Software

group_project

Visible to the public TWC: Small: Collaborative: Characterizing the Security Limitations of Accessing the Mobile Web

Mobile browsers are beginning to serve as critical enablers of modern computing. With a combination of rich features that rival their desktop counterparts and strong security mechanisms such as TLS/SSL, these mobile browsers are becoming the basis of many other mobile apps. Unfortunately, the security guarantees provided by mobile browsers and the risks associated with today?s mobile web have not been evaluated in great detail.

group_project

Visible to the public TWC: Small: Collaborative: Towards Agile and Privacy-Preserving Cloud Computing

Cloud computing offers many benefits to users, including increased availability and flexibility of resources, and efficiency of equipment. However, privacy concerns are becoming a major barrier to users transitioning to cloud computing. The privilege design of existing cloud platforms creates great challenges in ensuring the trustworthiness of cloud by granting too much power to the cloud administrators, who could launch serious insider attacks by abusing the administrative privileges.

group_project

Visible to the public TC: Small: Analysis for a Cloud of Policies: Foundations and Tools

Computers and people live in a world governed by policy. At the lowest level, policies determine how information flows within networks; at the highest level, they describe how users' personal information is shared across applications. Of course, end-users, as policy authors, make mistakes: rules can have unintended consequences and multiple policies can interact in ways that their authors didn't intend. Users can benefit from tools to help them understand the policies they write and maintain. Policy analysis refers to rigorous methods for detecting these situations before they cause harm.

group_project

Visible to the public TC: Large: Collaborative Research: Facilitating Free and Open Access to Information on the Internet

This project develops methods to provide citizens information about technologies that obstruct, restrict, or tamper with their access to information. Internet users need an objective, independent, third-party service that helps them determine whether their Internet service provider or government is restricting access to content, specific protocols, or otherwise degrading service. Towards this goal, we are (1) monitoring attempts to block or manipulate Internet content and communications; and (2) evaluating various censorship circumvention mechanisms in real-world deployments}.

group_project

Visible to the public TWC: Small: Quantitative Analysis and Reporting of Electromagnetic Covert and Side Channel Vulnerabilities

Most traditional approaches to computer security assume that information from the system can only be sent through intended output channels, such as network connection, monitor, portable disk drive, etc. Side-channel and covert-channel attacks circumvent these protections by extracting information that is leaked or deliberately sent from the system through unintended signals, such as electromagnetic emanations, power consumption, timing of computational activity, etc.

group_project

Visible to the public TWC: Small: Understanding and Mitigating the Security Hazards of Mobile Fragmentation

Mobile computing technologies are rapidly evolving and phone (and other mobile device) manufacturers are under constant pressure to offer new product models. Each manufacturer customizes operating system software for its devices and often changes this software to support its new models. Given the many manufacturers in the mobile device marketplace and the many different generations of products, there are many customized branches of mobile operating systems in use at any time.

group_project

Visible to the public TWC: Small: Intelligent Malware Detection Utilizing Novel File Relation-Based Features and Resilient Techniques for Adversarial Attacks

Malware (e.g., viruses, worms, and Trojans) is software that deliberately fulfills the harmful intent of an attacker. It has been used as a major weapon by the cyber-criminals to launch a wide range of attacks that cause serious damages and significant financial losses to many Internet users. To protect legitimate users from these attacks, the most significant line of defense against malware is anti-malware software products, which predominately use signature-based methods to recognize threats.

group_project

Visible to the public TC: Small: Least Privilege Enforcement through Secure Memory Views

The goal of this project is to provide protection against exploits through untrusted third-party software components and against malicious application manipulation. These problems constitute an important class of vulnerabilities in current software, and are tied to a common denominator -- the lack of ability to divide a program and the data manipulated by it in a fine-grained manner and to control the interactions between the resulting constituents.

group_project

Visible to the public Spreading SEEDs: Large-Scale Dissemination of Hands-on Labs for Security Education

This capacity building project seeks to addresses the lack of opportunities for students for experiential learning of Cybersecurity. Although there is no overall shortage of labs anymore, many instructors do not feel comfortable using them in their courses. This project has a potential to help many instructors to provide hands-on learning opportunities to their students. The project is based on the 30 SEED labs, which were developed and tested by the PI over the last ten years and are used by over 150 instructors from 26 countries.

group_project

Visible to the public SHF: Small: Higher-order Contracts for Distributed Applications

Distributed applications (such as web applications and cloud-based applications, where multiple computers cooperate to run the application) are becoming increasingly common. Given the amount of commercial activity and information handled by these distributed applications, it is important that these applications are correct, reliable, and efficient. However, many traditional tools and techniques for programmers cannot be used for distributed applications, making it difficult for programmers to write and debug distributed applications.