Develop System Design Methods

group_project

Visible to the public SBE TWC: Small: Collaborative: Privacy Protection in Social Networks: Bridging the Gap Between User Perception and Privacy Enforcement

Submitted by Bo Luo on Wed, 10/18/2017 - 12:29pm

Online social networks, such as Facebook, Twitter, and Google+, have become extremely popular. They have significantly changed our behaviors for sharing information and socializing, especially among the younger generation. However, the extreme popularity of such online social networks has become a double-edged sword -- while promoting online socialization, these systems also raise privacy issues.

group_project

Visible to the public SBE: TTP Option: Medium: Data-Driven Cyber Vulnerability Maintenance

Submitted by Theodore Allen on Wed, 10/18/2017 - 10:33am

Researchers have found that over 90% of successful cyber attacks exploit vulnerabilities that could have been fixed with available patches. Vulnerabilities can be weak passwords or software with bugs on personal computers, mobile devices, or printers. Yet, decision-making about manually applying patches is difficult. First, a substantial fraction of vulnerabilities are fixed each month by automatic patching. Second, applying patches can have side-effects, making software unusable. Third, organizations have limited abilities to estimate the profit from applying patches.

group_project

Visible to the public SBE: Small: Continuous Human-User Authentication by Induced Procedural Visual-Motor Biometrics

Submitted by Yong Guan on Wed, 10/18/2017 - 10:29am

Validating a user's identity is one of the fundamental security requirements in cyberspace. Current authentication approaches require people to create and remember secret credentials such as complex passwords, or to possess special hardware authentication tokens. Both are vulnerable to being compromised, or illegally shared. Even worse, authentication is typically supported solely at the start of a session.

group_project

Visible to the public SaTC: Hardware-Assisted Methods for Operating System Integrity

Submitted by Vinod Ganapathy on Wed, 10/18/2017 - 10:09am

Operating systems (OS) form the core of the trusted computing base on most computer platforms. The security of a platform therefore crucially relies on the correct and secure operation of its OS. Unfortunately, malicious software such as rootkits infect the OS by compromising the integrity of its code and data, thereby jeopardizing the security of the entire platform.

group_project

Visible to the public TWC: Medium: Collaborative: Development and Evaluation of Next Generation Homomorphic Encryption Schemes

Submitted by Berk Sunar on Tue, 10/17/2017 - 4:37pm

Fully homomorphic encryption (FHE) is a promising new technology that enables an untrusted party to efficiently compute directly on ciphertexts. For instance, with FHE a cloud server without access to the user's encrypted content can still provide text search services. An efficient FHE scheme would significantly improve the security of sensitive user data stored and processed on cloud servers. Significant progress has been made in bringing FHE proposals closer to practice.

group_project

Visible to the public TWC: Medium: Micro-Policies: A Framework for Tag-Based Security Monitors

Submitted by Benjamin Pierce on Tue, 10/17/2017 - 4:33pm

Current cybersecurity practice is inadequate to defend against the security threats faced by society. Unlike physical systems, present-day computers lack supervising safety interlocks to help prevent catastrophic failures. Worse, many exploitable vulnerabilities arise from the violation of well-understood safety and security policies that are not enforced due to perceived high performance costs. This project aims to demonstrate how language design and formal verification can leverage emerging hardware capabilities to engineer practical systems with strong security and safety guarantees.

group_project

Visible to the public EAGER: Collaborative: PRICE: Using process tracing to improve household IoT users' privacy decisions

Submitted by Bart Knijnenburg on Tue, 10/17/2017 - 12:54pm

Household Internet-of-Things (IoT) devices are intended to collect information in the home and to communicate with each other, to create powerful new applications that support our day-to-day activities. Existing research suggests that users have a difficult time selecting their privacy settings on such devices. The goal of this project is to investigate how, why and when privacy decisions of household IoT users are suboptimal, and to use the insights from this research to create and test a simple single user interface that integrates privacy settings across all devices within a household.

group_project

Visible to the public TWC: Small: Addressing the challenges of cryptocurrencies: Security, anonymity, stability

Submitted by Arvind Narayanan on Mon, 10/16/2017 - 4:20pm

Secure digital payments are essential for e-commerce and cybersecurity. Cryptocurrencies, which are virtual currencies designed using cryptographic principles, are well suited for digital payments but face several hurdles to adoption for legitimate e-commerce.

group_project

Visible to the public TWC: Small: Imparting Privacy to Biometric Data in Cyberspace

Submitted by Arun Ross on Mon, 10/16/2017 - 4:11pm

Recent work has established the possibility of deriving auxiliary information from biometric data. For example, it has been shown that face images can be used to deduce the health, gender, age and race of a subject; further, face images have been used to link a pseudonymous profile in the Web with a true profile, thereby compromising the privacy of an individual. The objective of this work is to design and implement techniques for imparting privacy to biometric data such as face, fingerprint and iris images.