Software

group_project

Visible to the public CAREER: Practical, Expressive, Language-based Information Security

Language-based security (the use of programming language abstractions and techniques for security) holds the promise of efficient enforcement of strong, formal, fine-grained, application-specific information security guarantees. However, language-based security has not yet reached its potential, and is not in widespread use for providing rich information security guarantees.

group_project

Visible to the public CAREER: Secure and Trustworthy Ocular Biometrics

The need for accurate and unforgeable identity recognition techniques has become an issue of increasing urgency. Biometric approaches such as iris recognition hold huge promise but still have significant limitations, including susceptibility to 'spoofing'. This project seeks to advance our knowledge of security and accuracy of multibiometric systems by inventing, evaluating, and applying innovative methods and tools to combine highly accurate static traits, such as iris patterns, with novel traits based on the dynamics of eye movements.

group_project

Visible to the public TWC: Medium: Collaborative: Flexible and Practical Information Flow Assurance for Mobile Apps

This project is developing tools and techniques for cost-effective evaluation of the trustworthiness of mobile applications (apps). The work focuses on enterprise scenarios, in which personnel at a business or government agency use mission-related apps and access enterprise networks.

group_project

Visible to the public TC: Large: Collaborative Research: Practical Secure Two-Party Computation: Techniques, Tools, and Applications

Many compelling applications involve computations that require sensitive data from two or more individuals. For example, as the cost of personal genome sequencing rapidly plummets many genetics applications will soon be within reach of individuals such as comparing one?s genome with the genomes of different groups of participants in a study to determine which treatment is likely to be most effective. Such comparisons could have tremendous value, but are currently infeasible because of the privacy concerns both for the individual and study participants.

group_project

Visible to the public  TWC: Small: Collaborative: Characterizing the Security Limitations of Accessing the Mobile Web

Mobile browsers are beginning to serve as critical enablers of modern computing. With a combination of rich features that rival their desktop counterparts and strong security mechanisms such as TLS/SSL, these mobile browsers are becoming the basis of many other mobile apps. Unfortunately, the security guarantees provided by mobile browsers and the risks associated with today?s mobile web have not been evaluated in great detail.

group_project

Visible to the public CAREER: User-Space Protection Domains for Compositional Information Security

Attacks on software applications such as email readers and web browsers are common. These attacks can cause damages ranging from application malfunction, loss of private data, to a complete takeover of users' computers. One effective strategy for limiting the damage is to adopt the principle of least privilege in application design: the application is split into several protection domains and each domain is given only the necessary privileges to perform its task.

group_project

Visible to the public TWC: Large: Collaborative: Computing Over Distributed Sensitive Data

Information about individuals is collected by a variety of organizations including government agencies, banks, hospitals, research institutions, and private companies. In many cases, sharing this data among organizations can bring benefits in social, scientific, business, and security domains, as the collected information is of similar nature, of about similar populations. However, much of this collected data is sensitive as it contains personal information, or information that could damage an organization's reputation or competitiveness.

group_project

Visible to the public TWC: Small: Using a Capability-Enhanced Microkernel as a Testbed for Language-based Security (CEMLaBS)

This project is investigating the potential for language-based security techniques in the construction of low-level systems software. The specific focus is on the development of an open, capability-enhanced microkernel whose design is based on seL4, a "security enhanced" version of the L4 microkernel that was developed, by a team in Australia, as the first fully verified, general purpose operating system.

group_project

Visible to the public TWC: Medium: Collaborative: Active Security

Computer and network security is currently challenged by the need to secure diverse network environments including clouds and data-centers, PCs and enterprise infrastructures. This diversity of environments is coupled to increased attack sophistication. Today's tools for securing network and computing infrastructures can be painstakingly composed and configured using available components, but fail to automatically learn from their environment and actively protect it.

group_project

Visible to the public TWC SBE: Small: Identifying Malicious Insiders through Mouse Cursor Movements

The threat of malicious insiders is a top concern for governmental agencies and corporations. In general, malicious insiders are typically disgruntled employees who encounter a negative experience, or stressor, as a triggering event. Criminology research has long associated certain stressors with malicious behavior. Recent neuroscience and cognitive psychology research has unequivocally demonstrated that linkages exist between cognitive processing (e.g., cognitive conflict, emotion, arousal, etc.) and hand movements.