers often focus more on functional requirements than on non-functional ones, such as security.