Protect

group_project

Visible to the public EAGER: The Game Changer: A New Model for Password Security

We are evaluating a new model of password security in which users place pieces on a game board (e.g., chess pieces on a chessboard). The fact that existing systems are either memorable or secure, but not both, motivated our approach. We are testing 14-15 year old high school students, college students 18-30, and older adults 60-80, and we are conducting two types of experiments. First, we are measuring all groups' memories for passwords of two and four game pieces (after a 20-minute filled delay).

group_project

Visible to the public TWC: Option: Small: FRADE: Model Human Behavior for Flash cRowd Attack DEfense

Application-level, aka ``flash-DDoS'' attacks are the most challenging form of distributed denial of service (DDoS). They flood the victim with legitimate-like service requests generated from numerous bots. There is no defense today that is even remotely effective against flash-DDoS attacks, thus such attacks are today a serious and unmitigated threat to any server.

group_project

Visible to the public CAREER: A Dual-VM Binary Code Reuse Based Framework for Automated Virtual Machine Introspection

Virtual Machine Monitors (VMMs) and hypervisors have become a foundational technology for system developers to achieve increased levels of security, reliability, and manageability for large-scale computing systems such as cloud computing. However, when developing software at the VMM layer, developers often need to interpret the very low level hardware layer state and reconstruct the semantic meanings of the guest operating system events due to the lack of operating system level abstractions.

group_project

Visible to the public TWC: Small: Collaborative: Toward Trusted Third-Party Microprocessor Cores: A Proof Carrying Code Approach

Third-party hardware Intellectual Property (IP), written as code in a Hardware Description Language (HDL), is extensively used in modern integrated circuits. Contemporary electronics typically include 75% of third party hardware IP and only 25% in-house design to provide customization or a profit-making edge. Such extensive use of third-party hardware IP in both commercial and military applications raises security and trustworthiness concerns, especially in today's globalized market.

group_project

Visible to the public  TWC: TTP Option: Small: Collaborative: SRN: On Establishing Secure and Resilient Networking Services

Almost every organization depends on cloud-based services. The backend of cloud-based services are designed for multiple tenants and reside in data centers spread across multiple physical locations. Network security and security management are major hurdles in such a complex, shared environment. This research investigates mitigating the security challenges by taking a moving target defense (MTD) approach.

group_project

Visible to the public TWC: Medium: HARDWARE-ASSISTED LIGHTWEIGHT CAPABILITY OPTIMIZATION (HALCYON)

To address today's environment of constant security challenges and cyber-threats, the Hardware-Assisted Lightweight Capability Optimization (HALCYON) research explores novel techniques to make the performance of more secure system designs acceptable to users. Conventional system designs have achieved acceptable performance, but have evolved from hardware and software designs that carry forward compromises in security that made sense in the past, but not with modern hardware resources in today's security climate.

group_project

Visible to the public TWC TTP: Small: Collaborative: Privacy-Preserving Data Collection and Access for IEEE 802.11s-Based Smart Grid Applications

The modernized Smart Grid (SG) is expected to enable several new applications such as dynamic pricing, demand response and fraud detection; however, collection of such fine-grained data raises privacy issues. This project aims to design and implement several novel mechanisms for securing data collection and communication in SG Advanced Metering Infrastructure applications while preserving user privacy when the data are to be accessed.

group_project

Visible to the public TWC: Small: Collaborative: Toward Trusted Third-Party Microprocessor Cores: A Proof Carrying Code Approach

Third-party hardware Intellectual Property (IP), written as code in a Hardware Description Language (HDL), is extensively used in modern integrated circuits. Contemporary electronics typically include 75% of third party hardware IP and only 25% in-house design to provide customization or a profit-making edge. Such extensive use of third-party hardware IP in both commercial and military applications raises security and trustworthiness concerns, especially in today's globalized market.

group_project

Visible to the public TWC: Small: Collaborative: Discovering Software Vulnerabilities through Interactive Static Analysis

Software development is a complex and manual process, in part because typical software programs contain more than hundreds of thousands lines of computer code. If software programmers fail to perform critical checks in that code, such as making sure a user is authorized to update an account, serious security compromises ensue. Indeed, vulnerable software is one of the leading causes of cyber security problems. Checking for security problems is very expensive because it requires examining computer code for security mistakes, and such a process requires significant manual effort.

group_project

Visible to the public  TWC: Small: Language-level Control of Authority

Modern computer applications are typically made up of different software components that are created by, or may act on behalf of, mutually distrustful entities. To ensure the security of computer systems, it is important to restrict the ability of the components to perform actions within the computer system. The Principle of Least Authority states that a component should be given only the ability (or authority) it needs to perform its task, and no more.