Transition to Practice

group_project

SaTC: CORE: Small: Collaborative: Understanding Law-Enforcement Cyber Investigations

Submitted by Kevin Steinmetz on Wed, 08/07/2019 - 1:52pm

Numerous challenges confront law enforcement investigations and prosecutions of cybercrime offenses, including under-reporting by victims, jurisdictional conflicts and limitations, insufficient resources, training, and expertise, as well as organizational constraints. This research is a study of cybercrime investigators, their departments, and the challenges they face in fighting cybercrime. The research consists of social scientific research on how law enforcement investigators and their units conduct cybercrime investigations.

group_project

Collaborative: Development and Testing of a Secure Programming Clinic

Submitted by Matt Bishop on Thu, 01/04/2018 - 12:33pm

This capacity building project will create Secure Programming Clinic to enhance student learning and expertise in writing robust, secure software, analogous to a writing clinic in an English department or law school. It provides continual reinforcement of the mechanisms, methods, technologies, and need for programming with security and robustness considerations throughout a student's undergraduate coursework. The clinic would augment courses, not replace them or their content.

group_project

TWC: TTP Option: Small: Collaborative: SRN: On Establishing Secure and Resilient Networking Services

Submitted by dijiang on Wed, 01/03/2018 - 4:48pm

Almost every organization depends on cloud-based services. The backend of cloud-based services are designed for multiple tenants and reside in data centers spread across multiple physical locations. Network security and security management are major hurdles in such a complex, shared environment. This research investigates mitigating the security challenges by taking a moving target defense (MTD) approach.

group_project

TWC: Small: Practical Assured Big Data Analysis in the Cloud

Submitted by aniketpkate on Wed, 01/03/2018 - 4:27pm

The use of "cloud technologies" presents a promising avenue for the requirements of big data analysis. Security concerns however represent a major impediment to the further adoption of clouds: through the sharing of cloud resources, an attack succeeding on one node can tamper with many applications sharing that node.

group_project

Forum on Cyber Resilience

Submitted by Jeisenberg on Wed, 01/03/2018 - 4:17pm

This project provides support for a National Academies Roundtable, the Forum on Cyber Resilience. The Forum will facilitate and enhance the exchange of ideas among scientists, practitioners, and policy makers concerned with the resilience of computing and communications systems, including the Internet, critical infrastructure, and other societally important systems.

group_project

TWC: Small: Developing Advanced Digital Forensic Tools Based on Network Stack Side Channels

Submitted by Jedidiah Crandall on Wed, 01/03/2018 - 4:14pm

This project is developing the next generation of network measurement tools for penetration testers, digital forensics experts, and other cybersecurity professionals who sometimes need to know more about the Internet or a specific network. It is developing techniques based on TCP/IP side channel inferences, where it is possible to infer something about a remote machine's view of the network based on the use of shared, limited resources.

Outcomes Report URL:

https://www.research.gov/research-portal/appmanager/base/desktop?_nfpb=true&_win...

group_project

TWC SBE: TTP Option: Medium: Collaborative: EPICA: Empowering People to Overcome Information Controls and Attacks

Submitted by marshini on Wed, 01/03/2018 - 4:05pm

This project studies the security of representative personalized services, such as search engines, news aggregators, and on-line targeted advertising, and identifies vulnerabilities in service components that can be exploited by pollution attacks to deliver contents intended by attackers.

group_project

TWC SBE: Small: Building the human firewall: Developing organizational resistance to semantic security threats

Submitted by Matthew Jensen on Wed, 01/03/2018 - 3:50pm

Semantic attacks are efforts by others to steal valuable information by imitating electronic communications from a trustworthy source. A common example of a semantic attack is phishing where a phisher sends unsolicited messages to potential targets. When a targeted individual responds, the phisher then steals valuable information from the individual. Semantic attacks flow through established channels of communication (e.g., email, social media) and are difficult to distinguish from legitimate messages.

Outcomes Report URL:

https://www.research.gov/research-portal/appmanager/base/desktop?_nfpb=true&_win...

group_project

TWC: TTP Option: Small: Collaborative: Integrated Smart Grid Analytics for Anomaly Detection

Submitted by Samir Tout on Wed, 01/03/2018 - 3:37pm

The modernized electric grid, the Smart Grid, integrates two-way communication technologies across power generation, transmission and distribution, in order to deliver electricity efficiently, securely and cost-effectively. On the monitoring and control side, it employs real-time monitoring offered by a messaging-based advanced metering infrastructure (AMI), which ensures the grid?s stability and reliability, as well as the efficient implementation of demand response schemes to mitigate bursts demand.

group_project

TWC: TTP Option: Small: Open-Audit Voting Systems---Protocol Models and Properties

Submitted by poorvi on Wed, 01/03/2018 - 3:33pm

Open-audit cryptographic voting protocols enable the verification of election outcomes, independent of whether election officials or polling machines behave honestly. Many open-audit voting systems have been prototyped and deployed. The City of Takoma Park, MD held its 2009 and 2011 city elections using voting system Scantegrity. Systems with similar properties are being proposed for use in Victoria, Australia (the Pret a Voter system) and Travis County, Texas (the STAR-Vote system).