Search Projects: 2018

Results 1 - 10 of 1027

Results

group_project

Visible to the public Obsidian: A Language for Secure-By-Construction Blockchain Programs

This project considers models for secure collaboration and contracts in a decentralized environment among parties that have not established trust. A significant example of this is blockchain programming, with platforms such as Ethereum and HyperLedger.

group_project

Visible to the public Side-Channel Attack Resistance

Cyber-Physical Systems (CPS)--cars, airplanes, power plants, and etc.--are increasingly dependent on powerful and complex hardware for higher intelligence and functionalities. However, this complex hardware may also introduce new attack vectors--hardware side-channels--which can be exploited by attackers to steal sensitive information, to disrupt timing of time critical functions that interact with the physical plants, or to break memory protection mechanisms in modern computers.

group_project

Visible to the public Scalable Trust Semantics & Infrastructure

Remote attestation provides a run-time capability for appraising system behavior and establishing trust. Using remote attestation, an appraiser requests evidence describing a target. The target responds by performing measurement to gather evidence then adds cryptographic signatures to assure integrity and authenticity. The appraiser takes the evidence and assesses the target's behavior to determine if the target is who and what it claims to be.

group_project

Visible to the public Formal Approaches to the Ontology & Epistemology of Resilience

Security Science requires reflection on its foundational concepts. Our contention is that in order to make informed decisions about trade-offs with respect to resilient properties of systems we must first precisely characterize the differences between the mechanisms underlying valuable functions, those functions themselves, and the conditions underlying the persistence of the systems in question.

group_project

Visible to the public Cloud-Assisted IoT Systems Privacy

The key to realizing the smart functionalities envisioned through the Internet of Things (IoT) is to securely and efficiently communicate, store, and make sense of the tremendous data generated by IoT devices. Therefore, integrating IoT with the cloud platform for its computing and big data analysis capabilities becomes increasingly important, since IoT devices are computational units with strict performance and energy constraints. However, when data is transferred among interconnected devices or to the cloud, new security and privacy issues arise.

group_project

Visible to the public Designing for Privacy

Methods, approaches, and tools to identify the correct conceptualization of privacy early in the design and engineering process are important. For example, early whole body imaging technology for airport security were analyzed by the Department of Homeland Security through a Privacy Impact Assessment, focusing on the collection of personally identifiable information finding that the images of persons' individual bodies were not detailed enough to constitute PII, and would not pose a privacy problem.

group_project

Visible to the public Operationalizing Contextual Integrity

According to Nissenbaum's theory of contextual integrity (CI), protecting privacy means ensuring that personal information flows appropriately; it does not mean that no information flows (e.g., confidentiality), or that it flows only if the information subject allows it (e.g., control). Flow is appropriate if it conforms to legitimate, contextual informational norms. Contextual informational norms prescribe information flows in terms of five parameters: actors (sender, subject, recipient), information types, and transmission principles.

group_project

Visible to the public Contextual Integrity for Computer Systems

Despite the success of Contextual Integrity (see project "Operationalizing Contextual Integrity"), its uptake by computer scientists has been limited due to the philosophical framework not meeting them on their terms. In this project we will both refine Contextual Integrity (CI) to better fit the problems computer scientists face and to express it in the mathematical terms they expect.

group_project

Visible to the public Governance for Big Data

Privacy governance for Big Data is challenging--data may be rich enough to allow the inference of private information that has been removed, redacted, or minimized. We must protect against both malicious and accidental inference, both by data analysts and by automated systems. To do this, we are extending existing methods for controlling the inference risks of common analysis tools (drawn from literature on the related problem of nondiscriminatory data analysis). We are coupling these methods with auditing tools such as verifiably integral audit logs.

group_project

Visible to the public Securing Safety-Critical Machine Learning Algorithms

Machine-learning algorithms, especially classifiers, are becoming prevalent in safety and security-critical applications. The susceptibility of some types of classifiers to being evaded by adversarial input data has been explored in domains such as spam filtering, but with the rapid growth in adoption of machine learning in multiple application domains amplifies the extent and severity of this vulnerability landscape.