TWC

Despite an emphasis the security community places on the importance of producing secure software, the number of new security vulnerabilities in software increases every year. This research is based on the assumption that software vulnerabilities are caused by misunderstandings, or lack of knowledge, called blind spots, which the developers experience while they are building systems. When building systems, developers often focus more on functional requirements than on non-functional ones, such as security.

This research project studies security and privacy for wearable devices. Wearable computing is poised to become widely deployed throughout society. These devices offer many benefits to end users in terms of realtime access to information and the augmentation of human memory, but they are also likely to introduce new and complex privacy and security problems. People who use wearable devices need assurances that their privacy will be respected, and we also need ways to minimize the potential for wearable devices to intrude on the privacy of bystanders and others.

Security policies often base access decisions on temporal context (e.g., time of day) and environmental context (e.g., geographic location). Access control policies for operating systems frequently consider execution context (e.g., user ID, program arguments). However, little has been done to incorporate user expectation context into security decision mechanisms. Text artifacts provide a source of user expectation context.

The primary goal of this project is to develop a mathematical foundation underlying the analysis of modern cryptosystems. Cryptography is a core tool used to secure communications over the Internet. Secure and trustworthy communications and data storage are essential to national security and to the functioning of the world economy. Recent spectacular research results have enabled the development of new types of cryptography, exciting new potential applications, and hopes for stronger guarantees of cryptographic security in the long term.

The security of critical information infrastructures depends upon effective techniques to detect vulnerabilities commonly exploited by malicious attacks. Due to poor coding practices or human error, a known vulnerability discovered and patched in one code location may often exist in many other unpatched code locations, either in the same code base or other code bases. Furthermore, patches are often error-prone, resulting in new vulnerabilities. This project develops practical techniques for detecting code-level similarity to prevent such vulnerabilities.