Software

group_project

Visible to the public TWC: Medium: Collaborative: Improving Mobile-Application Security via Text Analytics

Security policies often base access decisions on temporal context (e.g., time of day) and environmental context (e.g., geographic location). Access control policies for operating systems frequently consider execution context (e.g., user ID, program arguments). However, little has been done to incorporate user expectation context into security decision mechanisms. Text artifacts provide a source of user expectation context.

group_project

Visible to the public TWC: Medium: HARDWARE-ASSISTED LIGHTWEIGHT CAPABILITY OPTIMIZATION (HALCYON)

To address today's environment of constant security challenges and cyber-threats, the Hardware-Assisted Lightweight Capability Optimization (HALCYON) research explores novel techniques to make the performance of more secure system designs acceptable to users. Conventional system designs have achieved acceptable performance, but have evolved from hardware and software designs that carry forward compromises in security that made sense in the past, but not with modern hardware resources in today's security climate.

group_project

Visible to the public EDU: Enhancing and Broadening Computer Security Education with Stepwise and Reusable Problem-solving Challenges

This project explores methods for enhancing computer security education through the use of practical problem-solving challenges. The investigators are building step-wise and parametrized reusable security challenges that mimic real-world scenarios involving computer attacks and defense strategies.

group_project

Visible to the public TWC: Small: Collaborative: Discovering Software Vulnerabilities through Interactive Static Analysis

Software development is a complex and manual process, in part because typical software programs contain more than hundreds of thousands lines of computer code. If software programmers fail to perform critical checks in that code, such as making sure a user is authorized to update an account, serious security compromises ensue. Indeed, vulnerable software is one of the leading causes of cyber security problems. Checking for security problems is very expensive because it requires examining computer code for security mistakes, and such a process requires significant manual effort.

group_project

Visible to the public  TWC: Small: Language-level Control of Authority

Modern computer applications are typically made up of different software components that are created by, or may act on behalf of, mutually distrustful entities. To ensure the security of computer systems, it is important to restrict the ability of the components to perform actions within the computer system. The Principle of Least Authority states that a component should be given only the ability (or authority) it needs to perform its task, and no more.

group_project

Visible to the public TWC: TTP Option: Small: Differential Introspective Side Channels --- Discovery, Analysis, and Defense

Side channels in the security domain are known to be challenging to discover and eliminate systematically. Nevertheless, they can lead to a variety of stealthy attacks seriously compromising cybersecurity. This work focuses on an important class of side channels that are fundamental to the operations of networked systems.

group_project

Visible to the public  EDU: Enhancing Cybersecurity Education for Native Students Using Virtual Laboratories

This proposal will develop an educational link between the Yakama Nation and the University of Washington at Bothell to enhance Cybersecurity education for Native students using virtual laboratories. The laboratories will use scenarios to provide hands-on experience in the practical aspects of Cybersecurity. The project will use a new approach to Cybersecurity education that focuses on established success indicators for Native students. The project will focus on an educational design that appeals to the students in areas that are defined as key indicators of academic success.

group_project

Visible to the public TWC: Small: Discovering and Restricting Undesirable Information Flows Between Multiple Spheres of Activities

Loss of personal data or leakage of corporate data via apps on mobile devices poses a significant risk to users. It can have both a huge personal and financial cost. This work is designing new novel techniques to help reduce the risks for end-users who use a single device for multiple spheres of activity. Getting security right when a single device is used for multiple spheres of activity is a major research challenge, with unforeseen information flows between various subsystems that are currently difficult to control.

group_project

Visible to the public CAREER: Secure and Trustworthy Provenance for Accountable Clouds

Cloud computing has emerged as one of the most successful computing models in recent years. However, lack of accountability and non-compliance with data protection regulations have prevented major users such as business, healthcare, and defense organizations from utilizing clouds for sensitive data and applications. Due to the lack of information about cloud internals and the inability to perform trustworthy audits, today's clouds are often not used in regulated industries, preventing their widespread adoption.

group_project

Visible to the public TWC: Small: Techniques and Tools for Enforcing Proximity-based Policies in Wireless Systems

As wireless technologies become more pervasive, it becomes increasingly important for devices to authenticate the locations of other devices. For example, patients with implantable medical devices (IMDs) may reasonably expect that any device used to control their IMD would have to be within arm's reach, to help prevent unauthorized access to their device. In other words, IMDs should enforce policies based on the proximity, and in general the location, of wirelessly connected devices.