Increase Transparency of Data
group_project
Submitted by Mingyan Liu on Mon, 10/09/2017 - 3:30pm
This project addresses the following two key questions in cyber security: (1) how is the security condition of a network assessed, and (2) to what extent can we predict data breaches or other cyber security incidents for an organization. The ability to answer both questions has far-reaching social and economic impact. Recent data breaches such as those at Target, JP Morgan, Home Depot, Office of Personnel Management (OPM), and Anthem Healthcare, to name just a few, highlight the increasing social and economic impact of such cyber security incidents.
group_project
Submitted by Mingyan Liu on Mon, 10/09/2017 - 3:20pm
This goal of this project is development of a formal method to quantitatively assess the security posture of large networks and assign them a numeric score. Large networks are made up of a collection of individual machines, which exhibit more stable behavior and features as a group than at the IP level, where each host is inspected separately. Networks at an aggregate level thus carry more predictive power, enabling a more robust and accurate policy design.
group_project
Submitted by Michael Swift on Mon, 10/09/2017 - 11:45am
There are at least two key features of the move to cloud computing that introduce the opportunity for significant leaps forward in computer security for tenant services. First, a compute cloud provides a common software, hardware and management basis for rolling out cross-cutting services en masse that have resisted incremental deployment in a one-service-at-a-time fashion. Second, compute clouds offer providers a broad view of activity across an unprecedented diversity of tenant services.
group_project
Submitted by Michael Hay on Mon, 10/09/2017 - 10:06am
The collection and analysis of personal data about individuals has revolutionized information systems and fueled US and global economies. But privacy concerns regarding the use of such data loom large. Differential privacy has emerged as a gold standard for mathematically characterizing the privacy risks of algorithms using personal data. Yet, adoption of differentially private algorithms in industry or government agencies has been startlingly rare.
group_project
Submitted by Shriram Krishnamu... on Fri, 10/06/2017 - 2:18pm
Application stores use sophisticated user interfaces to help users understand the permissions sought by applications. Unfortunately, these interfaces are complex and may fail to address their goal of helping users give informed consent. As a result, users may inadvertently surrender private information or open themselves up to security attacks.
group_project
Submitted by enck on Fri, 10/06/2017 - 1:58pm
The security architecture of consumer operating systems is currently undergoing a fundamental change. In platforms such as Android, iOS, and Windows 8, each application is a separate security principal that can own data. While this distinction is a vast improvement over traditional user-focused security architectures, sharing data between applications results in an unexpected loss of control of that data, potentially exposing security and privacy sensitive information.
