TC

A use-after-free error is a software flaw that potentially allows an attacker to remotely inject malicious software or corrupt memory values. Such attacks can result in the theft of private data, propagation of worms and viruses, or the creation of botnet nodes that can be programmed to spew spam or disrupt Internet traffic. Recently, use-after-free vulnerabilities have been found in crucial software such as Microsoft's Internet Explorer, Adobe Acrobat Reader, and Firefox among others.

Data Protection laws that exempt data that is not individually identifiable have led to an explosion in anonymization research. Unfortunately, how well current de-identification and anonymization techniques control risks to privacy and confidentiality is not well understood. Neither is the usefulness of anonymized data for real-world applications. The project addresses anonymization on three fronts: 1) Textual data, even when explicit identifiers are removed (names, dates, locations), can contain highly identifiable information.

This project studies higher-level abstractions for constructing distributed systems that integrate information and computation across administrative and trust domains. Current practice does not offer general, principled techniques for implementing these systems securely. To develop these techniques, fundamental problems of security, consistency, performance, and system evolution are being explored.

The potential benefits from electronic medical records (EMRs), including lab tests, images, diagnoses, prescriptions, and medical histories are without precedent. Patients and insurers can avoid repeating studies that, for example, expose people to additional radiation and incur unnecessary costs. Providers can instantly access patient histories , and patients can take ownership of their medical records, with the potential for greater privacy, and better access to their records when they are needed.

Data Protection laws that exempt data that is not individually identifiable have led to an explosion in anonymization research. Unfortunately, how well current de-identification and anonymization techniques control risks to privacy and confidentiality is not well understood. Neither is the usefulness of anonymized data for real-world applications. The project addresses anonymization on three fronts: 1) Textual data, even when explicit identifiers are removed (names, dates, locations), can contain highly identifiable information.