TEAM
PI: Ting Yu
Students: Xi Gong, Entong Shen
This project aims to discover general theory to explain what cues security experts use to decide when to apply security requirements and how to present those cues in the form of security patterns to novice designers in a way that yields improved security designs.
TEAM
PIs: Travis Breaux (CMU), Laurie Williams, & Jianwei Niu (CMU)
Student: Maria Riaz
Dr. Breaux is the Director of the CMU Requirements Engineering Lab, where his research program investigates how to specify and design software to comply with policy and law in a trustworthy, reliable manner. His work historically concerned the empirical extraction of legal requirements from policies and law, and has recently studied how to use formal specifications to reason about privacy policy compliance, how to measure and reason over ambiguous and vague policies, and how security and privacy experts and novices estimate the risk of system designs.
To learn more, read about his ongoing research projects or contact him.
Software security metrics are commonly considered as one critical component of science of security. We propose to investigate existing metrics and new security metrics to predict which code locations are likely to contain vulnerabilities. In particular, we will investigate security metrics to take into account of comprehensive factors such as software internal attributes, developers who develop the software, attackers who attack the software, and users who use the software. The project also investigates metrics to evaluate firewall security objectively. The developed metrics including risk, usability and cost are used to automate the creation of security architecture and configurations.
TEAM
PIs: Tao Xie, Laurie Williams, & Ehab S. Al-Shaer (UNC-Charlotte)
Students: Jason King, Rahul Pandita, & Mahamed Alsaleh
Phishing has become a serious threat in the past several years, and combating it is increasingly important. Why do certain people get phished and others do not? In this project, we aim to identify the factors that cause people to be susceptible and resistant to phishing attacks. In doing so, we aim to deploy adaptive anti-phishing measures.
The objective of this project is to design empirical privacy metrics that are independent of existing privacy models to naturally reflect the privacy offered by anonymization. We propose to model privacy attacks as an inference process and develop an inference framework over anonymized data (independent of specific privacy objects and techniques for data anonymization) where machine-learning techniques can be integrated to implement various attacks. The privacy metrics is then defined as the accuracy of the inference of individuals’ sensitive attributes. Data utility is modeled as a data aggregation process and thus can be measured in terms of accuracy of aggregate query answering. Our hypothesis is that, given the above empirical privacy and utility metrics, differential privacy based anonymization techniques offers a better privacy/utility tradeoff, when appropriate parameters are set. In particular, it is possible to improve utility greatly while imposing limited impact on privacy.
TEAM
PIs: Chris Mayhorn & Emerson Murphy-Hill
Students: Kyung Wha Hong & Chris Kelly
This project investigates the hard problem of resilient architectures from the standpoint of enabling new potential for incorporating privilege separation into computing systems. However, privilege separation alone is insufficient to achieve strong security guarantees. It must also include a security policy for separated components without impacting the functional requirements of the system. The general hypothesis of this project is that, legacy computing systems contain emergent properties that allow automatic software partitioning for privilege separation capable of supporting practical least privilege security policies.
Team
PIs: William Enck & Xiaohui (Helen) Gu
Students: Adwait Nadkami, Tsun-Hsuan (Anson) Ho, Ashwin Shashidharan
Welcome to C3E2013!
Now in our fifth year, we'll gather again at West Point later this October to continue our exploration of work begun during the April 2013 mid-year event by focusing in two areas:
Drawing upon past C3E themes of predictive analytics, visualization, decision-making and others, we’ll take C3E into its fifth year by focusing in two key areas:
Welcome to C3E2013!
Now in our fifth year, we'll gather again at West Point later this October to continue our exploration of work begun during the April 2013 mid-year event by focusing in two areas:
You have been invited to attend the C3E Weekly Planning Meeting on Friday August 2, 2013 from 12:30PM - 1:30PM.
Conference Call-In Line: 1-605-475-4350
Access Code: 783 6212
To ensure the the CPS-VO's e-vite capability will work to our standards for C3E 2013, I have created a "test invition" for this week's C3E planning meeting. Please follow the instructions to either Accept or Decline the invitaiton for this week's meeting. Feedback is greatly appreciated!
Thank you!