CORE

A critical threat to information security is social engineering, the psychological manipulation of people in order to gain access to a system for which the attacker is not authorized. Cyberattackers target the weakest link, and people are often more vulnerable than a hardened computer system. Phishing emails, which fraudulently request private information, are a common version of the attack, but social engineering comes in many more complex conversational forms designed to exploit psychological weaknesses of the target.

With the continuously decreasing costs of cloud services, many organizations including government agencies, healthcare providers, financial institutions, universities, and enterprises outsource large data repositories to cloud service providers (CSPs). Doing this relieves organizations from the financial burden of deploying and maintaining in-house data infrastructures. However, storing data with third parties exposes organizations to legal and financial liabilities should the data leak, become unavailable, or be lost.

The integration of computation, communication and sensing technologies into our transportation, power grid, healthcare, and manufacturing systems presents unprecedented challenges in ensuring the security and safety of these systems. Cyber attacks on such systems cross from the cyber realm into the physical world, and we must deal with new attack trends that may cause vehicles to veer off the road, manipulate devices responsible for power generation, distribution and consumption, and exploit robotic/drone systems for malicious activities.

Today, embedded devices are ubiquitous. These devices are inherently networked, which exposes them to malware attacks. Windows devices remain the most prominent targets of malware attacks to date. But this playing field is quickly changing, as demonstrated with firmware attacks to private access points or closed-circuit television cameras. Other intrusions to industrial and governmental infrastructure have been reported in the power grid, for industrial control and automotive systems, even in small devices in private homes that are networked, often referred to as the Internet-of-Things.

Intellectual property protection of software remains a priority for the commercial sector because counterfeiting and piracy erode profits and market share, ultimately causing impacts on companies, consumers and governments. Watermarking for proving digital ownership and obfuscation for hindering adversarial reverse engineering are currently used to provide some level of deterrence against this. This project will investigate novel methods of software protection, hiding executable programs within other executable code.