Risk Management

group_project

Visible to the public TWC SBE: Medium: Collaborative: Dollars for Hertz: Making Trustworthy Spectrum Sharing Technically and Economically Viable

Submitted by Michelle Connolly on Mon, 10/09/2017 - 1:52pm

The critical role of spectrum as a catalyst for economic growth was highlighted in the 2010 National Broadband Plan (NBP). A challenge for the NBP is realizing optimal spectrum sharing in the presence of interference caused by rogue transmissions from any source, but particularly secondary users who share the spectrum. This complex problem straddles wireless technology, industrial economics, international standards, and regulatory policy.

group_project

Visible to the public EAGER: Collaborative: IC Supply Chain Security and Quality Control in Business and Social Context

Submitted by Wei-Ming Lin on Mon, 10/09/2017 - 1:48pm

Trusted hardware is essential to achieving a secure and trustworthy cyberspace. However, this security foundation is not free of threats. Specifically, an adversary involved in Integrated Circuit (IC) development and supply may launch a number of attacks such as intellectual property theft, design tamper, counterfeiting and overproduction. The Comprehensive National Cyber Security Initiative has identified this supply chain risk management problem as a top national priority.

group_project

Visible to the public CRII: SaTC: Empirical and Analytical Models for the Deployment of Software Updates in Large Vulnerable Populations

Submitted by tdumitra on Mon, 10/09/2017 - 1:13pm

Software vulnerabilities are an important vector for malware delivery. The software updating mechanisms, responsible for deploying the vulnerability patches, are in a race with the cyber attackers seeking to exploit the vulnerabilities. Moreover, these updating mechanisms have multiple, potentially conflicting, design goals, as they must quickly deploy patches on millions of hosts worldwide, must not overburden the users, and must avoid breaking dependencies in the deployment environment.

group_project

Visible to the public TWC: Medium: Collaborative: Re[DP]: Realistic Data Mining Under Differential Privacy

Submitted by Michael Hay on Mon, 10/09/2017 - 10:06am

The collection and analysis of personal data about individuals has revolutionized information systems and fueled US and global economies. But privacy concerns regarding the use of such data loom large. Differential privacy has emerged as a gold standard for mathematically characterizing the privacy risks of algorithms using personal data. Yet, adoption of differentially private algorithms in industry or government agencies has been startlingly rare.

group_project

Visible to the public SaTC-EDU: EAGER: Education Initiative TECH MeD: Transdisciplinary Education for Critical Hacks of Medical Devices

Submitted by Michael Bachmann on Mon, 10/09/2017 - 9:25am

TECH MeD (Transdisciplinary Education for Critical Hacks of Medical Devices) seeks to engage a broad audience about the cybersecurity implications of remotely accessible, implantable medical devices. The project will educate undergraduate and graduate-level students from various disciplines, healthcare professionals, patients, and the general public about the ethical, legal, social, and technical implications of these remotely accessible devices.

group_project

Visible to the public EAGER: Can You Trust Apps Age Recommendations? Inconsistent and Unreliable Maturity Ratings on Mobile Platforms

Submitted by Yilu Zhou on Fri, 10/06/2017 - 2:21pm

While smart phones provide an excellent way for communication, entertaining and education, they also raise many privacy and security concerns. Children are facing the risks of being exposed to inappropriate content due to mis-rated Apps. Both Android and iOS apps come with maturity ratings that examine the existence and intensity of mature themes within each app. However, each mobile platform adopts its own rating policy and rating strategy which creates inconsistency and inaccurate ratings. The maturity ratings for Android apps are purely a result of app developers' self-report.