Transition to Practice

group_project

Visible to the public SBE: TTP Option: Medium: Data-Driven Cyber Vulnerability Maintenance

Submitted by Theodore Allen on Wed, 10/18/2017 - 11:33am

Researchers have found that over 90% of successful cyber attacks exploit vulnerabilities that could have been fixed with available patches. Vulnerabilities can be weak passwords or software with bugs on personal computers, mobile devices, or printers. Yet, decision-making about manually applying patches is difficult. First, a substantial fraction of vulnerabilities are fixed each month by automatic patching. Second, applying patches can have side-effects, making software unusable. Third, organizations have limited abilities to estimate the profit from applying patches.

group_project

Visible to the public TWC: Medium: Collaborative: Distribution-Sensitive Cryptography

Submitted by Ari Juels on Mon, 10/16/2017 - 4:52pm

Contemporary encryption schemes are almost exclusively distribution-agnostic. Their security properties are independent of the statistical characteristics of plaintexts, and the output of these schemes are ciphertexts that are uniformly distributed bit strings, irrespective of use case. While conceptually simple, such encryption schemes fail to meet basic, real-world requirements and have left longstanding functional gaps in key security applications.

group_project

Visible to the public TTP: Medium: Democratizing Secure Password Management

Submitted by Ari Juels on Mon, 10/16/2017 - 4:45pm

The theft of passwords and other user credentials from online services has become an epidemic, with password breaches regularly impacting large user populations and leaving both consumers and businesses vulnerable to attack. A number of research results point the way toward methods that could greatly improve the security of password systems. There is thus both an urgent need and a clear opportunity to transform the general state of industry practice in password management. Toward this end, the researchers build an easy-to-deploy password-protection system called PASS.

group_project

Visible to the public EAGER: Towards a Better Understanding of Group Privacy in Social Media Community Detection

Submitted by Abbadi El on Mon, 10/16/2017 - 3:27pm

Much of human communication is now mediated by online social networks. Twitter, Facebook, and Youtube now compete for our collective attention in much the same way as television, radio, and newspapers did for previous generations. But contemporary online social media are qualitatively different from media of the past. Online communication leaves a record of who said what to whom, when, and on what topic.

group_project

Visible to the public TWC SBE: TTP Option: Small: A User-Tailored Approach to Privacy Decision Support

Submitted by alfredkobsa on Mon, 10/16/2017 - 1:50pm

Numerous surveys find that Internet users want to limit the personal data that is being collected about them, as well as control the usage of their data. Existing and proposed regulation in the U.S. accords users such rights, in the form of a "transparency and control" obligation on personal data collectors: users should be informed about the rationale of requests for personal data so that they can make an informed decision on whether or not to disclose their data.

group_project

Visible to the public SBE: Medium: Collaborative: Understanding and Exploiting Visceral Roots of Privacy and Security Concerns

Submitted by Acquisti Alessandro on Mon, 10/16/2017 - 12:29pm

Human beings have evolved to detect and react to threats in their physical environment, and have developed perceptual systems selected to assess these physical stimuli for current, material risks. In cyberspace, the same stimuli are often absent, subdued, or deliberately manipulated by malicious third parties. Hence, security and privacy concerns that would normally be activated in the offline world may remain muted, and defense behaviors may be hampered.

group_project

Visible to the public EAGER: Creating a TTP Ecosystem Discovery and Support Resource for Cybersecurity Technology Transfer to Practice

Submitted by Yasinsac on Mon, 10/16/2017 - 12:10pm

The 2011 Federal Cybersecurity Research and Development Plan cites "Accelerating Transition to Practice (TTP)" as one of five strategic objectives in the Cyber Security and Information Assurance (CSIA) Program Component Area. TTP remains a strategic objective of Agencies which fund cybersecurity research, including NSF. However, the NSF cybersecurity portfolio contains only a small amount of security research that has been transitioned into operational activities.

group_project

Visible to the public TWC: Medium: Collaborative: Measuring and Improving the Management of Today's PKI

Submitted by Alan Mislove on Mon, 10/16/2017 - 12:00pm

The Public Key Infrastructure (PKI), along with the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, are responsible for securing Internet transactions such as banking, email, and e-commerce; they provide users with the ability to verify with whom they are communicating online, and enable encryption of those communications. While the use of the PKI is mostly automated, there is a surprising amount of human intervention in management tasks that are crucial to its proper operation.

group_project

Visible to the public TWC: Option: Medium: Collaborative: Semantic Security Monitoring for Industrial Control Systems

Submitted by Adam Slagell on Mon, 10/16/2017 - 11:29am

Industrial control systems differ significantly from standard, general-purpose computing environments, and they face quite different security challenges. With physical "air gaps" now the exception, our critical infrastructure has become vulnerable to a broad range of potential attackers. In this project we develop novel network monitoring approaches that can detect sophisticated semantic attacks: malicious actions that drive a process into an unsafe state without however exhibiting any obvious protocol-level red flags.