Protect

group_project

Visible to the public TWC: Medium: Collaborative: Security and Privacy for Wearable and Continuous Sensing Platforms

Submitted by Serge Egelman on Wed, 10/25/2017 - 8:50am

This research project studies security and privacy for wearable devices. Wearable computing is poised to become widely deployed throughout society. These devices offer many benefits to end users in terms of realtime access to information and the augmentation of human memory, but they are also likely to introduce new and complex privacy and security problems. People who use wearable devices need assurances that their privacy will be respected, and we also need ways to minimize the potential for wearable devices to intrude on the privacy of bystanders and others.

group_project

Visible to the public TWC: Medium: Collaborative: Scaling and Prioritizing Market-Sized Application Analysis

Submitted by Somesh Jha on Wed, 10/25/2017 - 8:47am

The emergence of smartphones and more generally mobile platforms as a vehicle for communication, entertainment, and commerce has led to a revolution of innovation. Markets now provide a dizzying array of applications that inform and aid every conceivable human need or desire. At the same time, application markets allow previously unknown multitudes of application developers access to user devices through fast- tracked software publishing with well-documented consequent security concerns.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

Submitted by Vinod Ganapathy on Wed, 10/25/2017 - 8:09am

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

Submitted by Trent Jaeger on Wed, 10/25/2017 - 8:05am

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.

group_project

Visible to the public TWC: Medium: Collaborative: Extending Smart-Phone Application Analysis

Submitted by Somesh Jha on Wed, 10/25/2017 - 7:50am

This research is focused on the creation of new techniques and algorithms to support comprehensive analysis of Android applications. We have developed formally grounded techniques for extracting accurate models of smartphone applications from installation images. The recovery formalization is based on TyDe, a typed meta-representation of Dalvik bytecode (the code structure used by the Android smartphone operating system).

group_project

Visible to the public TWC: Medium: Automating Countermeasures and Security Evaluation Against Software Side-channel Attacks

Submitted by Yunsi Fei on Tue, 10/24/2017 - 1:56pm

Side-channel attacks (SCA) have been a realistic threat to various cryptographic implementations that do not feature dedicated protection. While many effective countermeasures have been found and applied manually, they are application-specific and labor intensive. In addition, security evaluation tends to be incomplete, with no guarantee that all the vulnerabilities in the target system have been identified and addressed by such manual countermeasures.

group_project

Visible to the public TWC: Large: Collaborative: Living in the Internet of Things

Submitted by Tadayoshi Kohno on Tue, 10/24/2017 - 1:51pm

More and more objects used in daily life have Internet connectivity, creating an "Internet of Things" (IoT). Computer security and privacy for an IoT ecosystem are fundamentally important because security breaches can cause real and significant harm to people, their homes, and their community.

group_project

Visible to the public SBE TWC: Small: Collaborative: Pocket Security - Smartphone Cybercrime in the Wild

Submitted by dmaimon on Tue, 10/24/2017 - 12:58am

Most of the world's internet access occurs through mobile devices such as smart phones and tablets. While these devices are convenient, they also enable crimes that intersect the physical world and cyberspace. For example, a thief who steals a smartphone can gain access to a person's sensitive email, or someone using a banking app on the train may reveal account numbers to someone looking over her shoulder. This research will study how, when, and where people use smartphones and the relationship between these usage patterns and the likelihood of being a victim of cybercrime.

group_project

Visible to the public TWC: Small: Automated Security Testing for Applications Integrating Third-Party Services

Submitted by David Evans on Tue, 10/24/2017 - 12:44am

Modern web and mobile applications increasingly rely on code and services from multiple parties, including services that provide security-critical functions like authentication, payments, and sharing. Developers often make mistakes in integrating these services into their applications that lead to serious security vulnerabilities. These integration failures are mainly due to failures to understand and ensure assumptions necessary for secure use of the external service.