Search Projects: 2018

Results 1 - 10 of 1027

Results

group_project

Visible to the public TC: Small: Plugging Logic Loopholes in Hybrid Web Applications to Secure Web Commerce

With the increasing popularity of third-party services integrated in hybrid web applications, come new security challenges posed by the complexity in coordinating these individual services and the web client. Such complexity often brings in program logic flaws that can be exploited to induce inconsistencies among different services' internal states, causing the security control within these applications to fail.

group_project

Visible to the public TC: Small: Reining in Side-Channel Information Leaks in the Software-as-a-Service Era

With software-as-a-service (SaaS) rapidly becoming mainstream, web applications increasingly substitute for desktop software. A web application is a two-part program, with its components deployed both in the browser and in the web server. The interactions between these two components inevitably reveal the program's internal states to any observer of the communication stream, simply through the pattern of packet lengths and the timing of interactions, even if stream is entirely encrypted.

group_project

Visible to the public Obsidian: A Language for Secure-By-Construction Blockchain Programs

This project considers models for secure collaboration and contracts in a decentralized environment among parties that have not established trust. A significant example of this is blockchain programming, with platforms such as Ethereum and HyperLedger.

group_project

Visible to the public Side-Channel Attack Resistance

Cyber-Physical Systems (CPS)--cars, airplanes, power plants, and etc.--are increasingly dependent on powerful and complex hardware for higher intelligence and functionalities. However, this complex hardware may also introduce new attack vectors--hardware side-channels--which can be exploited by attackers to steal sensitive information, to disrupt timing of time critical functions that interact with the physical plants, or to break memory protection mechanisms in modern computers.

group_project

Visible to the public Scalable Trust Semantics & Infrastructure

Remote attestation provides a run-time capability for appraising system behavior and establishing trust. Using remote attestation, an appraiser requests evidence describing a target. The target responds by performing measurement to gather evidence then adds cryptographic signatures to assure integrity and authenticity. The appraiser takes the evidence and assesses the target's behavior to determine if the target is who and what it claims to be.

group_project

Visible to the public Formal Approaches to the Ontology & Epistemology of Resilience

Security Science requires reflection on its foundational concepts. Our contention is that in order to make informed decisions about trade-offs with respect to resilient properties of systems we must first precisely characterize the differences between the mechanisms underlying valuable functions, those functions themselves, and the conditions underlying the persistence of the systems in question.

group_project

Visible to the public Cloud-Assisted IoT Systems Privacy

The key to realizing the smart functionalities envisioned through the Internet of Things (IoT) is to securely and efficiently communicate, store, and make sense of the tremendous data generated by IoT devices. Therefore, integrating IoT with the cloud platform for its computing and big data analysis capabilities becomes increasingly important, since IoT devices are computational units with strict performance and energy constraints. However, when data is transferred among interconnected devices or to the cloud, new security and privacy issues arise.

group_project

Visible to the public Designing for Privacy

Methods, approaches, and tools to identify the correct conceptualization of privacy early in the design and engineering process are important. For example, early whole body imaging technology for airport security were analyzed by the Department of Homeland Security through a Privacy Impact Assessment, focusing on the collection of personally identifiable information finding that the images of persons' individual bodies were not detailed enough to constitute PII, and would not pose a privacy problem.

group_project

Visible to the public Operationalizing Contextual Integrity

According to Nissenbaum's theory of contextual integrity (CI), protecting privacy means ensuring that personal information flows appropriately; it does not mean that no information flows (e.g., confidentiality), or that it flows only if the information subject allows it (e.g., control). Flow is appropriate if it conforms to legitimate, contextual informational norms. Contextual informational norms prescribe information flows in terms of five parameters: actors (sender, subject, recipient), information types, and transmission principles.

group_project

Visible to the public Contextual Integrity for Computer Systems

Despite the success of Contextual Integrity (see project "Operationalizing Contextual Integrity"), its uptake by computer scientists has been limited due to the philosophical framework not meeting them on their terms. In this project we will both refine Contextual Integrity (CI) to better fit the problems computer scientists face and to express it in the mathematical terms they expect.