CORE

Computing on personal data is critical for both personal and social good. For example, we write programs that predict early onset medical conditions and detect the spread of diseases before they become epidemics. However, such computing is fraught with privacy concerns because programs, and the hardware they run on, create a trail of clues that an attacker can observe to reconstruct personal data without ever seeing the data directly. This project will create computer systems that proactively leave no clues, i.e., no side-effects that can leak personal secrets.

Defending against a malicious insider who attempts to abuse his computer privileges is one of the most critical problems facing the information security segment. This is because the damage inflicted is potentially catastrophic. While the insider threat is of increasing interest in the research community, major challenges remain in addressing aspects specific to information infrastructure protection. This project aims to develop an innovative, demonstrable approach to mitigate insider threats to an organization.

Software architecture plays a fundamental role in addressing security requirements by enforcing the necessary authentication, authorization, confidentiality, data integrity, privacy, accountability, availability and non-repudiation requirements, even when the system is under attack. Therefore, a design flaw in a software system's architecture could lead to attacks with enormous consequences. Most of the research, techniques, and tools that address security focus on secure coding.

Data encryption is a process to transmit sensitive information over a public channel such as a wireless channel, so that only authorized receivers can access it. Unfortunately, digital encryption techniques typically require the use of microprocessors which are power-hungry devices. This project advances the use of alternative analog encryption techniques, such as chaotic encryption. Since analog encryption techniques are more power efficient, this approach makes it possible to avoid the use of microprocessors and consequently facilitate the realization of more portable devices.

Modern autonomous vehicles are not built with security in mind. The increased sensing, computation, control capabilities, and task complexity have introduced security concerns beyond traditional cyber-attacks. By injecting malformed data, by spoofing sensors, by tampering with controllers, and even by manipulating the environment, an attacker can compromise the integrity and even take control over the functionality of such cyber-physical systems.