Adapt

group_project

Visible to the public TWC: Medium: Collaborative: The Theory and Practice of Key Derivation

Submitted by Yevgeniy Dodis on Wed, 10/25/2017 - 9:00am

Most cryptographic applications crucially rely on secret keys that are chosen randomly and are unknown to an attacker. Unfortunately, the process of deriving secret keys in practice is often difficult, error-prone and riddled with security vulnerabilities. Badly generated keys offer a prevalent source of attacks that render complex cryptographic applications completely insecure, despite their sophisticated design and rigorous mathematical analysis.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

Submitted by Vinod Ganapathy on Wed, 10/25/2017 - 8:09am

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.

group_project

Visible to the public TWC: Large: Collaborative: Living in the Internet of Things

Submitted by Tadayoshi Kohno on Tue, 10/24/2017 - 1:51pm

More and more objects used in daily life have Internet connectivity, creating an "Internet of Things" (IoT). Computer security and privacy for an IoT ecosystem are fundamentally important because security breaches can cause real and significant harm to people, their homes, and their community.

group_project

Visible to the public EAGER: Identifying Security Critical Properties of a Processor

Submitted by Cynthia Sturton on Mon, 10/23/2017 - 7:17pm

This project focuses on shoring up the security vulnerabilities that exist in computer processors. Just like in software, bugs in hardware present vulnerabilities that can be exploited by determined attackers. Prior work has developed a method whereby the processor monitors itself and sends an alert to software whenever dangerous, anomalous behavior is observed. The question of what constitutes dangerous behavior is an open one, and tackling it is the goal of this research.

group_project

Visible to the public TWC: Frontier: Collaborative: Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives

Submitted by Vern Paxson on Mon, 10/23/2017 - 2:54pm

This project tackles the social and economic elements of Internet security: how the motivations and interactions of attackers, defenders, and users shape the threats we face, how they evolve over time, and how they can best be addressed. While security is a phenomenon mediated by the technical workings of computers and networks, it is ultimately a conflict driven by economic and social issues that merit a commensurate level of scrutiny.

group_project

Visible to the public TWC SBE: TTP Option: Medium: Collaborative: EPICA: Empowering People to Overcome Information Controls and Attacks

Submitted by Wenke Lee on Mon, 10/23/2017 - 2:48pm

This project studies the security of representative personalized services, such as search engines, news aggregators, and on-line targeted advertising, and identifies vulnerabilities in service components that can be exploited by pollution attacks to deliver contents intended by attackers.

group_project

Visible to the public TWC SBE: Small: Establishing market based mechanisms for CYBer security information EXchange (CYBEX)

Submitted by Shamik Sengupta on Mon, 10/23/2017 - 2:43pm

Robust cybersecurity information sharing infrastructure is required to protect the firms from future cyber attacks which might be difficult to achieve via individual effort. The United States federal government clearly encourage the firms to share their discoveries on cybersecurity breach and patch related information with other federal and private firms for strengthening the nation's security infrastructure.

group_project

Visible to the public CAREER: Contextual Protection for Private Data Storage and Retrieval

Submitted by Christopher Kanich on Wed, 10/18/2017 - 7:26pm

This research is building an understanding of what data is useful to attackers and what data is private for its legitimate owners so that security systems can incorporate these values into a data-driven, defense-in-depth approach to securing our digital lives. We are exploiting the fact that both users and attackers must sift through vast amounts of data to find useful information.

group_project

Visible to the public TWC SBE: Small: From Threat to Boon: Understanding and Controlling Strategic Information Transmission in Cyber-Socio-Physical Systems

Submitted by Cedric Langbort on Wed, 10/18/2017 - 6:05pm

As cyber-socio-physical and infrastructure systems are increasingly relying on data and integrating an ever-growing range of disparate, sometimes unconventional, and possibly untrusted data sources, there is a growing need to consider the problem of estimation in the presence of strategic and/or self-interested sensors. This class of problems, called "strategic information transmission" (SIT), differs from classical fault-tolerant estimation since the sensors are not merely failing or malfunctioning, but are actively trying to mislead the estimator for their own benefit.