TWC

Used by hundreds of millions of people every day, online services are central to everyday life. Their popularity and impact make them targets of public opinion skewing attacks, in which those with malicious intent manipulate the image of businesses, mobile applications and products. Website owners often turn to crowdsourcing sites to hire an army of professional fraudsters to paint a fake flattering image for mediocre subjects or trick people into downloading malicious software.

The main research focus of this proposal is to create a platform that allows to automatically find attacks in unmodified binaries of distributed systems. The attacks are conducted through message manipulation by insider attackers and impact primarily performance and availability. The platform combines existent open-source virtualization environments such as KVM, and network simulation and emulation tools such as NS3, to create a realistic environment in which target systems will run.

Privacy is critical to freedom of creativity and innovation. Assured privacy protection offers unprecedented opportunities for industry innovation, science and engineering discovery, as well as new life enhancing experiences and opportunities.

The modern web experience is dynamic, providing users with a highly responsive interface through which to interact with the world. Today's mechanisms allow servers---even those which are controlled by an attacker---to download arbitrary programs into a user's browser. It is extraordinarily difficult to secure the web browser (and its user) against attack in this scenario. While tools and techniques are useful to analyze and restrict downloaded code, they are by their very nature incomplete. As a result, the security of web services relies on a series of ad hoc, service-provided techniques.

The essence of information assurance resides in the ability of the legitimate communication parties to establish and maintain an advantage over their adversary. Most often, such an advantage is in the form of a secret key. The high costs associated with standard key establishment protocols motivate the recent surge of less conventional protocols, which derive the legitimate parties' advantage from physical features (the adversary may have a worse channel than the legitimate receiver) or from correlated sources of randomness (accelerometer readings when two devices are shaken together).