Programming languages

group_project

Visible to the public TC: Large: Collaborative Research: Practical Secure Two-Party Computation: Techniques, Tools, and Applications

Many compelling applications involve computations that require sensitive data from two or more individuals. For example, as the cost of personal genome sequencing rapidly plummets many genetics applications will soon be within reach of individuals such as comparing one?s genome with the genomes of different groups of participants in a study to determine which treatment is likely to be most effective. Such comparisons could have tremendous value, but are currently infeasible because of the privacy concerns both for the individual and study participants.

group_project

Visible to the public TWC: Large: Collaborative: Computing Over Distributed Sensitive Data

Information about individuals is collected by a variety of organizations including government agencies, banks, hospitals, research institutions, and private companies. In many cases, sharing this data among organizations can bring benefits in social, scientific, business, and security domains, as the collected information is of similar nature, of about similar populations. However, much of this collected data is sensitive as it contains personal information, or information that could damage an organization's reputation or competitiveness.

group_project

Visible to the public TWC: Small: Using a Capability-Enhanced Microkernel as a Testbed for Language-based Security (CEMLaBS)

This project is investigating the potential for language-based security techniques in the construction of low-level systems software. The specific focus is on the development of an open, capability-enhanced microkernel whose design is based on seL4, a "security enhanced" version of the L4 microkernel that was developed, by a team in Australia, as the first fully verified, general purpose operating system.

group_project

Visible to the public TWC: Small: Automated Protocol Design and Refinement

Online security relies on communication protocols that establish trust and authentication. New protocols are created regularly, such as when Software-as-a-Service companies expose their software through new Web services. In the ideal case, network engineers and protocol experts collaborate to develop a protocol: one responsible for its efficiency and the other for its security. Unfortunately, this ideal is rarely realized.

group_project

Visible to the public TWC: Small: Collaborative: EVADE: Evidence-Assisted Detection and Elimination of Security Vulnerabilities

Today's software remains vulnerable to attack. Despite decades of advances in areas ranging from testing to static analysis and verification, all large real-world software is deployed with errors. Because this software is either written in or underpinned by unsafe languages, errors often translate to security vulnerabilities. Although techniques exist that could prevent or limit the risk of exploits, high performance overhead blocks their adoption, leaving today's systems open to attack.

group_project

Visible to the public TWC: Small: Workflows and Relationships for End-to-End Data Security in Collaborative Applications

Access control refers to mechanisms for protecting access to confidential information, such as sensitive medical data. Management of access control policies, in applications that involve several collaborating parties, poses several challenges. One of these is in ensuring that each party in such a collaboration only obtains the minimal set of access permissions that they require for the collaboration. In a domain such as healthcare, it may be critical that access be minimized in this way, rather than allowing all parties equal access to the sensitive information.

group_project

Visible to the public TWC: Small: Confidentiality Measurement of Complex Computations using Quantitative Information Flow

Concern about information privacy is a major obstacle to user adoption of new information technology applications, from smart phone applications to the deployment of automated workflows in the largest health-care and government enterprises. This project addresses privacy concerns caused by software through errors and malicious attacks. A major security concern about software revolves around whether computers reveal information that they should not.

group_project

Visible to the public  TWC: Small: Automatic Techniques for Evaluating and Hardening Machine Learning Classifiers in the Presence of Adversaries

New security exploits emerge far faster than manual analysts can analyze them, driving growing interest in automated machine learning tools for computer security. Classifiers based on machine learning algorithms have shown promising results for many security tasks including malware classification and network intrusion detection, but classic machine learning algorithms are not designed to operate in the presence of adversaries.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.