Protect

group_project

Visible to the public TC: Small: Analysis for a Cloud of Policies: Foundations and Tools

Computers and people live in a world governed by policy. At the lowest level, policies determine how information flows within networks; at the highest level, they describe how users' personal information is shared across applications. Of course, end-users, as policy authors, make mistakes: rules can have unintended consequences and multiple policies can interact in ways that their authors didn't intend. Users can benefit from tools to help them understand the policies they write and maintain. Policy analysis refers to rigorous methods for detecting these situations before they cause harm.

group_project

Visible to the public TC: Large: Collaborative Research: Facilitating Free and Open Access to Information on the Internet

This project develops methods to provide citizens information about technologies that obstruct, restrict, or tamper with their access to information. Internet users need an objective, independent, third-party service that helps them determine whether their Internet service provider or government is restricting access to content, specific protocols, or otherwise degrading service. Towards this goal, we are (1) monitoring attempts to block or manipulate Internet content and communications; and (2) evaluating various censorship circumvention mechanisms in real-world deployments}.

group_project

Visible to the public TC: Medium: Semantics and Enforcement of Privacy Policies: Information Use and Purpose

Organizations, such as hospitals, financial institutions, and universities, that collect and use personal information are required to comply with privacy regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and the Family Educational Rights and Privacy Act (FERPA). Similarly, to ensure customer trust, web services companies, such as Google, Facebook, Yahoo!, and Amazon, publish privacy policies stating what they will do with the information they keep about customers' individual behaviors.

group_project

Visible to the public Virtual Laboratory and Curriculum Development for Secure Mobile Computing

The "Virtual Laboratory and Curriculum Development for Secure Mobile Computing" project at the University of Texas at Dallas (UTD) will develop a set of courses and a virtual laboratory in mobile system security with an emphasis on securing smart phones. The courses that will be developed will include topics such as Android taint analysis using existing tools or development of new tools, scalable Android security threat analysis on applications (apps), and smart phone forensics.

group_project

Visible to the public TWC: Large: Collaborative: Verifiable Hardware: Chips that Prove their Own Correctness

This project addresses how semiconductor designers can verify the correctness of ICs that they source from possibly untrusted fabricators. Existing solutions to this problem are either based on legal and contractual obligations, or use post-fabrication IC testing, both of which are unsatisfactory or unsound. As a sound alternative, this project designs and fabricates verifiable hardware: ICs that provide proofs of their correctness for every input-output computation they perform in the field.

group_project

Visible to the public TWC: Small: Understanding and Mitigating the Threat of a Malicious Network-on-Chip

One of the key challenges in trustworthy computing is establishing trust in the hardware layer, which is the execution platform of all software applications. Modern multiprocessor system-on-chips employ many specialized components, and scalable network-on-chips (NoC) are often deployed to efficiently connect these components. In the light of these trends, this project investigates secure and reliable computation, when the underlying NoC is compromised.

group_project

Visible to the public TWC: Small: Quantitative Analysis and Reporting of Electromagnetic Covert and Side Channel Vulnerabilities

Most traditional approaches to computer security assume that information from the system can only be sent through intended output channels, such as network connection, monitor, portable disk drive, etc. Side-channel and covert-channel attacks circumvent these protections by extracting information that is leaked or deliberately sent from the system through unintended signals, such as electromagnetic emanations, power consumption, timing of computational activity, etc.

group_project

Visible to the public TWC: Small: Understanding and Mitigating the Security Hazards of Mobile Fragmentation

Mobile computing technologies are rapidly evolving and phone (and other mobile device) manufacturers are under constant pressure to offer new product models. Each manufacturer customizes operating system software for its devices and often changes this software to support its new models. Given the many manufacturers in the mobile device marketplace and the many different generations of products, there are many customized branches of mobile operating systems in use at any time.

group_project

Visible to the public TWC: Small: Privacy Preserving Cooperation among Microgrids for Efficient Load Management on the Grid

Smart grid integrates sensors and communication infrastructure into the existing power grid to enable operational intelligence. The concept of microgrid is emerging in conjunction with the smart grid wherein small segments of the grid can be isolated into self-sufficient islands to feed their own demand load with their local energy, e.g., wind, solar.

group_project

Visible to the public TWC: Small: Intelligent Malware Detection Utilizing Novel File Relation-Based Features and Resilient Techniques for Adversarial Attacks

Malware (e.g., viruses, worms, and Trojans) is software that deliberately fulfills the harmful intent of an attacker. It has been used as a major weapon by the cyber-criminals to launch a wide range of attacks that cause serious damages and significant financial losses to many Internet users. To protect legitimate users from these attacks, the most significant line of defense against malware is anti-malware software products, which predominately use signature-based methods to recognize threats.