CMU

event

Visible to the public  Science of Security Lablet Quarterly Meeting (CMU) - July 2017
Jul 10, 2017 8:30 am - Jul 11, 2017 12:00 pm EDT

The 2017 Summer Science of Security Quarterly Meeting will be hosted at Carnegie Mellon University on Monday, July 10 8:30AM - 5:00PM and Tuesday, July 11 2017 8:30AM - 12:00PM. The meeting will take place on the CMU Campus in the Gates Hillman Center Room 6115.

group_project

Visible to the public Real-time Privacy Risk Evaluation and Enforcement

Critical infrastructure is increasingly comprised of distributed, inter---dependent components and information that is vulnerable to sophisticated, multi---stage cyber---attacks. These attacks are difficult to understand as isolated incidents, and thus to improve understanding and response, organizations must rapidly share high quality threat, vulnerability and exploit---related, cyber---security information. However, pervasive and ubiquitous computing has blurred the boundary between work---related and personal data. This includes both the use of workplace computers for p

file

Visible to the public Poster_GhitaMezzour.jpg

event

Visible to the public  PhD Thesis Defense: Assessing the Global Cyber and Biological Threat
Apr 14, 2015 9:00 am - 11:00 am EDT

Title: Assessing the Global Cyber and Biological Threat
Candidate: Ghita Mezzour
When: Tue April 14, 9-11am,
Where: GHC 6115, Carnegie Mellon University

group_project

Visible to the public Usable Formal Methods for the Design and Composition of Security and Privacy Policies

Security-Metrics-Driven-Evaluation, Design, Development and Deployment. Our research evaluates security pattern selection and application by designers in response to attack patterns. The evaluation is based on formal models of attack scenarios that are used to measure security risk and promote risk reduction strategies based on assurance cases constructed by the analyst. The aim is to improve the usability of formal methods for studying security design and composition.

group_project

Visible to the public Highly Configurable Systems

In highly configurable software systems the configuration space is too big for (re-)certifying every configuration in isolation. In this project, we combine software analysis with network analysis to detect which configuration options interact and which have local effects. Instead of analyzing a system as Linux and SELinux for every combination of configuration settings one by one (>10^2000 even considering compile-time configurations only), we analyze the effect of each configuration option once for the entire configuration space.

file

Visible to the public Deploying the Security Behavior Observatory: An Infrastructure for Long-term Monitoring of Client Machines

Abstract: Much of the data researchers usually collect about users' privacy and security behavior comes from short-term studies and focuses on specific, narrow activities. We present a design architecture and deployment of the Security Behavior Observatory (SBO), a client-server infrastructure designed to collect a wide array of data on user and computer security- and privacy-related behavior from a panel of hundreds of participants over several years. The SBO infrastructure had to be carefully designed to fulfill several requirements.