CORE

group_project

Visible to the public SaTC: CORE: Small: Collaborative: Enabling Precise and Automated Insecurity Analysis of Middleware on Mobile Platforms

Submitted by Peng Liu on Thu, 03/07/2019 - 3:52pm

During the past decade, middleware on mobile platforms (such as the Application Framework in Android and the Core Services layer in iOS) has been flourishing, but the insecurity analysis of such middleware has been lagging behind. For example, while comprehensive studies have been conducted at the application layer of the Android system, there is very limited work analyzing the Android Application Framework (Android Framework, for short), a middleware layer in the Android system.

group_project

Visible to the public SaTC: CORE: Small: Collaborative: Defending Against Authorship Attribution Attacks

Submitted by Patrick Juola on Thu, 03/07/2019 - 3:51pm

Authorship attribution techniques identify the author of an unsigned document such as an e-mail, memo, or social media post by analyzing candidate authors' writing styles for tell-tale "fingerprints" such as distinctive words and sentence structure. Everyone leaves these fingerprints in his or her writing. This creates a problem for people who have a need to remain anonymous, people including whistleblowers and journalists working in states hostile to their work.

group_project

Visible to the public SaTC: CORE: Small: Collaborative: Security Assurance in Short Range Communication with Wireless Channel Obfuscation

Submitted by Yingying Chen on Thu, 03/07/2019 - 3:44pm

As the prevalence of mobile computing technologies and applications, short-range communication over emerging aerial acoustic and visible light channel is undergoing a fast rate of expansion with many promising benefits including low power and peer-to-peer communication, without incurring complex network infrastructure.

group_project

Visible to the public SaTC: CORE: Small: FIRMA: Personalized Cross-Layer Continuous Authentication

Submitted by Daniela Oliveira on Thu, 03/07/2019 - 3:38pm

An important problem in computer security is verifying that people using computing devices are authorized to use them, not just when they first sign on to the device but during the whole time they are using them. Most existing continuous authentication schemes impose burdens on users, for instance, when systems quickly log users out and require frequent re-entry of passwords. This project will build and evaluate FIRMA, a user-transparent, continuous authentication software framework that collects usage data, targeted at corporate security contexts where such monitoring can be done.

group_project

Visible to the public SaTC: CORE: Small: Collaborative: Algorithms Everywhere: Identifying and Designing for Data Privacy Styles

Submitted by Eric Baumer on Thu, 03/07/2019 - 3:34pm

The computational algorithms that analyze our personal data online and in myriad medical, credit card, and other databases can make it increasingly easy to infer personal, intimate details about us (such as our personality, political ideology, or sexual preference) from seemingly mundane data (such as which pages someone has "Liked" on Facebook). People may not notice or know about these risks, and if they do, they must make ongoing decisions about which algorithms they may be providing with their personal information, which to ignore, and which to decry as invasive or unethical.

group_project

Visible to the public SaTC: CORE: Small: Understanding Socio-Technical Failure Modes in Public Key Infrastructures

Submitted by Jean Camp on Thu, 03/07/2019 - 3:32pm

To avoid phishing and to know which website to trust people are told to "look for the lock" and "read the url." However, the display of a lock or other signals of safety does not guarantee that the site is trustworthy, safe from malware, or not a phishing attack. This research includes consultation with industry technical professionals and policy makers in all sectors of the economy to better understand the gaps between ideal safety and practice.

group_project

Visible to the public SaTC: CORE: Small: Collaborative: Tangible Privacy: User-Centric Sensor Designs for Assured Privacy

Submitted by Apu Kapadia on Thu, 03/07/2019 - 3:25pm

High-fidelity, and often privacy-invasive, sensors are now becoming pervasive in our everyday environments. At home, digital assistants can constantly listen for instructions and security cameras can be on the lookout for unusual activity. Whereas once an individual's physical actions, in their own home, were private, now networked cameras and microphones can give rise to electronic privacy concerns for one's physical behaviors. Casual conversations and encounters, once thought to be private and ephemeral, now may be captured and disseminated or archived digitally.

group_project

Visible to the public SaTC: CORE: Small: Socio-Technical Strategies for Enhancing Privacy in Photo Sharing

Submitted by Apu Kapadia on Thu, 03/07/2019 - 3:22pm

With the rise of digital photography and social networking, people are capturing and sharing photos on social media at an unprecedented rate. Such sharing may lead to privacy concerns for the people captured in such photos, e.g., in the context of embarrassing photos that go "viral" and are shared widely. At worst, online photo sharing can result in cyber-bullying that can greatly affect the subjects of such photos.

group_project

Visible to the public SaTC: CORE: Small: Collaborative: Leveraging community oversight to enhance collective efficacy for privacy and security

Submitted by Pamela Wisniewski on Thu, 03/07/2019 - 3:20pm

This research concerns how groups of people can cooperate to protect their privacy. The researchers will study how people can help one another to manage their digital privacy and security. Offline, people support each other informally to make privacy and security decisions, by sharing stories or exchanging advice, but technology designs for privacy do not reflect these social processes.

group_project

Visible to the public SaTC: CORE: Small: Collaborative: Defending Against Authorship Attribution Attacks

Submitted by Allen Riddell on Thu, 03/07/2019 - 3:18pm

Authorship attribution techniques identify the author of an unsigned document such as an e-mail, memo, or social media post by analyzing candidate authors' writing styles for tell-tale "fingerprints" such as distinctive words and sentence structure. Everyone leaves these fingerprints in their writing. This creates a problem for people who have a need to remain anonymous, people including whistleblowers and journalists working in states hostile to their work.