Search Projects: 2014

Results 1 - 10 of 58



Visible to the public Decentralization in Security: Consequences and Incentive Design

In security, our concern is typically with securing a particular network, or eliminating security holes in a particular piece of software. These are important, but they miss the fact that being secure is fundamentally about security of all constituent parts, rather that any single part in isolation. In principle, if we can control all the pieces of a system, we can secure all possible channels of attack. Typically, system and security design of various components are performed by different agents, having varying and often conflicting interests.


Visible to the public Evaluation and Experimentation

This research thrust focuses on the design and development of a highly accessible and scalable testbed environment for supporting the evaluation and experimentation efforts across the entire SURE research portfolio. This work is based on our existing technologies and previous results with the Command and Control Windtunnel (C2WT), a large-scale simulation integration platform and WebGME, a metaprogrammable web-based modeling environment with special emphasis


Visible to the public Threat Modeling/Risk Analysis

With the increased use of cyber physical systems in current defense, medical, and energy applications, it is critical for the infrastructure to remain secure. As such, it is important to identify potential security flaws early in the design process in order to produce a consistent, secure and reliable system with minimal fabrication costs. This task can be accomplished using threat modeling. Threat modeling can be separated into two diverse fragments, asset centric and attack centric threat modeling.


Visible to the public Resilient Monitoring and Control

CPS employ Networked Control Systems (NCS) to facilitate real-time monitoring and control. Security of the NCS infrastructure is a large problem due to (1) the wide deployment of commercial-off-the-shelf (COTS) computing devices, (2) the connectivity of NCS with the Internet, and (3) the existence of organized motivated attackers. Traditional IT security solutions are used in NCS, they cannot prevent all cyber attacks. Our goal is to complement IT security with resilient algorithms for monitoring and control in order to reduce NCS security risks.


Visible to the public Reasoning about Protocols with Human Participants

Existing protocol analysis are typically confined to the electronic messages exchanged among computer systems running at the endpoints. In this project we take a broader view in which a protocol additionally encompasses both physical technologies as well as human participants. Our goal is to develop techniques for analyzing and proving security of protocols involving all these entities, with open-audit, remote voting systems such as Remotegrity as our starting point.


Visible to the public Trust, Recommendation Systems, and Collaboration

Our goal is to develop a transormational framework for a science of trust, and its impact on local policies for collaboration, in networked multi-agent systems. The framework will take human bahavior into account from the start by treating humans as integrated components of these networks, interacting dynamically with other elements.


Visible to the public Improving the Usability of Security Requirements by Software Developers through Empirical Studies and Analysis

This project aims to discover general theory to explain what cues security experts use to decide when to apply security requirements and how to present those cues in the form of security patterns to novice designers in a way that yields improved security designs.


PIs: Travis Breaux (CMU), Laurie Williams, & Jianwei Niu (CMU)
Student: Maria Riaz


Visible to the public Limiting Recertification in Highly Configurable Systems: Analyzing Interactions and Isolation among Configuration Options

In highly configurable systems the configuration space is too big for (re-)certifying every configuration in isolation. In this project, we combine software analysis with network analysis to detect which configuration options interact and which have local effects. Instead of analyzing a system as Linux and SELinux for every combination of configuration settings one by one (>10^2000 even considering compile-time configurations only), we analyze the effect of each configuration option once for the entire configuration space.