Develop System Design Methods

group_project

Visible to the public TWC: Small: Self-Service Cloud Computing

Submitted by Vinod Ganapathy on Wed, 10/25/2017 - 2:46pm

Cloud computing poses significant risks to the security of client data. Virtual Machine Monitors (VMMs) that underlie cloud systems typically have all-powerful administrative domains that can be exploited or misused to snoop on client virtual machines (VMs) and steal/modify their data. Moreover, although virtual machine technology enables several novel security services that clients may wish to use, such services are privileged and must be implemented within the administrative domain.

group_project

Visible to the public  TWC: Small: Safeguarding Mobile Cloud Services: New Challenges and Solutions

Submitted by XiaoFeng Wang on Wed, 10/25/2017 - 11:16am

Mobile cloud technologies have begun to rely heavily on services known as Mobile Back-end as a Service (MBaaS), including push messaging, data synchronization, and mobile identity management. Many of today's popular apps have already integrated push messaging services such as Google Cloud Messaging (GCM), Amazon Device Messaging (ADM), and third parties like Baidu, to enable the apps to receive notifications such as private messages, financial secrets or family members' locations.

group_project

Visible to the public TWC: Small: Memory Analysis and Machine-Code Verification Techniques for Multiprocessor Systems

Submitted by WarrenAHuntJr on Wed, 10/25/2017 - 10:54am

Due to the ever-increasing complexity of both hardware and software, it is becoming harder to ensure the reliability of high-level programs. The project will develop tools that permit programmers to mechanically verify software via machine-code analysis. The proposed research will similarly advance the science of software analysis, together with the development of rigorous tools capable of performing industrial software verification. The tools are actively being used by industry for hardware specification and analysis.

group_project

Visible to the public TWC: Small: Hardware Security for Embedded Computing Systems

Submitted by Tilman Wolf on Wed, 10/25/2017 - 10:51am

Embedded processing systems are widely used in many devices and systems that are essential for daily life. These embedded systems are increasingly connected to networks for control and data access, which also exposes them to remotely launched malicious attacks. It is of paramount importance to develop embedded processing systems that are hardened to withstand these remote attacks while continuing to operate effectively.

group_project

Visible to the public TWC: Small: Fundamental Limits in Differential Privacy

Submitted by Sewoong Oh on Wed, 10/25/2017 - 10:47am

Differential Privacy has emerged as a well-grounded approach to balancing personal privacy and societal as well as commercial use of data. The basic idea is to add random noise to analysis results sufficient to obscure the impact of any single individual's data on the analysis, thus protecting individual privacy. While general approaches to providing differential privacy exist, in many cases the bounds are not tight; more noise is added than needed. This project uses information theoretic techniques to explore the fundamental privacy/accuracy tradeoffs in differential privacy.

group_project

Visible to the public TWC: Small: Collaborative: Wearable Authentication Solutions for Ubiquitous and Personal Touch-enabled Devices

Submitted by Tam Vu on Wed, 10/25/2017 - 10:23am

This project for Wearable Authentication Solutions for Ubiquitous and Personal Touch-Enabled Devices (WASUP) studies and designs models and techniques to identify, authenticate, and audit touches on touch-sensing devices using a small wearable token. The token, such as a bracelet or ring, embeds a security code in the capacitive touch signature of a user, which is detected with the existing capacitive sensors used in many touch screens. This offers a number of distinct and desirable properties. First, the code is clearly associated with a touch, even if multiple potential users are nearby.

group_project

Visible to the public  TWC: Small: Collaborative: Multipath TCP Side Channel Vulnerabilities and Defenses

Submitted by Zhiyun Qian on Wed, 10/25/2017 - 8:34am

The objective of this project is to understand and strengthen the security of Multipath TCP (MPTCP) - an IETF standardized suite of TCP extensions that allow one MPTCP connection, consisting of multiple sub-connections between two hosts, to use multiple paths simultaneously. Even though MPTCP has been gaining momentum in being widely deployed, its security is yet to be well understood. The project is expected to raise awareness of MPTCP security and ultimately yield a foundation for MPTCP security.

group_project

Visible to the public TWC: Medium: Handling a Trillion Unfixable Flaws on Billions of Internet-of-Things

Submitted by vsekar on Wed, 10/25/2017 - 8:03am

The Internet-of-Things (IoT) has quickly moved from concept to reality, with estimates that the number of deployed IoT devices will rise to 25 billion in 2020. However, studies show that many IoT devices have serious security vulnerabilities. Moreover, the limitations of IoT devices and scale of networks of IoT devices often make traditional IT security approaches impractical.

group_project

Visible to the public TWC: Medium: Collaborative: The Theory and Practice of Key Derivation

Submitted by Yevgeniy Dodis on Wed, 10/25/2017 - 8:00am

Most cryptographic applications crucially rely on secret keys that are chosen randomly and are unknown to an attacker. Unfortunately, the process of deriving secret keys in practice is often difficult, error-prone and riddled with security vulnerabilities. Badly generated keys offer a prevalent source of attacks that render complex cryptographic applications completely insecure, despite their sophisticated design and rigorous mathematical analysis.