Small

group_project

Visible to the public TC: Small: Towards Automating Privacy Controls for Online Social Networks

For millions of Internet users today, controlling information access on Online Social Networks (OSNs) such as Facebook and LinkedIn is a difficult challenge. Privacy controls in current systems do not provide the necessary level of flexibility and usability to their users. Some systems like MySpace and LinkedIn allow users to grant all-or-nothing access control to their profiles. While simple to use, these controls are imprecise and can easily leak data to unintended recipients or prevent the legitimate sharing of data.

group_project

Visible to the public TC: Small: Collaborative Research: Securing Multilingual Software Systems

Most real software systems consist of modules developed in multiple programming languages. Different languages differ in their security assumptions and guarantees. Consequently, even if single modules are secure in some language model and with respect to some security policy, there is usually no uniform security guarantee on a whole multilingual system. This project focuses on low-overhead techniques for providing security guarantees to software systems in which type-safe languages such as Java interoperate with native code.

group_project

Visible to the public TC:Small: A Formal Inter-Disciplinary Study of the Impact of Security Awareness Efforts on User Behavior

Given the diverse and complex nature of computer security, a natural response of the academic and industrial community has been to study how one can create technical solutions to the problem. Although the technical solutions to various problems can be quite effective, the underlying premise of many of the solutions is predicated upon an informed awareness of the user of the importance of avoiding risky behavior.

group_project

Visible to the public TC: Small: Online Privacy and Senior Citizens: A Socio-Technical Multi-Perspective Framework for Trustworthy Operations

This projects investigates the external and internal factors (e.g., demographic, personal, and psychological aspects) that impact senior citizens' online privacy behavior. The multi-perspective approach to address this question consists of surveys (standardized), intensive in-person interviews, focus groups, key stroke logging and log analysis and scenario based questionnaires to understand online privacy behavior and attitude.

group_project

Visible to the public TC: SMALL: Language Based Accountability

Distributed applications that require enforcement of fundamental authorization policies play an increasingly important role in internet and telecommunications infrastructure. Traditionally, controls are imposed before shared resources are accessed to ensure that authorization policies are respected. Recently, there has been great interest in the exploration of accountability mechanisms that rely on after-the-fact verification.

group_project

Visible to the public SBES: Small: Developing Countermeasures to Mitigate Psychology Cyber-Attacks on Personal Identity Information

Approximately six million Americans are targets of identity theft each year. Many of the attacks on identity privacy use psychological influence strategies ("psychological attacks?) to induce individuals to provide their private information. Although people are appropriately concerned about their privacy, they often unnecessarily disclose information that could be used to their disadvantage. Our studies have shown that people?s privacy exposure behaviors may be severely affected by psychological attacks.

group_project

Visible to the public SaTC: CORE: Small: New Techniques for Optimizing Accuracy in Differential Privacy Applications

Differential Privacy is an important advance in the modern toolkit for protecting privacy and confidentiality. It allows organizations such as government agencies and private companies to collect data and publish statistics about it without leaking personal information about people -- no matter how sophisticated an attacker is. The project's novelties are in the careful design of new differentially private tools that provide more accurate population statistics while maintaining strong privacy guarantees.

group_project

Visible to the public SaTC: CORE: Small: Reasoning about dependencies and information flow in dynamic code

This project aims to investigate software whose code can change during its execution. Such code is ubiquitous in modern systems. For example, all modern web browsers contain a component, known as a JIT compiler, that creates or modifies code during execution. Reasoning about relationships between the code that carries out the runtime modifications, and the code that is created or modified as a result, is important for a number of software security applications. For example, bugs in a JIT compiler can result in vulnerabilities that can be exploited by hackers.

group_project

Visible to the public SaTC: CORE: Small: Checking Security Checks in OS Kernels

Operating system (OS) kernels play a critical role in computer systems by virtually having complete control over the systems. OS kernels not only manage hardware and system resources, but also provide services and protection. Given these tasks, OS kernels have to process external untrusted inputs and perform complicated operations, both of which are error-prone. To avoid entering into erroneous states, OS kernels tend to enforce a large number of security checks---"if" and "switch" statements that are used to validate states. Unfortunately, security checks themselves are often buggy.

group_project

Visible to the public SaTC: CORE: Small: The Blurring of Non-essential Notifications and Critical Security Warnings: Examining the Problem of Generalization in the Brain

This project measures how decreased attention to frequent software notifications negatively influences peoples' responses to uncommon security warnings that are truly critical. The researchers will use eye tracking equipment to examine this problem by measuring attention to notifications and warnings through eye gaze patterns, and individuals' decisions in response to these messages.