Software

group_project

Visible to the public TTP: Medium: Securing the Wireless Philadelphia Network

The Wireless Philadelphia Network (WPN) is a metropolitan?area network (MAN) consisting of thousands of Tropos 5210 wireless mesh routers distributed across the entire city of Philadelphia and connected by a fiber backbone. This project is employing this network as a testbed to investigate three diverse security challenges facing any large-scale wireless network servicing a heterogeneous population.

group_project

Visible to the public STARSS: Small: Collaborative: Specification and Verification for Secure Hardware

There is a growing need for techniques to detect security vulnerabilities in hardware and at the hardware-software interface. Such vulnerabilities arise from the use of untrusted supply chains for processors and system-on-chip components and from the scope for malicious agents to subvert a system by exploiting hardware defects arising from design errors, incomplete specifications, or maliciously inserted blocks.

group_project

Visible to the public CAREER: At-scale Analysis of Issues in Cyber-Security and Software Engineering

One of the most significant challenges in cybersecurity is that humans are involved in software engineering and inevitably make security mistakes in their implementation of specifications, leading to software vulnerabilities. A challenge to eliminating these mistakes is the relative lack of empirical evidence regarding what secure coding practices (e.g., secure defaults, validating client data, etc.), threat modeling, and educational solutions are effective in reducing the number of application-level vulnerabilities that software engineers produce.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.

group_project

Visible to the public TWC: Small: Secure by Construction: An Automated Approach to Comprehensive Side Channel Resistance

A software implementation shows side-channel leakage when the physical effects of its implementation have a dependency to secret data such as cryptographic keys. Relevant physical effects include instruction execution time, memory access time, power consumption and electromagnetic radiation. Fifteen years after differential power analysis was first demonstrated, side-channel attacks are affecting software implementations in a broad variety of processors. Yet, without the support of automatic tools, programmers still have to resort to manual and error-prone insertion of countermeasures.

group_project

Visible to the public SaTC: Hardware-Assisted Methods for Operating System Integrity

Operating systems (OS) form the core of the trusted computing base on most computer platforms. The security of a platform therefore crucially relies on the correct and secure operation of its OS. Unfortunately, malicious software such as rootkits infect the OS by compromising the integrity of its code and data, thereby jeopardizing the security of the entire platform.

group_project

Visible to the public TWC: Medium: Collaborative: Development and Evaluation of Next Generation Homomorphic Encryption Schemes

Fully homomorphic encryption (FHE) is a promising new technology that enables an untrusted party to efficiently compute directly on ciphertexts. For instance, with FHE a cloud server without access to the user's encrypted content can still provide text search services. An efficient FHE scheme would significantly improve the security of sensitive user data stored and processed on cloud servers. Significant progress has been made in bringing FHE proposals closer to practice.

group_project

Visible to the public TWC: Small: Collaborative: Automated Detection and Repair of Error Handling Bugs in SSL/TLS Implementations

Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols are critical to internet security. However, the software that implements SSL/TLS protocols is especially vulnerable to security flaws and the consequences can be disastrous. A large number of security flaws in SSL/TLS implementations (such as man-in-the-middle attacks, denial-of-service attacks, and buffer overflow attacks) result from incorrect error handling.

group_project

Visible to the public TWC: Small: Time-Centric Modeling of Correct Behaviors for Efficient Non-intrusive Runtime Detection of Unauthorized System Actions

Embedded computing systems are found at the heart of medical devices, automotive systems, smartphone, etc. Securing these embedded systems is a significant challenge that requires new methods that address the power, time, and cost requirements under which these systems operate. Because embedded systems must meet precise time requirements, detecting changes in timing can indicate the presence of malware. This research investigates new models for capturing the expected behavior of embedded systems, in which time requirements play a pivotal role.