Search Projects: 2019

Results 1 - 10 of 459



Visible to the public CPS: Small: Software-State Observability in CPS

Project Details
Tufts University

Visible to the public Scalable Privacy Analysis

One major shortcoming of the current "notice and consent" privacy framework is that the constraints for data usage stated in policies--be they stated privacy practices, regulation, or laws--cannot easily be compared against the technologies that they govern. To that end, we are developing a framework to automatically compare policy against practice. Broadly, this involves identifying the relevant data usage policies and practices in a given domain, then measuring the real-world exchanges of data restricted by those rules.


Visible to the public Characterizing user behavior and anticipating its effects on computer security with a Security Behavior Observatory

Systems that are technically secure may still be exploited if users behave in unsafe ways. Most studies of user behavior are in controlled laboratory settings or in large-scale between-subjects measurements in the field.


Visible to the public Development of Methodology Guidelines for Security Research

This project seeks to aid the security research community in conducting and reporting methodologically sound science through (1) development, refinement, and use of community-based security research guidelines; and (2) characterization of the security literature based upon those guidelines.


Visible to the public Reasoning about Accidental and Malicious Misuse via Formal Methods

This project seeks to aid security analysts in identifying and protecting against accidental and malicious actions by users or software through automated reasoning on unified representations of user expectations and software implementation to identify misuses sensitive to usage and machine context.


Visible to the public Secure Native Binary Execution

Typically, securing software is the responsibility of the software developer. The customer or end-user of the software does not control or direct the steps taken by the developer to employ best practice coding styles or mechanisms to ensure software security and robustness. Current systems and tools also do not provide the end-user with an ability to determine the level of security in the software they use. At the same time, any flaw or security vulnerabilities ultimately affect the end-user of the software.


Visible to the public TC: Small: Towards Automating Privacy Controls for Online Social Networks

For millions of Internet users today, controlling information access on Online Social Networks (OSNs) such as Facebook and LinkedIn is a difficult challenge. Privacy controls in current systems do not provide the necessary level of flexibility and usability to their users. Some systems like MySpace and LinkedIn allow users to grant all-or-nothing access control to their profiles. While simple to use, these controls are imprecise and can easily leak data to unintended recipients or prevent the legitimate sharing of data.


Visible to the public SDCI: Integrated Simulation and Emulation Platform for Security Experimentation

Trustworthiness of cyberphysical systems (CPS) is an essential concern since such systems are routinely employed in critical settings. Currently many components of CPS are built without sufficiently formalized and analyzed properties and guarantees. Such inadequacies in the system design phase can lead to catastrophic consequences in operations, as they are interconnected to open networks and become increasingly exposed to security attacks.


Visible to the public An Innovative Interdisciplinary Cybersecurity Education Program for Protecting Critical Infrastructure

This capacity track project is developing an interdisciplinary, cybersecurity education program for engineers that must be aware of critical design issues for addressing cybersecured control systems for electromechanical devices, more effective techniques for the integration of secure software and hardware devices, and associated law and policy issues.


Visible to the public CAREER: User-Space Protection Domains for Compositional Information Security

Attacks on software applications such as email readers and web browsers are common. These attacks can cause damages ranging from application malfunction, loss of private data, to a complete takeover of users' computers. One effective strategy for limiting the damage is to adopt the principle of least privilege in application design: the application is split into several protection domains and each domain is given only the necessary privileges to perform its task. In this design, the compromise of one domain does not directly lead to the compromise of other security-sensitive domains.