Assure Information Flows

group_project

Visible to the public TWC: Small: MIST: Systematic Analysis of Microarchitectural Information Leakage on Mobile Platforms

Submitted by Sandip Kundu on Wed, 10/25/2017 - 12:02pm

Smart phones have permeated all facets of our lives facilitating daily activities from shopping to social interactions. Mobile devices collect sensitive information about our behavior via various sensors. Operating systems (OS)enforce strict isolation between apps to protect data and complex permission management. Yet, apps get free access to hardware including CPU and caches. Access to shared hardware resources result in information leakage across apps. Microarchitectural attacks have already proven to succeed in stealing information on PC and even on virtualized cloud servers.

group_project

Visible to the public TWC: Small: Fundamental Limits in Differential Privacy

Submitted by Sewoong Oh on Wed, 10/25/2017 - 11:47am

Differential Privacy has emerged as a well-grounded approach to balancing personal privacy and societal as well as commercial use of data. The basic idea is to add random noise to analysis results sufficient to obscure the impact of any single individual's data on the analysis, thus protecting individual privacy. While general approaches to providing differential privacy exist, in many cases the bounds are not tight; more noise is added than needed. This project uses information theoretic techniques to explore the fundamental privacy/accuracy tradeoffs in differential privacy.

group_project

Visible to the public TWC: Small: Confidentiality Measurement of Complex Computations using Quantitative Information Flow

Submitted by Stephen McCamant on Wed, 10/25/2017 - 11:26am

Concern about information privacy is a major obstacle to user adoption of new information technology applications, from smart phone applications to the deployment of automated workflows in the largest health-care and government enterprises. This project addresses privacy concerns caused by software through errors and malicious attacks. A major security concern about software revolves around whether computers reveal information that they should not.

group_project

Visible to the public TWC: Small: Collaborative: Automated Detection and Repair of Error Handling Bugs in SSL/TLS Implementations

Submitted by Suman Jana on Wed, 10/25/2017 - 9:27am

Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols are critical to internet security. However, the software that implements SSL/TLS protocols is especially vulnerable to security flaws and the consequences can be disastrous. A large number of security flaws in SSL/TLS implementations (such as man-in-the-middle attacks, denial-of-service attacks, and buffer overflow attacks) result from incorrect error handling.

group_project

Visible to the public TWC: Medium: Hardware Trojans in Wireless Networks - Risks and Remedies

Submitted by Yiorgos Makris on Wed, 10/25/2017 - 9:06am

This project investigates the risks instigated by malicious hardware modifications (hardware Trojans) in the nodes of a wireless network and aims to develop remedies, thereby enabling secure deployment and fostering technology trustworthiness. Due to the lack of assurance mechanisms in the globalized integrated circuit (IC) supply chain, hardware Trojans have recently become the topic of intensified concern.

group_project

Visible to the public TWC: Medium: Collaborative: The Theory and Practice of Key Derivation

Submitted by Yevgeniy Dodis on Wed, 10/25/2017 - 9:00am

Most cryptographic applications crucially rely on secret keys that are chosen randomly and are unknown to an attacker. Unfortunately, the process of deriving secret keys in practice is often difficult, error-prone and riddled with security vulnerabilities. Badly generated keys offer a prevalent source of attacks that render complex cryptographic applications completely insecure, despite their sophisticated design and rigorous mathematical analysis.

group_project

Visible to the public TWC: Medium: Collaborative: Security and Privacy for Wearable and Continuous Sensing Platforms

Submitted by Serge Egelman on Wed, 10/25/2017 - 8:50am

This research project studies security and privacy for wearable devices. Wearable computing is poised to become widely deployed throughout society. These devices offer many benefits to end users in terms of realtime access to information and the augmentation of human memory, but they are also likely to introduce new and complex privacy and security problems. People who use wearable devices need assurances that their privacy will be respected, and we also need ways to minimize the potential for wearable devices to intrude on the privacy of bystanders and others.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

Submitted by Vinod Ganapathy on Wed, 10/25/2017 - 8:09am

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

Submitted by Trent Jaeger on Wed, 10/25/2017 - 8:05am

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.