TWC

The problem of cyber-security encompasses computer systems of all sizes and affects almost all aspects of our day-to-day lives. This makes it fundamentally important to detect accurately and respond quickly to cyber-threats as they develop. This project aims to develop techniques and tools that can accelerate the process of understanding and responding to new cyber-threats as they develop. The authors of malicious software (malware) usually try to make the malware stealthy in order to avoid detection.

A key property of modern day network environments such as the Internet is the possibility of multiple processes running simultaneously, concurrently and unaware of each other. However, the same property also allows an attacker for a coordinated attack in which an adversary controls many parties, interleaving the executions of the various protocol instances and creating rogue interactions between protocols. With changing network environments and new-emerging paradigms such as cloud computing, we need to assess the threat model in order to capture a broader class of attacks.

By collecting sensor data from individuals in a user community, e.g., using their smartphones, it is possible to learn the behavior of communities, for example locations, activities, and events. Similarly, using data from personal health monitoring sensors, it is possible to learn about the health risks and responses to treatments for population groups. But is it possible to use the valuable information for the greater good without disclosing information about the individuals contributing the data? What about protecting this information from improper access?

Used by hundreds of millions of people every day, online services are central to everyday life. Their popularity and impact make them targets of public opinion skewing attacks, in which those with malicious intent manipulate the image of businesses, mobile applications and products. Website owners often turn to crowdsourcing sites to hire an army of professional fraudsters to paint a fake flattering image for mediocre subjects or trick people into downloading malicious software.

The problem of insecure computing environments has large impacts on society: security breaches lead to violations of privacy, financial frauds, espionage, sabotage, lost productivity, and more. These, in turn, result in vast economic damage. A major reason for the severity of these consequences is that many systems run on top of an insecure operating system kernel. The Linux kernel, a de facto industry standard for embedded, mobile, cloud, and supercomputing environments, is often a target for security attacks.