The National Security Agency Research Directorate began funding foundational research at Lablet institutions beginning in 2012 through the Science of Security (SoS) Initiative. The Lablets were funded in order to promote foundational cybersecurity science that is needed to mature the cybersecurity discipline and to underpin advances in cyberdefense. In 2014, the SURE project was founded to investigate cybersecurity in the cyber-physical systems realm. The Lablet and SURE projects are listed below.

Project Titlesort icon Lead PI Project Abstract All terms Last Updated
A Science of Timing Channels in Modern Cloud Environments Michael Reiter The eventual goal of our research is to develop a principled design for comprehensively mitigating access-driven timing channels in modern compute clouds, particularly of the "infrastructure as a service" (IaaS) variety. This type of cloud permits the... NCSU Jun 14 2017 - 3:30pm
An Adoption Theory of Secure Software Development Tools Emerson Murphy-Hill Programmers interact with a variety of tools that help them do their jobs, from "undo" to FindBugs' security warnings to entire development environments. However, programmers typically know about only a small subset of tools that are available, even when... NCSU Jun 14 2017 - 3:30pm
An Investigation of Scientific Principles Involved in Attack-Tolerant Software Mladen Vouk High-assurance systems, for which security is especially critical, should be designed to a) auto-detect attacks (even when correlated); b) isolate or interfere with the activities of a potential or actual attack; and (3) recover a secure state and... NCSU Jun 14 2017 - 3:30pm
An Investigation of Scientific Principles Involved in Software Security Engineering Laurie Williams Fault elimination part of software security engineering hinges on pro-active detection of potential vulnerabilities during software development stages. This project is currently working on a) an attack operational profile definition based on known... NCSU Jun 14 2017 - 3:30pm
Architecture-based Self Securing Systems David Garlan An important emerging trend in the engineering of complex software-based systems is the ability to incorporate self-adaptive capabilities. Such systems typically include a set of monitoring mechanisms that allow a control layer to observe the running... CMU Jun 14 2017 - 3:33pm
Argumentation as a Basis for Reasoning about Security Munindar Singh This project involves the application of argumentation techniques for reasoning about policies, and security decisions in particular. Specifically, we are producing a security-enhanced argumentation framework that (a) provides not only inferences to draw... NCSU Jun 14 2017 - 3:30pm
Attaining Least Privilege Through Automatic Partitioning of Hybrid Programs William Enck This project investigates the hard problem of resilient architectures from the standpoint of enabling new potential for incorporating privilege separation into computing systems. However, privilege separation alone is insufficient to achieve strong... Architectures, NCSU, Resilient Systems Jun 14 2017 - 3:30pm
Classification of Cyber-Physical System Adversaries

Cyber-Physical Systems (CPS) are vulnerable to elusive dynamics-aware attacks that subtly change local behaviors in ways that lead to large deviations in global behavior, and to system instability. The broad agenda for this project is to classify...
UIUC Jun 14 2017 - 3:37pm
Composability of Big Data and Algorithms for Social Networks Analysis Metrics Juergen Pfeffer Applying social network analysis to Social Media data supports better assessment of cyber-security threats by analyzing underground Social Media activities, dynamics between cyber-criminals, and topologies of dark networks. However, Social Media data are... CMU Jun 14 2017 - 3:33pm
Developing a User Profile to Predict Phishing Susceptibility and Security Technology Acceptance Christopher Mayhorn Phishing has become a serious threat in the past several years, and combating it is increasingly important. Why do certain people get phished and others do not? In this project, we aim to identify the factors that cause people to be susceptible and... NCSU Jun 14 2017 - 3:30pm
Empirical Privacy and Empirical Utility of Anonymized Data TEAM
PI: Ting Yu
Students: Xi Gong, Entong Shen
NCSU Jun 14 2017 - 3:30pm
End-to-End Analysis of Side Channels

This project is exploring a framework for characterizing side channels that is based on an end-to-end analysis of the side channel process. As in covert channel analysis, we are using information-theoretic tools to identify the potential of a worst-...
UIUC Jun 14 2017 - 3:37pm
Enhancing Cyber Security Through Networks Resilient to Targeted Attacks ABOUT THE PROJECT:
The scientific objective of this project is to discover statistical models that characterize network resiliency, and develop simulation tools to test whether an existing network is resilient. Our work will show how to place questions of...
UIUC Jun 14 2017 - 3:37pm
From Measurements to Security Science: Data-Driven Approach

In security more than in other computing disciplines, professionals depend heavily on rapid analysis of voluminous streams of data gathered by a combination of network-, file-, and system-level monitors. The data are used both to...
UIUC, From Measurements to Security Science: Data-Driven Approach Jun 14 2017 - 3:37pm
Improving the Usability of Security Requirements by Software Developers through Empirical Studies and Analysis Travis Breaux Secure software depends upon the ability of software developers to respond to security risks early in the software development process. Despite a wealth of security requirements, often called security controls, there is a shortfall in the adoption and... CMU, NCSU Jun 14 2017 - 3:33pm
Improving the Usability of Security Requirements by Software Developers through Empirical Studies and Analysis Travis Breaux This project aims to discover general theory to explain what cues security experts use to decide when to apply security requirements and how to present those cues in the form of security patterns to novice designers in a way that yields improved security... CMU Jun 14 2017 - 3:33pm
Learned Resiliency: Secure Multi-Level Systems Kathleen Carley
The objective of this project is to develop a theory of system resiliency for complex adaptive socio-technical systems. A secondary objective is to develop the modeling framework and associated metrics for examining the resiliency of complex socio-...
CMU Jun 14 2017 - 3:33pm
Limiting Recertification in Highly Configurable Systems: Analyzing Interactions and Isolation among Configuration Options Juergen Pfeffer In highly configurable systems the configuration space is too big for (re-)certifying every configuration in isolation. In this project, we combine software analysis with network analysis to detect which configuration options interact and which have local... CMU Jun 14 2017 - 3:33pm
Low-level Analytics Models of Cognition for Novel Security Proofs A key concern in security is identifying differences between human users and "bot" programs that emulate humans. Users with malicious intent will often utilize wide-spread computational attacks in order to exploit systems and gain control. Conventional... NCSU Jun 14 2017 - 3:30pm
Modeling the risk of user behavior on mobile devices Ben Watson It is already true that the majority of users' computing experience is a mobile one. Unfortunately that mobile experience is also more risky: users are often multitasking, hurrying or uncomfortable, leading them to make poor decisions. Our goal is to use... NCSU Jun 14 2017 - 3:30pm