Search Projects: Group Project, 14 Mar 2018

9 results



Visible to the public TC: Small: Reining in Side-Channel Information Leaks in the Software-as-a-Service Era

With software-as-a-service (SaaS) rapidly becoming mainstream, web applications increasingly substitute for desktop software. A web application is a two-part program, with its components deployed both in the browser and in the web server. The interactions between these two components inevitably reveal the program's internal states to any observer of the communication stream, simply through the pattern of packet lengths and the timing of interactions, even if stream is entirely encrypted.


Visible to the public TC: Small: To Configure or to Implement, That is the Access Control Question for Web Applications

As the Web is playing a more and more important role in our lives, it has become criminals' preferred targets. Web-based vulnerabilities now outnumber traditional computer security concerns. We believe that the root cause of many of these attacks is the Web's current access control models: they are fundamentally inadequate to satisfy the protection needs of today's web.


Visible to the public Realizing Full-System Dynamic Information Flow Tracking via Relaxed Static Stability

Information flow is a central concept in computer security, yet it is still an open problem to tag information in a running system and track how the information flows throughout the system in an accurate manner. We are developing the fundamental concepts in control theory, information theory, and systems to solve this problem using what we call a relaxed static stability approach.


Visible to the public TC: Small: Collaborative Research: User-centric Privacy Control for Collaborative Social Media

Social-networking sites (e.g., Facebook, MySpace, LinkedIn, etc.) and other online collaborative tools have emerged as places where people can post and share information. This information-sharing has many benefits, ranging from practical (e.g., sharing a business document) to purely social (e.g., communicating with distant friends). At the same time, information sharing inevitably poses significant threats to user privacy. In social-networking sites, for example, documented threats range from identity theft to digital stalking and personalized spam.


Visible to the public TC: Small: Exploring Privacy Breaches in Encrypted VoIP Communications

Over the last several years, Voice over IP (VoIP) has enjoyed a marked increase in popularity, particularly as a replacement of traditional telephony for international calls. Indeed, several large network providers already boast millions of subscribers. At the same time, the security and privacy implications of conducting everyday voice communications over the Internet are not yet well understood. For the most part, the current focus on VoIP security has centered around hardening the signaling protocol.


Visible to the public  TC: Small: Collaborative Research: Predictive Blacklisting for Detecting Phishing Attacks

Internet fraud costs consumers and businesses billions of dollars each year. Through creative combinations of spam and social engineering, attackers regularly lure end users into visiting phishing sites, malware-hosting sites, and scam sites. One popular defense mechanism against Web-based attacks is blacklisting, but today's blacklists suffer from three fundamental deciencies. First, most of them employ a combination of Web crawling and human intervention to infer malicious sites. This adds an inherent delay in adding entries and causes many malicious sites to be missed.


Visible to the public TC: Small: Deployment Incentives for Secure Internet Routing

Despite a decade of research, the problem of securing the Internet's interdomain routing system is far from solved. For a long time, it seemed there was a problem of technical feasibility; research focused on designing more and more lightweight protocols, by reducing computational or communication overheads, or considering weaker security guarantees. It has now become clear that the challenge of deploying these protocols is not one of technical feasibility, but one of incentives.


Visible to the public NeTS: Small: Exploiting Social Networks to Build Trustworthy Distributed Systems

This project aims to develop a substrate called SocialLite that can use online social network data to obtain reliable identity and trust information. This work involves three steps: 1) identifying the rich variety of identity and trust information embedded in online social networks; 2) designing algorithms and software to efficiently and robustly abstract this information as a set of flexible API functions without violating a user?s privacy from large online social networks; and 3) evaluating the usefulness of the API by implementing a few sample applications.


Visible to the public TC: Small: Collaborative Research: Improved Privacy though Exposure Control

With the advent of sensor-rich mobile devices such as smartphones, an increasing number of people are sharing personal "contextual" information like location, activity, and health/fitness information with members of their social network. To enhance privacy for people sharing such information, a large body of research has focused on ways for users to specify who should be authorized to access their information. This research improves end-user privacy by addressing the related question of "Who is accessing my information and to what extent?".