CORE

group_project

Visible to the public SaTC: CORE: Small: Towards Robust Moving Target Defense: A Game Theoretic and Learning Approach

Submitted by zizhan79 on Wed, 03/13/2019 - 1:34pm

Malicious attacks are constantly evolving to inflict even more damage on the nation's infrastructure systems, corporate information technology (IT) systems, and our digital lives. A fundamental obstacle to achieving effective defense is information asymmetry, through which, under current static and passive defense schemes, the attacker has essentially limitless time to observe and learn about the defender, while the defender knows very little about the attacker.

group_project

Visible to the public SaTC: CORE: Small: Collaborative: Building Sophisticated Services with Programmable Anonymity Networks

Submitted by Christina Garman on Wed, 03/13/2019 - 1:30pm

This project designs and implements programmable system elements to be run within the anonymity networks, such as Tor (The Onion Routing network). The central idea is that users can inject new code into the network that is then run within a protected execution environment. The motivation is to enable the creation of new and significantly enhanced anonymity services, such as content distribution networks, of use in today's and future anonymity networks.

group_project

Visible to the public SaTC: CORE: Small: Collaborative: Covert/Secret and Efficient Message Transfer in (Mobile) Multi-Agent Environments

Submitted by emina on Wed, 03/13/2019 - 1:27pm

This project explores secret and efficient (preferably covert) communications by harnessing the resources brought in by smart everyday devices in emerging Internet of Things (IoT) environments. Reliability, efficiency, and secrecy are essential requirements in communication networks. Hiding that communication is even taking place is often crucial in adversarial environments and automatically achieves the increasingly important societal goals of privacy and anonymity.

group_project

Visible to the public SaTC: CORE: Small: API-centric Cryptography

Submitted by Thomas Shrimpton on Wed, 03/13/2019 - 1:26pm

Cryptography is a core component of modern technology. It protects internet transactions, hides usernames and passwords as they traverse networks, protects the data residing on mobile devices and computer disk drives, and much more. The systems that cryptographic mechanisms are tasked with protecting are typically very complex, with many interacting parts and a large number of places that may be vulnerable (often called the "attack surface").

group_project

Visible to the public SaTC: CORE: Small: Information Flow Control Infrastructure for Single-Use Service Platforms

Submitted by Trent Jaeger on Wed, 03/13/2019 - 1:24pm

Many applications are now being deployed on rich, distributed platforms, such as those for cloud computing and Internet of Things (IoT). Such platforms can aid developers by launching their applications dynamically to align resource use with demand in serverless platforms and by composing fine-grained components into complete applications in microservice architectures. Even with these advanced architectures, the system platforms themselves still have large trusted computing bases, where a single vulnerability may threaten the security of the entire platform.

group_project

Visible to the public SaTC: CORE: Small: Collaborative: Algorithms Everywhere: Identifying and Designing for Data Privacy Styles

Submitted by Andrea Forte on Wed, 03/13/2019 - 1:21pm

The computational algorithms that analyze our personal data online and in myriad medical, credit card, and other databases can make it increasingly easy to infer personal, intimate details about us (such as our personality, political ideology, or sexual preference) from seemingly mundane data (such as which pages someone has "Liked" on Facebook). People may not notice or know about these risks, and if they do, they must make ongoing decisions about which algorithms they may be providing with their personal information, which to ignore, and which to decry as invasive or unethical.

group_project

Visible to the public SaTC: NSF-BSF: CORE: Small: Attacking and Defending the Lifespan of Mobile and Embedded Flash Storage

Submitted by Donald Porter on Wed, 03/13/2019 - 1:19pm

This project explores approaches to attack and defend the lifespan of flash storage in small mobile devices. While the project focuses on smartphones, the research is applicable to any small flash-based device that allows users to install applications, including smart watches, Internet-of-Things (IoT) devices, computerized medical equipment, and computer-managed critical infrastructure. It is well understood that, over time, writing to flash storage will physically wear out the device. This problem is considered a nonissue with respect to enterprise Solid State Drives (SSDs).

group_project

Visible to the public SaTC: CORE: Small: Collaborative: Proof of Work Without All the Work

Submitted by Jared Saia on Wed, 03/13/2019 - 12:26pm

Proof-of-work (PoW) is an economic tool used to deter network attacks by requiring participants to perform verifiable work, typically by solving computational puzzles. Unfortunately, there is a significant barrier impeding wide-spread applicability: PoW is expensive. This project aims to significantly reduce the cost of PoW schemes, and thereby broaden their utility. Our general model concerns a distributed system consisting of good and bad identifiers (IDs). The good IDs have two goals: (1) ensure fair sharing of a limited resource; and (2) securely perform distributed computations.

group_project

Visible to the public SaTC: CORE: Small: Collaborative: Oblivious ISAs for Secure and Efficient Enclave Programming

Submitted by Christopher Fletcher on Wed, 03/13/2019 - 12:15pm

Computing on personal data is critical for both personal and social good. For example, we write programs that predict early onset medical conditions and detect the spread of diseases before they become epidemics. However, such computing is fraught with privacy concerns because programs, and the hardware they run on, create a trail of clues that an attacker can observe to reconstruct personal data without ever seeing the data directly. This project will create computer systems that proactively leave no clues, i.e., no side-effects that can leak personal secrets.

group_project

Visible to the public SaTC: CORE: Small: Collaborative: Proof of Work Without All the Work

Submitted by Maxwell Young on Wed, 03/13/2019 - 10:38am

Proof-of-work (PoW) is an economic tool used to deter network attacks by requiring participants to perform verifiable work, typically by solving computational puzzles. Unfortunately, there is a significant barrier impeding wide-spread applicability: PoW is expensive. This project aims to significantly reduce the cost of PoW schemes, and thereby broaden their utility. Our general model concerns a distributed system consisting of good and bad identifiers (IDs). The good IDs have two goals: (1) ensure fair sharing of a limited resource; and (2) securely perform distributed computations.