Cybersecurity Workforce

group_project

Visible to the public  TWC: Medium: Collaborative: Automated Reverse Engineering of Commodity Software

Software, including common examples such as commercial applications or embedded device firmware, is often delivered as closed-source binaries. While prior academic work has examined how to automatically discover vulnerabilities in binary software, and even how to automatically craft exploits for these vulnerabilities, the ability to answer basic security-relevant questions about closed-source software remains elusive.

group_project

Visible to the public TWC: Small: Workflows and Relationships for End-to-End Data Security in Collaborative Applications

Access control refers to mechanisms for protecting access to confidential information, such as sensitive medical data. Management of access control policies, in applications that involve several collaborating parties, poses several challenges. One of these is in ensuring that each party in such a collaboration only obtains the minimal set of access permissions that they require for the collaboration. In a domain such as healthcare, it may be critical that access be minimized in this way, rather than allowing all parties equal access to the sensitive information.

group_project

Visible to the public EDU: Developing a Software Artifact Repository for Software Assurance Education

This project will develop a software assurance education artifact repository, designed for use across numerous computer science programs and institutions. The repository will help students to obtain a firm understanding of the software assurance process and necessary skills to develop highly assured software. The team will also create instructional materials for effective software artifact use.

group_project

Visible to the public SaTC-EDU: EAGER: INCUBATE - INjecting and assessing Cybersecurity edUcation with little internal suBject mATter Expertise

This project will develop novel ways to teach cybersecurity topics. It is challenging for computer science (CS) programs with limited faculty resources to cover the breadth and depth of the discipline. The challenge increases as CS curriculum guidelines places more emphasis on emerging areas such as cybersecurity.

group_project

Visible to the public TWC: TTP Option: Small: Automating Attack Strategy Recognition to Enhance Cyber Threat Prediction

Network attacks are increasingly complex and fast-evolving. A single attack may use multiple reconnaissance, exploit, and obfuscation techniques. This project investigates how to extract critical attack attributes, synthesize novel attack sequences, and reveal potential threats to critical assets in a timely manner. The project uses machine learning techniques to simultaneously identify new attack types and observed events that could identify those attacks.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: Identifying and Mitigating Trust Violations in the Smartphone Ecosystem

The adoption of smartphones has steadily increased in the past few years, and smartphones have become the tool with which millions of users handle confidential information, such as financial and health-related data. As a result, these devices have become attractive targets for cybercriminals, who attempt to violate the trust assumptions underlying the smartphone platform in order to compromise the security and privacy of users.

group_project

Visible to the public TWC: Small: MIST: Systematic Analysis of Microarchitectural Information Leakage on Mobile Platforms

Smart phones have permeated all facets of our lives facilitating daily activities from shopping to social interactions. Mobile devices collect sensitive information about our behavior via various sensors. Operating systems (OS)enforce strict isolation between apps to protect data and complex permission management. Yet, apps get free access to hardware including CPU and caches. Access to shared hardware resources result in information leakage across apps. Microarchitectural attacks have already proven to succeed in stealing information on PC and even on virtualized cloud servers.

group_project

Visible to the public TWC: Small: Exposing Attack Vectors and Identifying Defense Solutions for Data Cellular Networks

This project addresses several key emerging security challenges that arise due to the wildly successful large-scale adoption of mobile devices with diverse network capabilities. The novel approach focuses on to understanding how various information that are legitimately and willingly provided by smartphone users due to the requested permissions of downloaded applications can be potentially abused. The second research focus is to identify improvements in the design of cellular network middlebox (e.g., firewall) policies by detailed exposure and explicitly defining the key requirements.

group_project

Visible to the public TWC: Small: Better Security for Efficient Secret-Key Cryptography

Present-day cryptography crucially relies on secret-key cryptography, the setting where communicating parties use a shared secret key, hidden to the attacker, to securely encrypt and/or authenticate data. Secret-key cryptography is based on standardized efficient algorithms known as cryptographic primitives, such as block ciphers and hash functions. These act as building blocks for so-called modes of operations, cryptographic algorithms achieving strong security goals for encryption and authentication, and which are orders of magnitude faster than public-key ones.

group_project

Visible to the public TWC: Small: Behavior-Based Zero-Day Intrusion Detection for Real-Time Cyber-Physical Systems

Cyber-Physical Systems (CPS) have distinct cyber and physical components that must work cohesively with each other to ensure correct operation. Examples include automobiles, power plants, avionics systems, and home automation systems. Traditionally such systems were isolated from external accesses and used proprietary components and protocols. Today that is not the case as CPS systems are increasingly networked. A failure to protect these systems from harm in cyber could result in significant physical harm.