CORE

People today are faced with many privacy decisions in their daily interactions with mobile devices. In the past decade, researchers have studied the design of many tools and mechanisms, such as privacy nudges, that aim to help individuals make better privacy decisions. But just like decision support tools in other domains, these tools cannot make users perfect decision-makers. Users still make mistakes and regret their privacy decisions later. This project casts a fresh perspective on Privacy-by-Redesign by helping users revisit and rectify past privacy decisions that they may regret.

Many of today's mobile services build mobile communities of users who share their valuable experiences and data. Examples include traffic incidents (Waze), restaurant reviews (Yelp, FourSquare), anonymous social networks (Whisper, Yik Yak), and even dating (Tinder, Bumble). Unfortunately, new threats can compromise and manipulate these communities, using lightweight software to mimic mobile devices. The resesarchers have shown how attackers can eavesdrop on mobile network traffic, learn their patterns, and write software to emulate mobile devices running the application.

With billions of smart wireless devices being ubiquitously deployed, safeguarding their networking from cyber attacks has become a challenge. Not only can the devices deployed in a network can be heterogeneous in terms of available computing resources and interfaces, but ordinary users typically have limited technical expertise to perform complicated security configurations. What's more, trust among the devices is often lacking because of the different vendors or distribution channels they have traversed.

In today's world, private companies, hospitals, governments, and other entities frequently maintain large databases that would be hugely valuable to researchers in many fields. However, privacy concerns prevent these databases from being fully utilized. Differential privacy defines conditions under which information about these databases can be released while provably protecting the privacy of the individuals whose data they contain. This project develops differentially private hypothesis tests.

In recent years, fuzz testing has evolved as one of the most effective testing techniques for finding security vulnerabilities and correctness bugs in real-world software systems. It has been used successfully by major software companies for security testing and quality assurance. State-of-the-art fuzz testing tools have found numerous security vulnerabilities and bugs in widely used software such as Web browsers, network tools, image processors, popular system libraries, C compilers, and interpreters.