CMU

event

Visible to the public  CERT Data Science in Cybersecurity Symposium 2018
Aug 29, 2018 8:00 am - 4:00 pm EDT

PITTSBURGH, July 30, 2018 /PRNewswire/ -- The Carnegie Mellon University Software Engineering Institute CERT Division today announced the 2nd annual CERT Data Science in Cybersecurity Symposium, a free one-day symposium to be held in Arlington, Va., on August 29. Registration is now open.

event

Visible to the public  Science of Security Lablet Quarterly Meeting (CMU) - July 2017
Jul 10, 2017 8:30 am - Jul 11, 2017 12:00 pm EDT

The 2017 Summer Science of Security Quarterly Meeting will be hosted at Carnegie Mellon University on Monday, July 10 8:30AM - 5:00PM and Tuesday, July 11 2017 8:30AM - 12:00PM. The meeting will take place on the CMU Campus in the Gates Hillman Center Room 6115.

group_project

Visible to the public Real-time Privacy Risk Evaluation and Enforcement

Critical infrastructure is increasingly comprised of distributed, inter---dependent components and information that is vulnerable to sophisticated, multi---stage cyber---attacks. These attacks are difficult to understand as isolated incidents, and thus to improve understanding and response, organizations must rapidly share high quality threat, vulnerability and exploit---related, cyber---security information. However, pervasive and ubiquitous computing has blurred the boundary between work---related and personal data. This includes both the use of workplace computers for p

group_project

Visible to the public Usable Formal Methods for the Design and Composition of Security and Privacy Policies

Security-Metrics-Driven-Evaluation, Design, Development and Deployment. Our research evaluates security pattern selection and application by designers in response to attack patterns. The evaluation is based on formal models of attack scenarios that are used to measure security risk and promote risk reduction strategies based on assurance cases constructed by the analyst. The aim is to improve the usability of formal methods for studying security design and composition.

group_project

Visible to the public Highly Configurable Systems

In highly configurable software systems the configuration space is too big for (re-)certifying every configuration in isolation. In this project, we combine software analysis with network analysis to detect which configuration options interact and which have local effects. Instead of analyzing a system as Linux and SELinux for every combination of configuration settings one by one (>10^2000 even considering compile-time configurations only), we analyze the effect of each configuration option once for the entire configuration space.

group_project

Visible to the public Limiting Recertification in Highly Configurable Systems: Analyzing Interactions and Isolation among Configuration Options

In highly configurable systems the configuration space is too big for (re-)certifying every configuration in isolation. In this project, we combine software analysis with network analysis to detect which configuration options interact and which have local effects. Instead of analyzing a system as Linux and SELinux for every combination of configuration settings one by one (>10^2000 even considering compile-time configurations only), we analyze the effect of each configuration option once for the entire configuration space.