Software

group_project

Visible to the public TWC: Medium: Collaborative: Towards a Binary-Centric Framework for Cyber Forensics in Enterprise Environments

Emerging attacks such as Advanced Persistent Threats pose significant threat to cyberspace. These attacks are often stealthy, low-and-slow, and disguised via deceptive campaigns. This research focuses on the forensics of cyber attacks targeting enterprise environments, with the goals of (1) understanding an attack's intent, strategy, steps, and targets, (2) collecting digital evidence for legal proceedings, (3) revealing hidden attack behaviors to prevent or minimize damage.

group_project

Visible to the public EDU: Developing a Software Artifact Repository for Software Assurance Education

This project will develop a software assurance education artifact repository, designed for use across numerous computer science programs and institutions. The repository will help students to obtain a firm understanding of the software assurance process and necessary skills to develop highly assured software. The team will also create instructional materials for effective software artifact use.

group_project

Visible to the public TWC: Medium: Collaborative: Aspire: Leveraging Automated Synthesis Technologies for Enhancing System Security

Designing secure systems and validating security of existing systems are hard challenges facing our society. For implementing secure applications, a serious stumbling block lies in the generation of a correct system specification for a security policy. It is non-trivial for both system designers and end users to express their intent in terms of formal logic. Similar challenges plague users' trying to validate security properties of existing applications, such as web or cloud based services, which often have no formal specifications.

group_project

Visible to the public SaTC-EDU: EAGER: INCUBATE - INjecting and assessing Cybersecurity edUcation with little internal suBject mATter Expertise

This project will develop novel ways to teach cybersecurity topics. It is challenging for computer science (CS) programs with limited faculty resources to cover the breadth and depth of the discipline. The challenge increases as CS curriculum guidelines places more emphasis on emerging areas such as cybersecurity.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services.

group_project

Visible to the public TWC: Small: Self-Service Cloud Computing

Cloud computing poses significant risks to the security of client data. Virtual Machine Monitors (VMMs) that underlie cloud systems typically have all-powerful administrative domains that can be exploited or misused to snoop on client virtual machines (VMs) and steal/modify their data. Moreover, although virtual machine technology enables several novel security services that clients may wish to use, such services are privileged and must be implemented within the administrative domain.

group_project

Visible to the public  TWC: Small: Safeguarding Mobile Cloud Services: New Challenges and Solutions

Mobile cloud technologies have begun to rely heavily on services known as Mobile Back-end as a Service (MBaaS), including push messaging, data synchronization, and mobile identity management. Many of today's popular apps have already integrated push messaging services such as Google Cloud Messaging (GCM), Amazon Device Messaging (ADM), and third parties like Baidu, to enable the apps to receive notifications such as private messages, financial secrets or family members' locations.

group_project

Visible to the public TWC: Small: Exposing Attack Vectors and Identifying Defense Solutions for Data Cellular Networks

This project addresses several key emerging security challenges that arise due to the wildly successful large-scale adoption of mobile devices with diverse network capabilities. The novel approach focuses on to understanding how various information that are legitimately and willingly provided by smartphone users due to the requested permissions of downloaded applications can be potentially abused. The second research focus is to identify improvements in the design of cellular network middlebox (e.g., firewall) policies by detailed exposure and explicitly defining the key requirements.

group_project

Visible to the public TWC: Small: Confidentiality Measurement of Complex Computations using Quantitative Information Flow

Concern about information privacy is a major obstacle to user adoption of new information technology applications, from smart phone applications to the deployment of automated workflows in the largest health-care and government enterprises. This project addresses privacy concerns caused by software through errors and malicious attacks. A major security concern about software revolves around whether computers reveal information that they should not.

group_project

Visible to the public TWC: Small: Collaborative: Automated Detection and Repair of Error Handling Bugs in SSL/TLS Implementations

Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols are critical to internet security. However, the software that implements SSL/TLS protocols is especially vulnerable to security flaws and the consequences can be disastrous. A large number of security flaws in SSL/TLS implementations (such as man-in-the-middle attacks, denial-of-service attacks, and buffer overflow attacks) result from incorrect error handling.