TC

Many complex software-based systems must be certified in order to be deployed in safety-critical environments. Modern software certification processes require trustworthy evidence supporting the verification claims. While verification tools have made tremendous gains in power, they lack the ability to generate concise and independently checkable evidence. The V Kernel project develops a practical approach to reconciling trust and automation. The claims generated by the fast but untrusted front-line verification tools are certified offline by slower but verified back-end checkers.

A system has resilient security if it retains a degree of secure functioning despite the compromise of some components. Since vulnerable components will long be in widespread use, resilient security is what counts against sophisticated adversaries with persistent footholds in American systems.

Resiliency infrastructures can help secure application components that may have many intrinsic weaknesses. They can structure systems so the risk of successful attack can be meaningfully measured.

Traditional security authorization decisions are black and white: a user either satisfies a particular access policy or does not. This rigidity is a handicap in our complex and unpredictable world. As a result, even security-conscious organizations typically grossly overprovision principals with access rights and/or underconstrain access policies to ensure that principals can always carry out the organization's mission effectively and respond to unexpected opportunities and challenges.

Insufficient attention has been given to enterprise Identity and Access Management (IAM) as a process that needs to be carried out on a continuing basis in the presence of change and evolution. In particular, there is little formal support for how IAM can exploit experience the enterprise collects over time.

Pay-as-you-Go investigates security and privacy for Integrated Transportation Payment Systems (ITPS). The research addresses integrated payments for trains, subways, buses, ferries, and recharging of electric cars, as well as toll collection for roads, bridges, and tunnels. Multi-disciplinary aspects include novel cryptographic protocols and lightweight implementations of privacy-preserving payment systems. Challenges include providing security and privacy in a low-cost, usable, and reliable manner.