Protect

group_project

Visible to the public SBE TWC: Small: Collaborative: Pocket Security - Smartphone Cybercrime in the Wild

Most of the world's internet access occurs through mobile devices such as smart phones and tablets. While these devices are convenient, they also enable crimes that intersect the physical world and cyberspace. For example, a thief who steals a smartphone can gain access to a person?s sensitive email, or someone using a banking app on the train may reveal account numbers to someone looking over her shoulder. This research will study how, when, and where people use smartphones and the relationship between these usage patterns and the likelihood of being a victim of cybercrime.

group_project

Visible to the public TWC: Large: Collaborative: Verifiable Hardware: Chips that Prove their Own Correctness

This project addresses how semiconductor designers can verify the correctness of ICs that they source from possibly untrusted fabricators. Existing solutions to this problem are either based on legal and contractual obligations, or use post-fabrication IC testing, both of which are unsatisfactory or unsound. As a sound alternative, this project designs and fabricates verifiable hardware: ICs that provide proofs of their correctness for every input-output computation they perform in the field.

group_project

Visible to the public Collaborative: Development and Testing of a Secure Programming Clinic

This capacity building project will create Secure Programming Clinic to enhance student learning and expertise in writing robust, secure software, analogous to a writing clinic in an English department or law school. It provides continual reinforcement of the mechanisms, methods, technologies, and need for programming with security and robustness considerations throughout a student's undergraduate coursework. The clinic would augment courses, not replace them or their content.

group_project

Visible to the public TWC: Small: Collaborative: Discovering Software Vulnerabilities through Interactive Static Analysis

Software development is a complex and manual process, in part because typical software programs contain more than hundreds of thousands lines of computer code. If software programmers fail to perform critical checks in that code, such as making sure a user is authorized to update an account, serious security compromises ensue. Indeed, vulnerable software is one of the leading causes of cyber security problems. Checking for security problems is very expensive because it requires examining computer code for security mistakes, and such a process requires significant manual effort.

group_project

Visible to the public CAREER: Finding Levers for Privacy and Security by Design in Mobile Development

Mobile data are one of the fastest emerging forms of personal data. Ensuring the privacy and security of these data are critical challenges for the mobile device ecosystem. Mobile applications are easy to build and distribute, and can collect a large variety of sensitive personal data. Current approaches to protecting this data rely on security and privacy by design: encouraging developers to proactively implement security and privacy features to protect sensitive data.

group_project

Visible to the public TWC: TTP Option: Small: Collaborative: SRN: On Establishing Secure and Resilient Networking Services

Almost every organization depends on cloud-based services. The backend of cloud-based services are designed for multiple tenants and reside in data centers spread across multiple physical locations. Network security and security management are major hurdles in such a complex, shared environment. This research investigates mitigating the security challenges by taking a moving target defense (MTD) approach.

group_project

Visible to the public STARSS: Small: Defending Against Hardware Covert Timing Channels

Safeguarding sensitive user information stored in computer systems is a fast growing concern, especially as computers are universally used everywhere from national defense to mobile phones. Malicious hackers have found unscrupulous ways to steal sensitive information largely by exploiting the vulnerabilities in existing hardware and software. Among the many forms of information leakage, covert timing channels exfiltrate secrets from a trojan process with higher security credentials to a spy process with lesser credentials by exploiting the access timing of system resources.

group_project

Visible to the public  TWC: Medium: Language-Hardware Co-Design for Practical and Verifiable Information Flow Control

Current cloud computing platforms, mobile computing devices, and embedded devices all have the security weakness that they permit information flows that violate the confidentiality or integrity of information. This project explores an integrated approach in which software and hardware are co-designed with strong, comprehensive, verifiable security assurance. The goal is to develop a methodology for designing systems in which all forms of information flow are tracked, at both the hardware and software levels, and between these levels.

group_project

Visible to the public EAGER: TWC: Collaborative: iPrivacy: Automatic Recommendation of Personalized Privacy Settings for Image Sharing

The objective of this project is to investigate a comprehensive image privacy recommendation system, called iPrivacy (image Privacy), which can efficiently and automatically generate proper privacy settings for newly shared photos that also considers consensus of multiple parties appearing in the same photo. Photo sharing has become very popular with the growing ubiquity of smartphones and other mobile devices.

group_project

Visible to the public TWC: Small: Practical Assured Big Data Analysis in the Cloud

The use of "cloud technologies" presents a promising avenue for the requirements of big data analysis. Security concerns however represent a major impediment to the further adoption of clouds: through the sharing of cloud resources, an attack succeeding on one node can tamper with many applications sharing that node.