Detect

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

Submitted by V. Venkatakrishnan on Wed, 10/25/2017 - 4:31pm

The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: Identifying and Mitigating Trust Violations in the Smartphone Ecosystem

Submitted by Yan Chen on Wed, 10/25/2017 - 4:29pm

The adoption of smartphones has steadily increased in the past few years, and smartphones have become the tool with which millions of users handle confidential information, such as financial and health-related data. As a result, these devices have become attractive targets for cybercriminals, who attempt to violate the trust assumptions underlying the smartphone platform in order to compromise the security and privacy of users.

group_project

Visible to the public TWC: TTP Option: Large: Collaborative: Towards a Science of Censorship Resistance

Submitted by Vern Paxson on Wed, 10/25/2017 - 4:25pm

The proliferation and increasing sophistication of censorship warrants continuing efforts to develop tools to evade it. Yet, designing effective mechanisms for censorship resistance ultimately depends on accurate models of the capabilities of censors, as well as how those capabilities will likely evolve. In contrast to more established disciplines within security, censorship resistance is relatively nascent, not yet having solid foundations for understanding censor capabilities or evaluating the effectiveness of evasion technologies.

group_project

Visible to the public TWC: Small: Securing Smart Power Grids under Data Measurement Cyber Threats

Submitted by Sara Eftekharnejad on Wed, 10/25/2017 - 3:50pm

Power systems are changing with the rapid deployment of remote sensing devices such as Phasor Measurement Units (PMU) and integration of more capable Supervisory Control and Data Acquisition (SCADA) systems. PMU measurements, generated every second, are used by power system operators to make critical decisions. With more utilities adopting PMUs for real-time system monitoring, power systems are exposed to more cyber-threats targeting these devices.

group_project

Visible to the public TWC: Small: Self-Service Cloud Computing

Submitted by Vinod Ganapathy on Wed, 10/25/2017 - 3:46pm

Cloud computing poses significant risks to the security of client data. Virtual Machine Monitors (VMMs) that underlie cloud systems typically have all-powerful administrative domains that can be exploited or misused to snoop on client virtual machines (VMs) and steal/modify their data. Moreover, although virtual machine technology enables several novel security services that clients may wish to use, such services are privileged and must be implemented within the administrative domain.

group_project

Visible to the public  TWC: Small: Safeguarding Mobile Cloud Services: New Challenges and Solutions

Submitted by XiaoFeng Wang on Wed, 10/25/2017 - 12:16pm

Mobile cloud technologies have begun to rely heavily on services known as Mobile Back-end as a Service (MBaaS), including push messaging, data synchronization, and mobile identity management. Many of today's popular apps have already integrated push messaging services such as Google Cloud Messaging (GCM), Amazon Device Messaging (ADM), and third parties like Baidu, to enable the apps to receive notifications such as private messages, financial secrets or family members' locations.

group_project

Visible to the public TWC: Small: MIST: Systematic Analysis of Microarchitectural Information Leakage on Mobile Platforms

Submitted by Sandip Kundu on Wed, 10/25/2017 - 12:02pm

Smart phones have permeated all facets of our lives facilitating daily activities from shopping to social interactions. Mobile devices collect sensitive information about our behavior via various sensors. Operating systems (OS)enforce strict isolation between apps to protect data and complex permission management. Yet, apps get free access to hardware including CPU and caches. Access to shared hardware resources result in information leakage across apps. Microarchitectural attacks have already proven to succeed in stealing information on PC and even on virtualized cloud servers.

group_project

Visible to the public TWC: Small: Hardware Security for Embedded Computing Systems

Submitted by Tilman Wolf on Wed, 10/25/2017 - 11:51am

Embedded processing systems are widely used in many devices and systems that are essential for daily life. These embedded systems are increasingly connected to networks for control and data access, which also exposes them to remotely launched malicious attacks. It is of paramount importance to develop embedded processing systems that are hardened to withstand these remote attacks while continuing to operate effectively.

group_project

Visible to the public TWC: Small: Exposing Attack Vectors and Identifying Defense Solutions for Data Cellular Networks

Submitted by Zhuoqing Mao on Wed, 10/25/2017 - 11:45am

This project addresses several key emerging security challenges that arise due to the wildly successful large-scale adoption of mobile devices with diverse network capabilities. The novel approach focuses on to understanding how various information that are legitimately and willingly provided by smartphone users due to the requested permissions of downloaded applications can be potentially abused. The second research focus is to identify improvements in the design of cellular network middlebox (e.g., firewall) policies by detailed exposure and explicitly defining the key requirements.

group_project

Visible to the public TWC: Small: Confidentiality Measurement of Complex Computations using Quantitative Information Flow

Submitted by Stephen McCamant on Wed, 10/25/2017 - 11:26am

Concern about information privacy is a major obstacle to user adoption of new information technology applications, from smart phone applications to the deployment of automated workflows in the largest health-care and government enterprises. This project addresses privacy concerns caused by software through errors and malicious attacks. A major security concern about software revolves around whether computers reveal information that they should not.