Assure Information Flows

Field-programmable gate arrays (FPGAs) are hardware circuits that can be reconfigured by a system user after being deployed. FPGAs are a compelling alternative architecture that may allow hardware performance to continue to improve at a dramatic rate. Unfortunately, systems that incorporate an FPGA may allow a potentially untrusted user to reprogram hardware after it has been deployed. Such a scenario enables novel security attacks that can leak a user's private information or corrupt critical information stored on a system, but are performed entirely in hardware.

The explosion in data gathering has greatly exacerbated existing privacy issues in computing systems and created new ones due to the increase in the scale and the scope of available data as well as the advances in the capabilities of computational data analysis. Software professionals typically have no formal training or education on sociotechnical aspects of privacy. As a result, addressing privacy issues raised by a system is frequently an afterthought and/or a matter of compliance-check during the late phases of the system development lifecycle.

Natural language privacy policies have become a de facto standard to address expectations of notice and choice on the Web. Yet, there is ample evidence that users generally do not read these policies and that those who occasionally do struggle to understand what they read. Initiatives aimed at addressing this problem through the development of machine implementable standards or other solutions that require website operators to adhere to more stringent requirements have run into obstacles, with many website operators showing reluctance to commit to anything more than what they currently do.

Wireless systems have become an inseparable part of our social fabric, which allow users to move around and access the services from different locations while on the move. However, wireless security is often cited as a major technical barrier that must be overcome before widespread adoption of mobile services can occur. Traditional approaches have focused on addressing security threats on a case-by-case basis in an ad-hoc manner as new and specialized threats are uncovered.

The security and integrity of elections is paramount in the furtherance of democracy. However, enhanced security often comes at the cost of making voting systems significantly more difficult for voters to use. With input from stakeholders in the voting process (most notably Travis County, Texas), we are constructing a prototype voting system and investigating how to design such a system so that it is significantly more secure than current solutions, without making it harder to participate in the election process.