Assure Information Flows

group_project

Visible to the public EAGER: Collaborative: Design, Perception, and Action - Engineering Information Give-Away

Submitted by Erin Krupka on Wed, 01/03/2018 - 3:54pm

The design of social media interfaces greatly shapes how much, and when, people decide to reveal private information. For example, a designer can highlight a new system feature (e.g., your travel history displayed on a map) and show which friends are using this new addition. By making it seem as if sharing is the norm -- after all, your friends are doing it -- the designer signals to the end-user that he can and should participate and share information.

group_project

Visible to the public STARSS: Small: Defending Against Hardware Covert Timing Channels

Submitted by Guru Venkataramani on Wed, 01/03/2018 - 3:42pm

Safeguarding sensitive user information stored in computer systems is a fast growing concern, especially as computers are universally used everywhere from national defense to mobile phones. Malicious hackers have found unscrupulous ways to steal sensitive information largely by exploiting the vulnerabilities in existing hardware and software. Among the many forms of information leakage, covert timing channels exfiltrate secrets from a trojan process with higher security credentials to a spy process with lesser credentials by exploiting the access timing of system resources.

group_project

Visible to the public  TWC: Medium: Language-Hardware Co-Design for Practical and Verifiable Information Flow Control

Submitted by edwardsuh on Wed, 01/03/2018 - 3:39pm

Current cloud computing platforms, mobile computing devices, and embedded devices all have the security weakness that they permit information flows that violate the confidentiality or integrity of information. This project explores an integrated approach in which software and hardware are co-designed with strong, comprehensive, verifiable security assurance. The goal is to develop a methodology for designing systems in which all forms of information flow are tracked, at both the hardware and software levels, and between these levels.

group_project

Visible to the public TWC: Small: Practical Assured Big Data Analysis in the Cloud

Submitted by aniketpkate on Wed, 01/03/2018 - 3:27pm

The use of "cloud technologies" presents a promising avenue for the requirements of big data analysis. Security concerns however represent a major impediment to the further adoption of clouds: through the sharing of cloud resources, an attack succeeding on one node can tamper with many applications sharing that node.

group_project

Visible to the public Forum on Cyber Resilience

Submitted by Jeisenberg on Wed, 01/03/2018 - 3:17pm

This project provides support for a National Academies Roundtable, the Forum on Cyber Resilience. The Forum will facilitate and enhance the exchange of ideas among scientists, practitioners, and policy makers concerned with the resilience of computing and communications systems, including the Internet, critical infrastructure, and other societally important systems.

group_project

Visible to the public TWC: TTP Option: Small: Open-Audit Voting Systems---Protocol Models and Properties

Submitted by poorvi on Wed, 01/03/2018 - 2:33pm

Open-audit cryptographic voting protocols enable the verification of election outcomes, independent of whether election officials or polling machines behave honestly. Many open-audit voting systems have been prototyped and deployed. The City of Takoma Park, MD held its 2009 and 2011 city elections using voting system Scantegrity. Systems with similar properties are being proposed for use in Victoria, Australia (the Pret a Voter system) and Travis County, Texas (the STAR-Vote system).

group_project

Visible to the public Breakthrough: Enhancing Privacy in Smart Buildings and Homes

Submitted by David Irwin on Wed, 01/03/2018 - 2:14pm

The design of smart electric grids and buildings that automatically optimize their energy generation and consumption is critical to advancing important societal goals, including increasing energy-efficiency, improving the grid's reliability, and gaining energy independence. To enable such optimizations, smart grids and buildings increasingly rely on Internet-connected sensors in smart devices, including digital electric meters, web-enabled appliances and lighting, programmable outlets and switches, and intelligent HVAC systems.

group_project

Visible to the public TWC: Small: Side Channels through Lower-Level Caches: Attacks, Defenses and Security Metrics

Submitted by Dmitry Ponomarev on Wed, 01/03/2018 - 2:08pm

In cache-based side-channel attacks, an attacker with no special privileges or physical access can extract secrets from a victim process by observing its memory accesses through a shared cache. Such attacks have been demonstrated on a number of platforms, and represent a dangerous and open threat. This project explores side-channel attacks on the shared lower-level-caches (LLCs) in modern CPUs.

group_project

Visible to the public  CRII: SaTC: Expanding the Frontiers of Cryptographic Technologies

Submitted by Sanjam Garg on Wed, 01/03/2018 - 1:52pm

As all our data moves to the cloud many new security and privacy concerns arise and traditional cryptographic primitives prove insufficient in such scenarios. A key focus of this research is to advance the state of the art on cryptographic techniques that address these new challenges.

Outcomes Report URL: 
https://www.research.gov/research-portal/appmanager/base/desktop?_nfpb=true&_win...
group_project

Visible to the public TWC: Small: Understanding Anti-Analysis Defenses in Malicious Code

Submitted by debray on Wed, 01/03/2018 - 1:11pm

The problem of cyber-security encompasses computer systems of all sizes and affects almost all aspects of our day-to-day lives. This makes it fundamentally important to detect accurately and respond quickly to cyber-threats as they develop. This project aims to develop techniques and tools that can accelerate the process of understanding and responding to new cyber-threats as they develop. The authors of malicious software (malware) usually try to make the malware stealthy in order to avoid detection.