Assure Information Flows

Many compelling applications involve computations that require sensitive data from two or more individuals. For example, as the cost of personal genome sequencing rapidly plummets many genetics applications will soon be within reach of individuals such as comparing one?s genome with the genomes of different groups of participants in a study to determine which treatment is likely to be most effective. Such comparisons could have tremendous value, but are currently infeasible because of the privacy concerns both for the individual and study participants.

Citizen science is a form of collaboration where members of the public participate in scientific research. Citizen science is increasingly facilitated by a variety of wireless, cellular and satellite technologies. Data collected and shared using these technologies may threaten the privacy of volunteers. This project will discover factors which lead to, or allieviate, privacy concerns for citizen science volunteers.

Embedded systems currently rely on local and often insecure state retention for process control and subsequent forensic analysis. As critical embedded control systems (e.g., smart grids, SCADA) generate increasing amounts of data and become ever more connected to other systems, secure retention and management of that data is required. Attacks such as Stuxnet show that SCADA and other systems comprising critical infrastructure are vulnerable to the compromise of controllers and sensing devices, as well as falsification of data to circumvent anomaly detection mechanisms.

The goal of this project is to create the algorithms, frameworks, and systems for defending the open web ecosystem from emerging threats. This project aims to (i) analyze malicious tasks and behaviors of crowdturfers; (ii) detect malicious tasks on crowdsourcing platforms by developing novel malicious task detectors; (iii) design and build a task blacklist; (iv) uncover the ecosystem of crowdturfers and detect crowdturfers; (v) combine crowdturfer detection approaches with other malicious participants detection approaches.

Secure computation allows users to collaboratively compute any program on their private data, while ensuring that they learn nothing beyond the output of the computation. Existing protocols for secure computation primarily rely on a boolean-circuit representation for the program being evaluated, which can be highly inefficient. This project focuses on developing secure-computation protocols in the RAM model of computation. Particularly challenging here is the need to ensure that memory accesses are oblivious, and do not leak information about private data.