TWC

This project studies the security of representative personalized services, such as search engines, news aggregators, and on-line targeted advertising, and identifies vulnerabilities in service components that can be exploited by pollution attacks to deliver contents intended by attackers.

Everyday web users have little guidance in handling the growing number of privacy issues they face when they go online. Many web sites - some legitimate, some less so - have behaviors many would consider unexpected or undesirable. These include popular and well-known web sites, as well as web sites that aim to dupe customers with "free" trials. These kinds of sites often detail their behaviors in privacy policies and terms of use pages, but these policies are rarely read, hard to understand, and sometimes intentionally obfuscated with legal jargon, small text, and pale fonts.

The security of critical information infrastructures depends upon effective techniques to detect vulnerabilities commonly exploited by malicious attacks. Due to poor coding practices or human error, a known vulnerability discovered and patched in one code location may often exist in many other unpatched code locations, either in the same code base or other code bases. Furthermore, patches are often error-prone, resulting in new vulnerabilities. This project develops practical techniques for detecting code-level similarity to prevent such vulnerabilities.

Semantic attacks are efforts by others to steal valuable information by imitating electronic communications from a trustworthy source. A common example of a semantic attack is phishing where a phisher sends unsolicited messages to potential targets. When a targeted individual responds, the phisher then steals valuable information from the individual. Semantic attacks flow through established channels of communication (e.g., email, social media) and are difficult to distinguish from legitimate messages.

Open-audit cryptographic voting protocols enable the verification of election outcomes, independent of whether election officials or polling machines behave honestly. Many open-audit voting systems have been prototyped and deployed. The City of Takoma Park, MD held its 2009 and 2011 city elections using voting system Scantegrity. Systems with similar properties are being proposed for use in Victoria, Australia (the Pret a Voter system) and Travis County, Texas (the STAR-Vote system).