Understand and Measure Privacy
group_project
Submitted by Ran Canetti on Thu, 10/12/2017 - 2:13pm
The goal of the Modular Approach to Cloud Security (MACS) project is to develop methods for building information systems with meaningful multi-layered security guarantees. The modular approach of MACS focuses on systems that are built from smaller and separable functional components, where the security of each component is asserted individually, and where the security of the system as a whole can be derived from the security of its components. The project concentrates on building outsourced, cloud-based information services with client-centric security guarantees.
group_project
Submitted by Serge Egelman on Wed, 10/11/2017 - 3:07pm
Over the past decade, people have realized that failure to account for human factors has resulted in many software security problems. Yet, when software does feature user-centric design, it takes into account average user behavior rather than catering to the individual. Thus, systems designers have gone from designing for security experts to now appealing to the least common denominator.
group_project
Submitted by Rafail Ostrovsky on Wed, 10/11/2017 - 1:27pm
Current cloud based systems enable distributed access to both information and computational resources. In this setting, it is imperative to have secure communication, and powerful and expensive cryptographic techniques have been proposed to address this issue. A severely limiting factor, however, is that these methods for securely accessing or processing data between participating parties can result in communication overheads when processing large amounts of data.
group_project
Submitted by Phillip Rogaway on Wed, 10/11/2017 - 12:57pm
OpenSSH reveals excerpts from encrypted login sessions. TLS (HTTPS) reveals encrypted PayPal account cookies. DTLS is no better. EAXprime allows instantaneous forgeries. RFID security has been broken again and again. All of these failures of confidentiality and integrity are failures of authenticated ciphers: algorithms that promise to encrypt and authenticate messages using a shared secret key.
group_project
Submitted by Paul Pavlou on Wed, 10/11/2017 - 12:44pm
A key characteristic of cyberspace is the collection of large amounts of data, and people's privacy becomes vulnerable given the hyper-connectivity of cyberspace and the ease of accessing data. This project aims to enhance the safety and trustworthiness of cyberspace by designing choice architecture interventions informed by the neural processes underlying privacy to help people make better decisions about their privacy in cyberspace.
group_project
Submitted by Norman Sadeh on Wed, 10/11/2017 - 10:14am
Whether it is on their smartphones, in their browsers or on social networks, people are confronted with an increasingly unmanageable number of privacy settings. What is needed is a new, more scalable paradigm that empowers them to regain control over the collection and use of their data. This is particularly the case for mobile apps people download on their smartphones. These apps have been shown to collect and share a wide variety of sensitive data, with users unable to keep up.
group_project
Submitted by Grandon Gill on Wed, 10/11/2017 - 12:36am
The project will develop a case method capstone course for a new multidisciplinary Master's degree program in Cybersecurity at the University of South Florida (USF). It extends a project that focused on developing a capstone course for an undergraduate program employing the case method pedagogy. That study demonstrated the feasibility of building a course entirely around discussions of local case studies and demonstrated positive learning outcomes using a variety of instruments.
group_project
Submitted by Nick Nikiforakis on Tue, 10/10/2017 - 11:33am
There are many applications in business and end-user applications where user tracking is part of the core functionality or feature set. However, user tracking can intrude on user privacy and even may lead to online crimes. Recent research has shown that tracking companies have started using advanced web tracking techniques that are more subtle and less transparent than traditional online tracking.
group_project
Submitted by Nicholas Weaver on Tue, 10/10/2017 - 11:29am
Our lives are surrounded by a constant web of data, picked up by a global network of unseen programs that gather, coalesce, combine, and merge every scrap of data they can acquire. These programs and companies operate out of public view, collecting and exchanging data for profit without clear public knowledge. This is a complex ecosystem, the original collectors of data are likely unaware of eventual uses, users of data may be unaware of the original source.
group_project
Submitted by Nicholas Feamster on Tue, 10/10/2017 - 11:05am
This project develops methods to provide citizens information about technologies that obstruct, restrict, or tamper with their access to information. Internet users need an objective, independent, third-party service that helps them determine whether their Internet service provider or government is restricting access to content, specific protocols, or otherwise degrading service. Towards this goal, we are (1) monitoring attempts to block or manipulate Internet content and communications; and (2) evaluating various censorship circumvention mechanisms in real-world deployments}.
