Cybersecurity Workforce

group_project

Visible to the public  EDU: Collaborative: Using Virtual Machine Introspection for Deep Cyber Security Education

Submitted by ahmirf44 on Thu, 01/04/2018 - 1:05pm

Cybersecurity is one of the most strategically important areas in computer science, and also one of the most difficult disciplines to teach effectively. Historically, hands-on cyber security exercises helped students reinforce basic concepts, but most of them focused on user level attacks and defenses. Since OS kernels provide the foundations to the applications, any compromise to OS kernels will lead to an entirely untrusted computing. Therefore, it is imperative to teach students the practice of kernel level attacks and defenses.

group_project

Visible to the public SaTC-EDU: EAGER: Peer Instruction for Cybersecurity Education

Submitted by ahmirf44 on Thu, 01/04/2018 - 1:02pm

Engineering a secure IT system, in addition to technical skills, requires a particular mindset focused on using cybersecurity solutions effectively against sophisticated and stealthy cyber attacks. The traditional lecture-centric style of teaching has failed to deliver that mindset, which is the direct result of an over-emphasis on specific technical skills (with limited lifespan and insufficient technical depth), abstract rather than deeply technical examination of fundamental concepts, and an impatience in developing broader analytical skills.

group_project

Visible to the public SBE TWC: Small: Collaborative: Pocket Security - Smartphone Cybercrime in the Wild

Submitted by Madeline Diep on Thu, 01/04/2018 - 12:57pm

Most of the world's internet access occurs through mobile devices such as smart phones and tablets. While these devices are convenient, they also enable crimes that intersect the physical world and cyberspace. For example, a thief who steals a smartphone can gain access to a person?s sensitive email, or someone using a banking app on the train may reveal account numbers to someone looking over her shoulder. This research will study how, when, and where people use smartphones and the relationship between these usage patterns and the likelihood of being a victim of cybercrime.

group_project

Visible to the public Collaborative: Development and Testing of a Secure Programming Clinic

Submitted by Matt Bishop on Thu, 01/04/2018 - 12:33pm

This capacity building project will create Secure Programming Clinic to enhance student learning and expertise in writing robust, secure software, analogous to a writing clinic in an English department or law school. It provides continual reinforcement of the mechanisms, methods, technologies, and need for programming with security and robustness considerations throughout a student's undergraduate coursework. The clinic would augment courses, not replace them or their content.

group_project

Visible to the public SaTC-EDU: EAGER: Cybersecurity education for public policy

Submitted by John Mitchell on Thu, 01/04/2018 - 12:28pm

The project will develop a variety of video and text-based cybersecurity educational materials for anyone who is interested or involved in public policy, and who would benefit from a greater familiarity with the constraints under which cybersecurity policy making occurs.

group_project

Visible to the public CAREER: Finding Levers for Privacy and Security by Design in Mobile Development

Submitted by kshilton on Wed, 01/03/2018 - 4:58pm

Mobile data are one of the fastest emerging forms of personal data. Ensuring the privacy and security of these data are critical challenges for the mobile device ecosystem. Mobile applications are easy to build and distribute, and can collect a large variety of sensitive personal data. Current approaches to protecting this data rely on security and privacy by design: encouraging developers to proactively implement security and privacy features to protect sensitive data.

group_project

Visible to the public EAGER: Improving Incentives and Awareness, to Increase the Security Posture of Critical Infrastructures

Submitted by cardenas on Wed, 01/03/2018 - 4:30pm

The protection of cyber-physical critical infrastructures such as the power grid, water distribution networks, and transportation networks against computer attacks is a matter of national security, public safety, and economic stability; however, most of these critical assets are owned and operated by private companies with pressing operational requirements, tight security budgets, and aversion to regulatory oversight. As a result it is not clear that market incentives alone will create enough momentum to improve the security posture of these systems.

group_project

Visible to the public Forum on Cyber Resilience

Submitted by Jeisenberg on Wed, 01/03/2018 - 4:17pm

This project provides support for a National Academies Roundtable, the Forum on Cyber Resilience. The Forum will facilitate and enhance the exchange of ideas among scientists, practitioners, and policy makers concerned with the resilience of computing and communications systems, including the Internet, critical infrastructure, and other societally important systems.

group_project

Visible to the public TWC: Small: Developing Advanced Digital Forensic Tools Based on Network Stack Side Channels

Submitted by Jedidiah Crandall on Wed, 01/03/2018 - 4:14pm

This project is developing the next generation of network measurement tools for penetration testers, digital forensics experts, and other cybersecurity professionals who sometimes need to know more about the Internet or a specific network. It is developing techniques based on TCP/IP side channel inferences, where it is possible to infer something about a remote machine's view of the network based on the use of shared, limited resources.

Outcomes Report URL: 
https://www.research.gov/research-portal/appmanager/base/desktop?_nfpb=true&_win...
group_project

Visible to the public EDU: Deploying and Evaluating Secure Programming Education in the IDE

Submitted by Heather Richter on Wed, 01/03/2018 - 4:11pm

A number of researchers have advocated that secure programming instruction be integrated across a computing curriculum but there have been relatively few efforts examining how to successfully do so. The proposed research expands upon a previous project by focusing on advanced computing students and courses. The proposed activities include expanding ESIDE tool implementation to support a broader range of security guidelines and code, providing increased contextualization of the instructional materials within the tool, and developing materials and practices for faculty adopting the tool.