Protect

group_project

Visible to the public EDU: Developing a Software Artifact Repository for Software Assurance Education

Submitted by Dianxiang Xu on Tue, 11/07/2017 - 5:35am

This project will develop a software assurance education artifact repository, designed for use across numerous computer science programs and institutions. The repository will help students to obtain a firm understanding of the software assurance process and necessary skills to develop highly assured software. The team will also create instructional materials for effective software artifact use.

group_project

Visible to the public TWC: Small: Benchmarking Testing Methods for Access Control Policies

Submitted by Dianxiang Xu on Tue, 11/07/2017 - 5:32am

Access control policies specify which users may perform which actions on which resources within which environments. Defective policies may have serious impacts, allowing unintended access (e.g., bank account withdrawals by a stranger) or preventing critical legitimate access (e.g., a doctor cannot view her patient's x-ray). As computer systems become more complex, policy defects have become more common.

group_project

Visible to the public TWC SBE: Medium: Collaborative: A Socio-Technical Approach to Privacy in a Camera-Rich World

Submitted by Denise Anthony on Tue, 10/31/2017 - 5:06am

Cameras are now pervasive on consumer devices, including smartphones, laptops, tablets, and new wearable devices like Google Glass and the Narrative Clip lifelogging camera.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

Submitted by Vinod Yegneswaran on Wed, 10/25/2017 - 3:34pm

The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

Submitted by V. Venkatakrishnan on Wed, 10/25/2017 - 3:31pm

The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: Identifying and Mitigating Trust Violations in the Smartphone Ecosystem

Submitted by Yan Chen on Wed, 10/25/2017 - 3:29pm

The adoption of smartphones has steadily increased in the past few years, and smartphones have become the tool with which millions of users handle confidential information, such as financial and health-related data. As a result, these devices have become attractive targets for cybercriminals, who attempt to violate the trust assumptions underlying the smartphone platform in order to compromise the security and privacy of users.

group_project

Visible to the public TWC: TTP Option: Large: Collaborative: Towards a Science of Censorship Resistance

Submitted by Vern Paxson on Wed, 10/25/2017 - 3:25pm

The proliferation and increasing sophistication of censorship warrants continuing efforts to develop tools to evade it. Yet, designing effective mechanisms for censorship resistance ultimately depends on accurate models of the capabilities of censors, as well as how those capabilities will likely evolve. In contrast to more established disciplines within security, censorship resistance is relatively nascent, not yet having solid foundations for understanding censor capabilities or evaluating the effectiveness of evasion technologies.

group_project

Visible to the public TWC: Small: Towards Trustworthy Access Control Policies

Submitted by sdstoller on Wed, 10/25/2017 - 3:03pm

Getting access control policies right is challenging, especially in large organizations. This project is developing techniques and tools to support efficient and trustworthy administration of Attribute-Based Access Control (ABAC) policies. ABAC is a flexible, high-level, and increasingly popular security policy framework.

group_project

Visible to the public  TWC: Small: Time Advantage-based Key Establishment Protocols for Low-cost Wireless Networked Systems

Submitted by Yong Guan on Wed, 10/25/2017 - 2:58pm

The essence of information assurance resides in the ability of the legitimate communication parties to establish and maintain an advantage over their adversary. Most often, such an advantage is in the form of a secret key. The high costs associated with standard key establishment protocols motivate the recent surge of less conventional protocols, which derive the legitimate parties' advantage from physical features (the adversary may have a worse channel than the legitimate receiver) or from correlated sources of randomness (accelerometer readings when two devices are shaken together).

group_project

Visible to the public TWC: Small: Theory and Practice of Tweakable-Blockcipher-Based Cryptography

Submitted by Thomas Shrimpton on Wed, 10/25/2017 - 2:54pm

Blockciphers are the basic building block of shared-key cryptography. However, for certain important cryptographic goals, like building encryption schemes, the interface presented by blockciphers is limiting. A more modern primitive, the tweakable blockcipher (TBC), is often a better fit. Like a blockcipher, a TBC takes as input a secret key, a block of data and the tweak which is an additional input which provides variability to the TBC's input-output behavior without having to change the secret key.