Protect

group_project

Visible to the public EDU: Collaborative: Enhancing Education in Genetic Privacy with Integration of Research in Computer Science and Bioinformatics

Submitted by Xinghua Shi on Mon, 10/09/2017 - 1:56pm

The era of personal genomics, where genetic information is ubiquitously available for research, clinical practice or personal curiosity, is quickly approaching. At the same time, there is a growing concern of genetic privacy and the existing educational resources are focused mostly on legal, regulatory or ethical issues in personal genomics.

Outcomes Report URL: 
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1523154
group_project

Visible to the public EAGER: Collaborative: IC Supply Chain Security and Quality Control in Business and Social Context

Submitted by Wei-Ming Lin on Mon, 10/09/2017 - 1:48pm

Trusted hardware is essential to achieving a secure and trustworthy cyberspace. However, this security foundation is not free of threats. Specifically, an adversary involved in Integrated Circuit (IC) development and supply may launch a number of attacks such as intellectual property theft, design tamper, counterfeiting and overproduction. The Comprehensive National Cyber Security Initiative has identified this supply chain risk management problem as a top national priority.

group_project

Visible to the public CRII: SaTC: Empirical and Analytical Models for the Deployment of Software Updates in Large Vulnerable Populations

Submitted by tdumitra on Mon, 10/09/2017 - 1:13pm

Software vulnerabilities are an important vector for malware delivery. The software updating mechanisms, responsible for deploying the vulnerability patches, are in a race with the cyber attackers seeking to exploit the vulnerabilities. Moreover, these updating mechanisms have multiple, potentially conflicting, design goals, as they must quickly deploy patches on millions of hosts worldwide, must not overburden the users, and must avoid breaking dependencies in the deployment environment.

group_project

Visible to the public CRII: SaTC: Analyzing and verifying the security of TCP stacks under multi-entity interactions

Submitted by Zhiyun Qian on Mon, 10/09/2017 - 1:10pm

The objective of this project is to strengthen the Transmission Control Protocol (TCP), a ubiquitous core Internet protocol, under emerging threat models to make it robust and secure enough to serve the needs of 'smart' technologies in communications, automobiles, medical devices, and other devices that touch our lives every day. It is terrifying to imagine that a smart car could fail to report an accident automatically due to a denial of service attack on its TCP connections, or a smart medical device could fail to report a patient's change in condition.

group_project

Visible to the public TWC: Medium: Scaling proof-based verifiable computation

Submitted by Michael Walfish on Mon, 10/09/2017 - 12:15pm

This research addresses a fundamental problem in systems security: how can a machine specify a computation to another one and then, without executing the computation, check that the other machine carried it out correctly? Over the last several years, a new approach to this problem has emerged, based on refining cryptographic and theoretical tools, and incorporating them into built systems. However, despite exciting advances, the resulting systems are still not practical in the normal sense.

group_project

Visible to the public TWC: Frontier: Collaborative: Rethinking Security in the Era of Cloud Computing

Submitted by Michael Swift on Mon, 10/09/2017 - 11:45am

There are at least two key features of the move to cloud computing that introduce the opportunity for significant leaps forward in computer security for tenant services. First, a compute cloud provides a common software, hardware and management basis for rolling out cross-cutting services en masse that have resisted incremental deployment in a one-service-at-a-time fashion. Second, compute clouds offer providers a broad view of activity across an unprecedented diversity of tenant services.

group_project

Visible to the public TWC: Frontier: Collaborative: Rethinking Security in the Era of Cloud Computing

Submitted by reiter on Mon, 10/09/2017 - 11:29am

There are at least two key features of the move to cloud computing that introduce the opportunity for significant leaps forward in computer security for tenant services. First, a compute cloud provides a common software, hardware and management basis for rolling out cross-cutting services en masse that have resisted incremental deployment in a one-service-at-a-time fashion. Second, compute clouds offer providers a broad view of activity across an unprecedented diversity of tenant services.

group_project

Visible to the public SaTC: STARSS: Hardware Authentication through High-Capacity PUF-Based Secret Key Generation and Lattice Coding

Submitted by Michael Orshansky on Mon, 10/09/2017 - 11:25am

Hardware authentication is one of the critical needs in the emerging discipline of design for assurance and design for security. It is concerned with establishing the authenticity and provenance of Integrated Circuits (ICs) reliably and inexpensively at any point in a chip's life-time. Physical unclonable functions (PUFs) have significant promise as basic primitives for authentication since they can serve as intrinsically-generated hardware roots-of-trust within specific authentication protocols.

group_project

Visible to the public STARSS: Small: Simulation-Based Verification of EM Side-Channel Attack Resilience of Embedded Cryptographic Systems

Submitted by Michael Orshansky on Mon, 10/09/2017 - 11:23am

The widely used encryption algorithms, based both on private- and public-key cryptography, provide provable security guarantees against attacks under an abstract model of computation. In reality, physical systems leak information and the adversarial access is not completely captured by the abstractions in the standard model. Attacks that exploit a physically observable signal, such as power, timing, or electromagnetic (EM) radiation, are known as side-channel attacks. They present a formidable challenge to ensuring the security of existing cryptographic applications.

group_project

Visible to the public TWC: Medium: Collaborative: Re[DP]: Realistic Data Mining Under Differential Privacy

Submitted by Michael Hay on Mon, 10/09/2017 - 10:06am

The collection and analysis of personal data about individuals has revolutionized information systems and fueled US and global economies. But privacy concerns regarding the use of such data loom large. Differential privacy has emerged as a gold standard for mathematically characterizing the privacy risks of algorithms using personal data. Yet, adoption of differentially private algorithms in industry or government agencies has been startlingly rare.