Search Projects: 2012

Results 1 - 10 of 38

Results

group_project

Visible to the public A Language and Framework for Development of Secure Mobile Applications

Mobile applications are a critical emerging segment of the software industry, and security for web-based mobile applications is of increasing concern. We hypothesize that many of the most important security vulnerabilities in web-based mobile applications are a consequence of expressing programs at a low level of abstraction, in which important security properties are implicit and only indirectly related to code. In order to test this hypothesis, we are building a system for expressing web-based mobile applications at a higher level of abstraction, in which security properties a

group_project

Visible to the public Secure Composition of Systems and Policies

Compositional security is a recognized central scientific challenge for trustworthy computing. Contemporary systems are built up from smaller components. However, even if each component is secure in isolation, the composed system may not achieve the desired end-to-end security property: an adversary may exploit complex interactions between components to compromise security. Such attacks have shown up in the wild in many different settings, including web browsers and infrastructure, network protocols and infrastructure, and application and systems software.

group_project

Visible to the public USE: User Security Behavior

Our ability to design appropriate information security mechanisms and sound security policies depends on our understanding of how end-users actually behave. To improve this understanding, we will establish a large panel of end-users whose complete online behavior will be captured, monitored, and analyzed over an extended period of time.

group_project

Visible to the public Security Reasoning for Distributed Systems with Uncertainties

Phenomena like Stuxnet make apparent to the public what experts knew long ago: security is not an isolated question of securing a single door against lockpicking or securing a single computer against a single hacker trying to gain access via a single network activity. Because the strength of a security system is determined by its weakest link, security is much more holistic and affects more and more elements of a system design.
group_project

Visible to the public Secure Platforms via Stochastic Computing

ABOUT THE PROJECT:

The criticality of the information protection and assurance (IPA) problem has understandably sparked rich intellectual and material investment into finding a solution. Several efforts have centered on understanding, identifying, tolerating, and patching security vulnerabilities at different levels of the electronic system stack for various security attack models. Most of these approaches tend to fall into the "sand-boxing" category, whereby unusual events are sequestered until their potential impacts are identified.

group_project

Visible to the public Trust from Explicit Evidence: Integrating Digital Signatures and Formal Proofs

ABOUT THE PROJECT:

This project is developing a common logical framework that will account for two principal sources of trust in software: digital signatures and explicit proof. The framework will allow us to rigorously specify, enforce, and analyze security policies that rely on multiple modes and sources of trust. Based on earlier work by the PI and collaborators, the framework is being cast as a modal type theory that comes equipped with a notation for programs and proofs.