Research Infrastructure

group_project

Visible to the public EDU: Collaborative: HACE Lab: An Online Hardware Security Attack and Countermeasure Evaluation Lab

Submitted by Fareena Saqib on Mon, 11/13/2017 - 5:53am

This project addresses the need to train students, researchers, and practitioners on diverse hardware security and trust issues as well as emergent solutions. The primary goal is establishing a set of hardware security courseware and enabling adoption of these courseware through the development of an online Hardware Attack and Countermeasure Evaluation (HACE) Lab.

group_project

Visible to the public  TWC: Medium: Collaborative: Automated Reverse Engineering of Commodity Software

Submitted by Engin Kirda on Mon, 11/13/2017 - 5:45am

Software, including common examples such as commercial applications or embedded device firmware, is often delivered as closed-source binaries. While prior academic work has examined how to automatically discover vulnerabilities in binary software, and even how to automatically craft exploits for these vulnerabilities, the ability to answer basic security-relevant questions about closed-source software remains elusive.

group_project

Visible to the public TWC: Small: Collaborative: EVADE: Evidence-Assisted Detection and Elimination of Security Vulnerabilities

Submitted by Emery Berger on Thu, 11/09/2017 - 5:54am

Today's software remains vulnerable to attack. Despite decades of advances in areas ranging from testing to static analysis and verification, all large real-world software is deployed with errors. Because this software is either written in or underpinned by unsafe languages, errors often translate to security vulnerabilities. Although techniques exist that could prevent or limit the risk of exploits, high performance overhead blocks their adoption, leaving today's systems open to attack.

group_project

Visible to the public TWC: Small: Workflows and Relationships for End-to-End Data Security in Collaborative Applications

Submitted by Dominic Duggan on Tue, 11/07/2017 - 5:56am

Access control refers to mechanisms for protecting access to confidential information, such as sensitive medical data. Management of access control policies, in applications that involve several collaborating parties, poses several challenges. One of these is in ensuring that each party in such a collaboration only obtains the minimal set of access permissions that they require for the collaboration. In a domain such as healthcare, it may be critical that access be minimized in this way, rather than allowing all parties equal access to the sensitive information.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: Identifying and Mitigating Trust Violations in the Smartphone Ecosystem

Submitted by Yan Chen on Wed, 10/25/2017 - 3:29pm

The adoption of smartphones has steadily increased in the past few years, and smartphones have become the tool with which millions of users handle confidential information, such as financial and health-related data. As a result, these devices have become attractive targets for cybercriminals, who attempt to violate the trust assumptions underlying the smartphone platform in order to compromise the security and privacy of users.

group_project

Visible to the public TWC: Small: Collaborative: Automated Detection and Repair of Error Handling Bugs in SSL/TLS Implementations

Submitted by Suman Jana on Wed, 10/25/2017 - 8:27am

Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols are critical to internet security. However, the software that implements SSL/TLS protocols is especially vulnerable to security flaws and the consequences can be disastrous. A large number of security flaws in SSL/TLS implementations (such as man-in-the-middle attacks, denial-of-service attacks, and buffer overflow attacks) result from incorrect error handling.

group_project

Visible to the public TWC: Small: Behavior-Based Zero-Day Intrusion Detection for Real-Time Cyber-Physical Systems

Submitted by Sibin Mohan on Wed, 10/25/2017 - 8:15am

Cyber-Physical Systems (CPS) have distinct cyber and physical components that must work cohesively with each other to ensure correct operation. Examples include automobiles, power plants, avionics systems, and home automation systems. Traditionally such systems were isolated from external accesses and used proprietary components and protocols. Today that is not the case as CPS systems are increasingly networked. A failure to protect these systems from harm in cyber could result in significant physical harm.

group_project

Visible to the public  TWC: Small: Automatic Techniques for Evaluating and Hardening Machine Learning Classifiers in the Presence of Adversaries

Submitted by Yanjun Qi on Wed, 10/25/2017 - 8:09am

New security exploits emerge far faster than manual analysts can analyze them, driving growing interest in automated machine learning tools for computer security. Classifiers based on machine learning algorithms have shown promising results for many security tasks including malware classification and network intrusion detection, but classic machine learning algorithms are not designed to operate in the presence of adversaries.

group_project

Visible to the public TWC: Medium: Hardware Trojans in Wireless Networks - Risks and Remedies

Submitted by Yiorgos Makris on Wed, 10/25/2017 - 8:06am

This project investigates the risks instigated by malicious hardware modifications (hardware Trojans) in the nodes of a wireless network and aims to develop remedies, thereby enabling secure deployment and fostering technology trustworthiness. Due to the lack of assurance mechanisms in the globalized integrated circuit (IC) supply chain, hardware Trojans have recently become the topic of intensified concern.

group_project

Visible to the public TWC: Medium: Handling a Trillion Unfixable Flaws on Billions of Internet-of-Things

Submitted by vsekar on Wed, 10/25/2017 - 8:03am

The Internet-of-Things (IoT) has quickly moved from concept to reality, with estimates that the number of deployed IoT devices will rise to 25 billion in 2020. However, studies show that many IoT devices have serious security vulnerabilities. Moreover, the limitations of IoT devices and scale of networks of IoT devices often make traditional IT security approaches impractical.