Search Projects: 2019

Results 1 - 10 of 455



Visible to the public TC: Small: Towards Automating Privacy Controls for Online Social Networks

For millions of Internet users today, controlling information access on Online Social Networks (OSNs) such as Facebook and LinkedIn is a difficult challenge. Privacy controls in current systems do not provide the necessary level of flexibility and usability to their users. Some systems like MySpace and LinkedIn allow users to grant all-or-nothing access control to their profiles. While simple to use, these controls are imprecise and can easily leak data to unintended recipients or prevent the legitimate sharing of data.


Visible to the public SDCI: Integrated Simulation and Emulation Platform for Security Experimentation

Trustworthiness of cyberphysical systems (CPS) is an essential concern since such systems are routinely employed in critical settings. Currently many components of CPS are built without sufficiently formalized and analyzed properties and guarantees. Such inadequacies in the system design phase can lead to catastrophic consequences in operations, as they are interconnected to open networks and become increasingly exposed to security attacks.


Visible to the public An Innovative Interdisciplinary Cybersecurity Education Program for Protecting Critical Infrastructure

This capacity track project is developing an interdisciplinary, cybersecurity education program for engineers that must be aware of critical design issues for addressing cybersecured control systems for electromechanical devices, more effective techniques for the integration of secure software and hardware devices, and associated law and policy issues.


Visible to the public CAREER: User-Space Protection Domains for Compositional Information Security

Attacks on software applications such as email readers and web browsers are common. These attacks can cause damages ranging from application malfunction, loss of private data, to a complete takeover of users' computers. One effective strategy for limiting the damage is to adopt the principle of least privilege in application design: the application is split into several protection domains and each domain is given only the necessary privileges to perform its task. In this design, the compromise of one domain does not directly lead to the compromise of other security-sensitive domains.


Visible to the public TC: Small: Collaborative Research: Securing Multilingual Software Systems

Most real software systems consist of modules developed in multiple programming languages. Different languages differ in their security assumptions and guarantees. Consequently, even if single modules are secure in some language model and with respect to some security policy, there is usually no uniform security guarantee on a whole multilingual system. This project focuses on low-overhead techniques for providing security guarantees to software systems in which type-safe languages such as Java interoperate with native code.


Visible to the public TC:Small: A Formal Inter-Disciplinary Study of the Impact of Security Awareness Efforts on User Behavior

Given the diverse and complex nature of computer security, a natural response of the academic and industrial community has been to study how one can create technical solutions to the problem. Although the technical solutions to various problems can be quite effective, the underlying premise of many of the solutions is predicated upon an informed awareness of the user of the importance of avoiding risky behavior.


Visible to the public TC: Medium: Collaborative Research: User-Controllable Policy Learning

This award is funded under the American Recovery and Reinvestment Act of 2009

(Public Law 111-5).

As both corporate and consumer-oriented applications introduce new functionality and increased levels of customization and delegation, they inevitably give rise to more complex security and privacy policies. Yet, studies have repeatedly shown that both lay and expert users are not good at configuring policies, rendering the human element an important, yet often overlooked source of vulnerability.


Visible to the public TC: Small: Online Privacy and Senior Citizens: A Socio-Technical Multi-Perspective Framework for Trustworthy Operations

This projects investigates the external and internal factors (e.g., demographic, personal, and psychological aspects) that impact senior citizens' online privacy behavior. The multi-perspective approach to address this question consists of surveys (standardized), intensive in-person interviews, focus groups, key stroke logging and log analysis and scenario based questionnaires to understand online privacy behavior and attitude.


Visible to the public TC: SMALL: Language Based Accountability

Distributed applications that require enforcement of fundamental authorization policies play an increasingly important role in internet and telecommunications infrastructure. Traditionally, controls are imposed before shared resources are accessed to ensure that authorization policies are respected. Recently, there has been great interest in the exploration of accountability mechanisms that rely on after-the-fact verification.


Visible to the public TC:Medium:Collaborative Research: Technological Support for Improving Election Processes

This project is developing and evaluating the application of iterative process improvement technology to assure the privacy, security, reliability, and trustworthiness of elections, which are the very cornerstone of democracy. The focus of the project is to locate mismatches between existing voting systems and the processes that are currently using them in the conduct of elections. These mismatches can result in vulnerabilities or inaccuracy in elections. This project demonstrates how to remediate such vulnerabilities through the use of iterative process improvement.