Research Infrastructure

group_project

Visible to the public  TWC: Medium: Privacy Preserving Computation in Big Data Clouds

Submitted by Ling Liu on Mon, 11/20/2017 - 3:28pm

Privacy is critical to freedom of creativity and innovation. Assured privacy protection offers unprecedented opportunities for industry innovation, science and engineering discovery, as well as new life enhancing experiences and opportunities.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

Submitted by Long Lu on Mon, 11/20/2017 - 6:04am

The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services.

group_project

Visible to the public TWC: Small: Using a Capability-Enhanced Microkernel as a Testbed for Language-based Security (CEMLaBS)

Submitted by Mark Jones on Tue, 11/14/2017 - 11:53am

This project is investigating the potential for language-based security techniques in the construction of low-level systems software. The specific focus is on the development of an open, capability-enhanced microkernel whose design is based on seL4, a "security enhanced" version of the L4 microkernel that was developed, by a team in Australia, as the first fully verified, general purpose operating system.

group_project

Visible to the public TWC: Small: Secure Near Field Communications between Mobile Devices

Submitted by Kai Zeng on Tue, 11/14/2017 - 11:20am

By the end of this decade, it is estimated that Internet of Things (IoT) could connect as many as 50 billion devices. Near Field Communication (NFC) is considered as a key enabler of IoT. Many useful applications are supported by NFC, including contactless payment, identification, authentication, file exchange, and eHealthcare, etc. However, securing NFC between mobile devices faces great challenges mainly because of severe resource constraints on NFC devices, NFC systems deployed without security, and sophisticated adversaries.

group_project

Visible to the public TWC: Small: System Infrastructure for SMM-based Runtime Integrity Measurement

Submitted by Karen Karavanic on Tue, 11/14/2017 - 11:11am

The World Wide Web and computer "clouds" have become widely used, and are interwoven into many activities of daily life, from shopping to socializing to education. But the data center servers that are the backbone of this richly connected world remain vulnerable to malicious software ("malware"). Over the past decade, attacks have increased in number and sophistication, motivated by both financial and political goals. The results include consumer concerns about identify theft and fraudulent charges, corporate concerns about millions of dollars in losses, and potential defense concerns.

group_project

Visible to the public TWC: TTP Option: Small: Understanding the State of TLS Using Large-scale Passive Measurements

Submitted by Johanna Amann on Tue, 11/14/2017 - 10:38am

The Transport Layer Security (TLS) protocol constitutes the key building block for today's Internet security and is, for example, used for encrypted web connections using the HTTPS protocol. However, from its first version in 1994 until today, researchers and practitioners keep discovering TLS deficiencies undermining the protocol's security on a regular basis. While the academic community has applied intense scrutiny to the TLS/X.509 ecosystem, much of such work depends on access to difficult to acquire representative data on the protocol's deployment and usage.

group_project

Visible to the public  TWC: Medium: A Layered Approach to Securing Web Services

Submitted by Jon Solworth on Tue, 11/14/2017 - 6:02am

The modern web experience is dynamic, providing users with a highly responsive interface through which to interact with the world. Today's mechanisms allow servers---even those which are controlled by an attacker---to download arbitrary programs into a user's browser. It is extraordinarily difficult to secure the web browser (and its user) against attack in this scenario. While tools and techniques are useful to analyze and restrict downloaded code, they are by their very nature incomplete. As a result, the security of web services relies on a series of ad hoc, service-provided techniques.

group_project

Visible to the public TWC: TTP Option: Large: Collaborative: Internet-Wide Vulnerability Measurement, Assessment, and Notification

Submitted by Alex Halderman on Mon, 11/13/2017 - 3:31pm

This project aims to reduce the impact of software vulnerabilities in Internet-connected systems by developing data-driven techniques for vulnerability measurement, assessment, and notification. Recent advances in Internet-wide scanning make it possible to conduct network surveys of the full public IPv4 address space in minutes.

group_project

Visible to the public EAGER: Understanding the Strategic Values of Privacy Practices in Organizations

Submitted by Gwendolyn Lee on Mon, 11/13/2017 - 7:52am

As companies collect consumer data in increasingly larger quantity and mine the data more deeply, trade-offs arise with respect to companies' practices about information privacy. A company may choose practices that augment targeted advertisements or services. However, the financial rewards associated with privacy practices are highly uncertain, since they are affected by a company's competition with rivals.

group_project

Visible to the public TWC: Medium: Toward Trustworthy Mutable Replay for Security Patches

Submitted by Gail Kaiser on Mon, 11/13/2017 - 6:43am

Society is increasingly reliant on software, but deployed software contains security vulnerabilities and other bugs that can threaten privacy, property and even human lives. When a security vulnerability or critical error is discovered, a software patch is issued to attempt to fix the problem, but patches themselves can be incorrect, inadequate, and break necessarily functionality.