CT-T

group_project

Visible to the public CT-T: Modeling and Analyzing Trust in Service-Oriented Architectures

Submitted by Giovanni Vigna on Wed, 06/13/2018 - 2:23pm

Service-oriented architectures (SOAs) enable the dynamic integration of services implemented on heterogeneous computer systems. An advantage of SOAs is that they provide high-level, semantically-rich services by abstracting the low-level details of their implementation. The availability of useful services such as Google's and Amazon's web service APIs has fostered applications that integrate a number of services to provide novel, more complex functionality.

group_project

Visible to the public Collaborative Research: CT-T: Towards a More Accountable Internet

Submitted by Scott Shenker on Wed, 06/13/2018 - 2:03pm

The goal of this project is to design, implement, and test an internetwork architecture called the Accountable Internet Protocol (AIP). AIP retains much of the elegance and simplicity of IP, but is far better equipped to thwart malicious adversaries. To provide this protection, AIP incorporates three kinds of accountability: source accountability, control-plane accountability, and dataplane accountability. Together, these three forms of accountability ensure that any host, router, and autonomous network can identify misbehaving components.

group_project

Visible to the public Collaborative Research: CT-T: Logic and Data Flow Extraction for Live and Informed Malware Execution

Submitted by Paul Barford on Wed, 06/13/2018 - 1:45pm

Malicious activity on the Internet is a significant threat to both individuals and institutions. Over the past few years, network honeypots have emerged as an important tool for measuring and understanding the details of cyber attacks. The objective of the proposed research is to stimulate the development of next generation Internet security systems and forensic tools based on automated, indepth analysis of malicious activity and malicious software (malware) observed in network honeypots.

group_project

Visible to the public CT-T: Practical Formal Verification By Specification Extraction

Submitted by JohnCKnight on Wed, 06/13/2018 - 1:34pm

Trust in a system can be compromised in many places. Extensive research has been conducted on the development of trustworthy requirements and policies, but those requirements and policies are effective only if they are carried out correctly. Ensuring the absence of implementation flaws by testing is inadequate; testing cannot be exhaustive and thus can miss critical vulnerabilities. Formal verification proof that the system correctly implements its specification and enforces its policies is an attractive alternative.

group_project

Visible to the public CT-T: Keystroke Forensics - Fingerprints in the CyberWorld

Submitted by Roy Maxion on Wed, 06/13/2018 - 10:57am

This research asks, "What is the cyber-equivalent of a fingerprint -- that staple of forensic investigation in the physical world?" If one is able to identify users forensically by their "fingerprints" in cyberspace, what would correspond to the familiar loops, whorls and minutiae of physical evidence? It is hypothesized that just as a person may be identified by his handwriting, or by his manner of expression in prose, so may a person be identified by his typing style -- the particular rhythm of a user's keystrokes.

group_project

Visible to the public Collaborative Research: CT-T: Cryptographic Techniques for Searching and Processing Encrypted Data

Submitted by Dawn Song on Tue, 06/12/2018 - 1:22pm

In this proposal we consider the question of what constitutes identities in cryptography. Typical examples of identities include your name and your social-security number, or your fingerprint/iris-scan, or your address, or your (non-revoked) Public-Key coming from some trusted public-key infrastructure. In many situations, however, where you are defines your identity. For example, we know the role of a bank-teller behind a bullet-proof bank window not because he or she shows us her credentials but by merely knowing her location.