Adapt

group_project

Visible to the public TWC: TTP Option: Large: Collaborative: Internet-Wide Vulnerability Measurement, Assessment, and Notification

Submitted by Alex Halderman on Mon, 11/13/2017 - 3:31pm

This project aims to reduce the impact of software vulnerabilities in Internet-connected systems by developing data-driven techniques for vulnerability measurement, assessment, and notification. Recent advances in Internet-wide scanning make it possible to conduct network surveys of the full public IPv4 address space in minutes.

group_project

Visible to the public EAGER: Understanding the Strategic Values of Privacy Practices in Organizations

Submitted by Gwendolyn Lee on Mon, 11/13/2017 - 7:52am

As companies collect consumer data in increasingly larger quantity and mine the data more deeply, trade-offs arise with respect to companies' practices about information privacy. A company may choose practices that augment targeted advertisements or services. However, the financial rewards associated with privacy practices are highly uncertain, since they are affected by a company's competition with rivals.

group_project

Visible to the public TWC: Medium: Collaborative: Strengthening Wi-Fi Network Wide

Submitted by Guevara Noubir on Mon, 11/13/2017 - 7:46am

Wi-Fi has emerged as the technology of choice for Internet access. Thus, virtually every smartphone or tablet is now equipped with a Wi-Fi card. Concurrently, and as a means to maximize spectral efficiency, Wi-Fi radios are becoming increasingly complex and sensitive to wireless channel conditions. The prevalence of Wi-Fi networks, along with their adaptive behaviors, makes them an ideal target for denial of service attacks at a large, infrastructure level.

group_project

Visible to the public TWC: Small: A Moving Target Approach to Enhancing Machine Learning-Based Malware Defense

Submitted by Guanhua Yan on Mon, 11/13/2017 - 7:34am

The ever-growing malware threats call for effective, yet efficient, mitigation techniques. Machine learning offers a promising solution to malware defense due to the scalability and automation that it brings. Machine learning techniques are however not a panacea for advanced malware attacks where cyber criminals can carefully craft malware features to evade detection. The root cause of such attacks can be attributed to the passive nature of existing machine learning-based malware defense systems.

group_project

Visible to the public TWC: Medium: Toward Trustworthy Mutable Replay for Security Patches

Submitted by Gail Kaiser on Mon, 11/13/2017 - 6:43am

Society is increasingly reliant on software, but deployed software contains security vulnerabilities and other bugs that can threaten privacy, property and even human lives. When a security vulnerability or critical error is discovered, a software patch is issued to attempt to fix the problem, but patches themselves can be incorrect, inadequate, and break necessarily functionality.

group_project

Visible to the public EAGER: Cybersecurity Transition To Practice (TTP) Acceleration

Submitted by Florence Hudson on Mon, 11/13/2017 - 6:13am

The 2011 Federal Cybersecurity Research and Development Plan cites "Accelerating Transition to Practice (TTP)" as one of five strategic objectives in the Cyber Security and Information Assurance (CSIA) Program Component Area. TTP remains a strategic objective of Agencies which fund cybersecurity research, including NSF. However, the NSF cybersecurity portfolio contains only a small amount of security research that has been transitioned into operational activities.

group_project

Visible to the public EAGER: A Mathematical Model of Privacy Decisions: A Behavioral Economic Perspective

Submitted by Fariborz Farahmand on Mon, 11/13/2017 - 5:57am

When making decisions about information privacy, people do not always act rationally according to their best interests. It is thus important to understand why people express concerns about privacy, but often act contrary to their stated intentions.

group_project

Visible to the public EDU: Collaborative: HACE Lab: An Online Hardware Security Attack and Countermeasure Evaluation Lab

Submitted by Fareena Saqib on Mon, 11/13/2017 - 5:53am

This project addresses the need to train students, researchers, and practitioners on diverse hardware security and trust issues as well as emergent solutions. The primary goal is establishing a set of hardware security courseware and enabling adoption of these courseware through the development of an online Hardware Attack and Countermeasure Evaluation (HACE) Lab.

group_project

Visible to the public TWC: Medium: Collaborative: Active Security

Submitted by Eric Keller on Mon, 11/13/2017 - 5:49am

Computer and network security is currently challenged by the need to secure diverse network environments including clouds and data-centers, PCs and enterprise infrastructures. This diversity of environments is coupled to increased attack sophistication. Today's tools for securing network and computing infrastructures can be painstakingly composed and configured using available components, but fail to automatically learn from their environment and actively protect it.

group_project

Visible to the public TWC: Small: Collaborative: EVADE: Evidence-Assisted Detection and Elimination of Security Vulnerabilities

Submitted by Emery Berger on Thu, 11/09/2017 - 5:54am

Today's software remains vulnerable to attack. Despite decades of advances in areas ranging from testing to static analysis and verification, all large real-world software is deployed with errors. Because this software is either written in or underpinned by unsafe languages, errors often translate to security vulnerabilities. Although techniques exist that could prevent or limit the risk of exploits, high performance overhead blocks their adoption, leaving today's systems open to attack.