Transition to Practice

group_project

Visible to the public Collaborative: Development and Testing of a Secure Programming Clinic

This capacity building project will create Secure Programming Clinic to enhance student learning and expertise in writing robust, secure software, analogous to a writing clinic in an English department or law school. It provides continual reinforcement of the mechanisms, methods, technologies, and need for programming with security and robustness considerations throughout a student's undergraduate coursework. The clinic would augment courses, not replace them or their content.

group_project

Visible to the public TWC: TTP Option: Small: Collaborative: SRN: On Establishing Secure and Resilient Networking Services

Almost every organization depends on cloud-based services. The backend of cloud-based services are designed for multiple tenants and reside in data centers spread across multiple physical locations. Network security and security management are major hurdles in such a complex, shared environment. This research investigates mitigating the security challenges by taking a moving target defense (MTD) approach.

group_project

Visible to the public TWC: Small: Practical Assured Big Data Analysis in the Cloud

The use of "cloud technologies" presents a promising avenue for the requirements of big data analysis. Security concerns however represent a major impediment to the further adoption of clouds: through the sharing of cloud resources, an attack succeeding on one node can tamper with many applications sharing that node.

group_project

Visible to the public Forum on Cyber Resilience

This project provides support for a National Academies Roundtable, the Forum on Cyber Resilience. The Forum will facilitate and enhance the exchange of ideas among scientists, practitioners, and policy makers concerned with the resilience of computing and communications systems, including the Internet, critical infrastructure, and other societally important systems.

group_project

Visible to the public TWC: Small: Developing Advanced Digital Forensic Tools Based on Network Stack Side Channels

This project is developing the next generation of network measurement tools for penetration testers, digital forensics experts, and other cybersecurity professionals who sometimes need to know more about the Internet or a specific network. It is developing techniques based on TCP/IP side channel inferences, where it is possible to infer something about a remote machine's view of the network based on the use of shared, limited resources.

group_project

Visible to the public TWC SBE: TTP Option: Medium: Collaborative: EPICA: Empowering People to Overcome Information Controls and Attacks

This project studies the security of representative personalized services, such as search engines, news aggregators, and on-line targeted advertising, and identifies vulnerabilities in service components that can be exploited by pollution attacks to deliver contents intended by attackers.

group_project

Visible to the public TWC SBE: Small: Building the human firewall: Developing organizational resistance to semantic security threats

Semantic attacks are efforts by others to steal valuable information by imitating electronic communications from a trustworthy source. A common example of a semantic attack is phishing where a phisher sends unsolicited messages to potential targets. When a targeted individual responds, the phisher then steals valuable information from the individual. Semantic attacks flow through established channels of communication (e.g., email, social media) and are difficult to distinguish from legitimate messages.

group_project

Visible to the public TWC: TTP Option: Small: Collaborative: Integrated Smart Grid Analytics for Anomaly Detection

The modernized electric grid, the Smart Grid, integrates two-way communication technologies across power generation, transmission and distribution, in order to deliver electricity efficiently, securely and cost-effectively. On the monitoring and control side, it employs real-time monitoring offered by a messaging-based advanced metering infrastructure (AMI), which ensures the grid?s stability and reliability, as well as the efficient implementation of demand response schemes to mitigate bursts demand.

group_project

Visible to the public TWC: TTP Option: Small: Open-Audit Voting Systems---Protocol Models and Properties

Open-audit cryptographic voting protocols enable the verification of election outcomes, independent of whether election officials or polling machines behave honestly. Many open-audit voting systems have been prototyped and deployed. The City of Takoma Park, MD held its 2009 and 2011 city elections using voting system Scantegrity. Systems with similar properties are being proposed for use in Victoria, Australia (the Pret a Voter system) and Travis County, Texas (the STAR-Vote system).

group_project

Visible to the public TWC: TTP Option: Small: Collaborative: Scalable Techniques for Better Situational Awareness: Algorithmic Frameworks and Large-Scale Empirical Analyses

Attacks on computer networks are an all too familiar event, leaving operators with little choice but to deploy a myriad of monitoring devices to ensure dependable and stable service on the networks they operate. However, as networks grow bigger and faster, staying ahead of the constant deluge of attack traffic is becoming increasingly difficult. A case in point is the attacks on enterprise name servers that interact with the Domain Name System (DNS). These name servers are critical infrastructure, busily translating human readable domain names to IP addresses.