Protect

group_project

Visible to the public SaTC: STARSS: ICM: Invariant Carrying Machine for Hardware Assurance

Submitted by Hai Zhou on Mon, 11/13/2017 - 8:00am

Design of complex semiconductor circuits and systems requires many steps, involves hundreds of engineers, and is typically distributed across multiple locations and organizations worldwide. The conventional processes and tools for design of semiconductors can ensure the correctness, that is, the resulting product does what it is supposed to do. However, these processes do not provide confidence about whether the chip is altered such that it provides unauthorized access or control.

group_project

Visible to the public EAGER: Understanding the Strategic Values of Privacy Practices in Organizations

Submitted by Gwendolyn Lee on Mon, 11/13/2017 - 7:52am

As companies collect consumer data in increasingly larger quantity and mine the data more deeply, trade-offs arise with respect to companies' practices about information privacy. A company may choose practices that augment targeted advertisements or services. However, the financial rewards associated with privacy practices are highly uncertain, since they are affected by a company's competition with rivals.

group_project

Visible to the public TWC: Medium: Collaborative: Strengthening Wi-Fi Network Wide

Submitted by Guevara Noubir on Mon, 11/13/2017 - 7:46am

Wi-Fi has emerged as the technology of choice for Internet access. Thus, virtually every smartphone or tablet is now equipped with a Wi-Fi card. Concurrently, and as a means to maximize spectral efficiency, Wi-Fi radios are becoming increasingly complex and sensitive to wireless channel conditions. The prevalence of Wi-Fi networks, along with their adaptive behaviors, makes them an ideal target for denial of service attacks at a large, infrastructure level.

group_project

Visible to the public TWC: Small: A Moving Target Approach to Enhancing Machine Learning-Based Malware Defense

Submitted by Guanhua Yan on Mon, 11/13/2017 - 7:34am

The ever-growing malware threats call for effective, yet efficient, mitigation techniques. Machine learning offers a promising solution to malware defense due to the scalability and automation that it brings. Machine learning techniques are however not a panacea for advanced malware attacks where cyber criminals can carefully craft malware features to evade detection. The root cause of such attacks can be attributed to the passive nature of existing machine learning-based malware defense systems.

group_project

Visible to the public EDU: Development and Analysis of a Cybersecurity Education Game

Submitted by Gregory White on Mon, 11/13/2017 - 7:31am

The project involves the design and development of pedagogical games to introduce cybersecurity and cyber safety concepts to students in grades K-6. It will engage students with activities demonstrating the relevance of cybersecurity to the world around them; challenge students with creative puzzle-solving exercises; and will analyze the effectiveness of age-appropriate cybersecurity games to introduce cybersecurity knowledge. A major aspect of this project is the dissemination of cybersecurity principles to elementary school students.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: Identifying and Mitigating Trust Violations in the Smartphone Ecosystem

Submitted by Giovanni Vigna on Mon, 11/13/2017 - 7:21am

The adoption of smartphones has steadily increased in the past few years, and smartphones have become the tool with which millions of users handle confidential information, such as financial and health-related data. As a result, these devices have become attractive targets for cybercriminals, who attempt to violate the trust assumptions underlying the smartphone platform in order to compromise the security and privacy of users.

group_project

Visible to the public TWC: Small: Collaborative: Towards Energy-Efficient Privacy-Preserving Active Authentication of Smartphone Users

Submitted by Gang Zhou on Mon, 11/13/2017 - 6:54am

Common smartphone authentication mechanisms such as PINs, graphical passwords, and fingerprint scans offer limited security. They are relatively easy to guess or spoof, and are ineffective when the smartphone is captured after the user has logged in. Multi-modal active authentication addresses these challenges by frequently and unobtrusively authenticating the user via behavioral biometric signals, such as touchscreen interaction, hand movements, gait, voice, and phone location.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

Submitted by Gang Tan on Mon, 11/13/2017 - 6:46am

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.

group_project

Visible to the public SaTC:EDU: Capacity Building in Security, Privacy and Trust for Geospatial Applications

Submitted by Gabriel Ghinita on Mon, 11/13/2017 - 6:40am

Many mobile devices with GPS-positioning capabilities allow users to retrieve and share their geographical coordinates and such geospatial data is critical in many areas including traffic optimization, emergency response, disaster rescue missions or military intelligence.

group_project

Visible to the public CRII: SaTC: Improving Computer Security Technologies through Analyzing Security Needs and Practices of Journalists

Submitted by Franziska Roesner on Mon, 11/13/2017 - 6:33am

Advances in digital communication technologies, and their proliferation in recent decades, have had a remarkable impact on journalism. Security weaknesses in these technologies have put journalists and their sources increasingly at risk, hindering efforts at investigative reporting, transparency, and whistleblowing. Because of their willingness to be early adopters, and to openly communicate their issues, journalists provide an opportunity to identify security issues and requirements in new communication methods.