Deter

group_project

Visible to the public TWC: Medium: Collaborative: Exposing and Mitigating Cross-Channel Attacks that Exploit the Convergence of Telephony and the Internet

Submitted by Mustaque Ahamad on Mon, 10/09/2017 - 4:09pm

Rapid advances in technology now enable simultaneous access to both telephony and Internet services from smart phone devices that people carry with them at all times. Although this convergence of telephony with the Internet offers many benefits, it also provides cyber criminals the ability to develop increasingly sophisticated attacks that combine resources from both the telephony and Internet channels.

group_project

Visible to the public CAREER: Securing Mobile Cyber-Physical Systems (CPSs) Against Stealthy Attacks

Submitted by Mina Guirguis on Mon, 10/09/2017 - 3:17pm

As Cyber-Physical Systems (CPSs) employing mobile nodes continue to integrate into the physical world, ensuring their safety and security become crucial goals. Due to their mobility, real-time, energy and safety constraints, coupled by their reliance on communication mediums that are subject to interference and intentional jamming, the projected complexities in Mobile CPSs will far exceed those of traditional computing systems.

group_project

Visible to the public TWC: Small: Subversion-Resistant Cryptography

Submitted by Mihir Bellare on Mon, 10/09/2017 - 3:12pm

This work aims to effectively address security concerns while maintaining the privacy of individuals and corporations. The project analyzes subversive attacks, develops defenses and deterrents, creates privacy tools and software, and increases awareness and expertise through teaching, mentoring and involvement of students in research.

group_project

Visible to the public TWC SBE: Medium: Collaborative: Dollars for Hertz: Making Trustworthy Spectrum Sharing Technically and Economically Viable

Submitted by Michelle Connolly on Mon, 10/09/2017 - 1:52pm

The critical role of spectrum as a catalyst for economic growth was highlighted in the 2010 National Broadband Plan (NBP). A challenge for the NBP is realizing optimal spectrum sharing in the presence of interference caused by rogue transmissions from any source, but particularly secondary users who share the spectrum. This complex problem straddles wireless technology, industrial economics, international standards, and regulatory policy.

group_project

Visible to the public TWC: Small: Combating Environment-aware Malware

Submitted by Michail Polychron... on Mon, 10/09/2017 - 1:41pm

Tools for dynamic detection of malicious software ("malware"), such as antivirus software, often create a protected "analysis environment" (or "sandbox") in which to test suspicious software without risk to the computer system. Malware authors have responded by developing environment-awareness techniques, to enable their malware to recognize and behave differently in a sandbox environment, thereby evading detection. Authors of defense software are endeavoring to ensure that analysis environments exhibit realistic characteristics.

group_project

Visible to the public CRII: SaTC: Analyzing and verifying the security of TCP stacks under multi-entity interactions

Submitted by Zhiyun Qian on Mon, 10/09/2017 - 1:10pm

The objective of this project is to strengthen the Transmission Control Protocol (TCP), a ubiquitous core Internet protocol, under emerging threat models to make it robust and secure enough to serve the needs of 'smart' technologies in communications, automobiles, medical devices, and other devices that touch our lives every day. It is terrifying to imagine that a smart car could fail to report an accident automatically due to a denial of service attack on its TCP connections, or a smart medical device could fail to report a patient's change in condition.

group_project

Visible to the public TWC: Medium: Scaling proof-based verifiable computation

Submitted by Michael Walfish on Mon, 10/09/2017 - 12:15pm

This research addresses a fundamental problem in systems security: how can a machine specify a computation to another one and then, without executing the computation, check that the other machine carried it out correctly? Over the last several years, a new approach to this problem has emerged, based on refining cryptographic and theoretical tools, and incorporating them into built systems. However, despite exciting advances, the resulting systems are still not practical in the normal sense.

group_project

Visible to the public TWC SBE: TTP Option: Medium: Collaborative: EPICA: Empowering People to Overcome Information Controls and Attacks

Submitted by Michael Bailey on Mon, 10/09/2017 - 9:37am

This project studies the security of representative personalized services, such as search engines, news aggregators, and on-line targeted advertising, and identifies vulnerabilities in service components that can be exploited by pollution attacks to deliver contents intended by attackers.

group_project

Visible to the public TWC: TTP Option: Large: Collaborative: Internet-Wide Vulnerability Measurement, Assessment, and Notification

Submitted by Michael Bailey on Mon, 10/09/2017 - 9:34am

This project aims to reduce the impact of software vulnerabilities in Internet-connected systems by developing data-driven techniques for vulnerability measurement, assessment, and notification. Recent advances in Internet-wide scanning make it possible to conduct network surveys of the full public IPv4 address space in minutes.

group_project

Visible to the public EAGER: Can You Trust Apps Age Recommendations? Inconsistent and Unreliable Maturity Ratings on Mobile Platforms

Submitted by Yilu Zhou on Fri, 10/06/2017 - 2:21pm

While smart phones provide an excellent way for communication, entertaining and education, they also raise many privacy and security concerns. Children are facing the risks of being exposed to inappropriate content due to mis-rated Apps. Both Android and iOS apps come with maturity ratings that examine the existence and intensity of mature themes within each app. However, each mobile platform adopts its own rating policy and rating strategy which creates inconsistency and inaccurate ratings. The maturity ratings for Android apps are purely a result of app developers' self-report.