Develop System Design Methods
group_project
Submitted by Yevgeniy Dodis on Tue, 01/02/2018 - 4:14pm
The availability of ideal randomness is a common assumption used not only in cryptography, but in many other areas of computer science, and engineering in general. Unfortunately, in many situations this assumption is highly unrealistic, and cryptographic systems have to be built based on imperfect sources of randomness. Motivated by these considerations, this project will investigate the validity of this assumption and consider several important scenarios where secure cryptographic systems must be built based on various kinds of imperfect randomness.
group_project
Submitted by alexliu@cse.msu.edu on Tue, 01/02/2018 - 3:02pm
The objective of this project is to understand and strengthen the security of Multipath TCP (MPTCP) - an IETF standardized suite of TCP extensions that allow one MPTCP connection, consisting of multiple sub-connections between two hosts, to use multiple paths simultaneously. Even though MPTCP has been gaining momentum in being widely deployed, its security is yet to be well understood. The project is expected to raise awareness of MPTCP security and ultimately yield a foundation for MPTCP security.
group_project
Submitted by xuwenyao on Tue, 01/02/2018 - 2:19pm
Cryptographic systems often rely on the secrecy of cryptographic credentials; however, these are vulnerable to eavesdropping and can resist neither a user's intentional disclosure nor coercion attacks where the user is forced to reveal the credentials. Conventional biometric keys (e.g., fingerprint, iris, etc.), unfortunately, can still be surreptitiously duplicated or adversely revealed. In this research, the PIs argue that the most secure cryptographic credentials are ones of which the users aren't even aware.
group_project
Submitted by Vitaly on Tue, 01/02/2018 - 2:04pm
Software is responsible for many critical government, business, and educational functions. This project aims to develop new methods for finding and repairing some of the most challenging, poorly understood security vulnerabilities in modern software that have the potential to jeopardize the security and reliability of the nation's cyber infrastructure.
group_project
Submitted by Ye Zhu on Tue, 01/02/2018 - 1:59pm
We are evaluating a new model of password security in which users place pieces on a game board (e.g., chess pieces on a chessboard). The fact that existing systems are either memorable or secure, but not both, motivated our approach. We are testing 14-15 year old high school students, college students 18-30, and older adults 60-80, and we are conducting two types of experiments. First, we are measuring all groups' memories for passwords of two and four game pieces (after a 20-minute filled delay).
group_project
Submitted by Yiorgos Makris on Tue, 01/02/2018 - 12:30pm
Third-party hardware Intellectual Property (IP), written as code in a Hardware Description Language (HDL), is extensively used in modern integrated circuits. Contemporary electronics typically include 75% of third party hardware IP and only 25% in-house design to provide customization or a profit-making edge. Such extensive use of third-party hardware IP in both commercial and military applications raises security and trustworthiness concerns, especially in today's globalized market.
group_project
Submitted by Wenliang Du on Tue, 01/02/2018 - 12:19pm
Smartphones and tablets are being used widely, and with such a pervasive use, protecting mobile systems is of critical importance. One of the unique features in mobile systems is that many applications incorporate third-party components, such as advertisement, social-network APIs, and the WebView component (that runs third-party JavaScript code).
group_project
Submitted by Atul Prakash on Tue, 01/02/2018 - 11:45am
Loss of personal data or leakage of corporate data via apps on mobile devices poses a significant risk to users. It can have both a huge personal and financial cost. This work is designing new novel techniques to help reduce the risks for end-users who use a single device for multiple spheres of activity. Getting security right when a single device is used for multiple spheres of activity is a major research challenge, with unforeseen information flows between various subsystems that are currently difficult to control.
group_project
Submitted by ragibhasan on Tue, 01/02/2018 - 11:41am
Cloud computing has emerged as one of the most successful computing models in recent years. However, lack of accountability and non-compliance with data protection regulations have prevented major users such as business, healthcare, and defense organizations from utilizing clouds for sensitive data and applications. Due to the lack of information about cloud internals and the inability to perform trustworthy audits, today's clouds are often not used in regulated industries, preventing their widespread adoption.
group_project
Submitted by Roberto Tamassia on Tue, 01/02/2018 - 11:37am
Data structures have a prominent modern computational role, due to their wide applicability, such as in database querying, web searching, and social network analysis. This project focuses on the interplay of data structures with security protocols, examining two different paradigms: the security for data structures paradigm (SD) and the data structures for security paradigm (DS).
