Research Areas
Cybersecurity research at the Secure Computing Institute is performed within its core and affiliate research labs. These efforts are spread across theoretical and practical cybersecurity and privacy, including topics such as mobile and IoT platform and application security and privacy, Web security and privacy, cloud security, software security, quantum-resistant cryptography, blockchain security and privacy, and symmetric multi-party computation. See the below laboratory websites for more information.
Cellular and Telephone Network Security
The world has a fundamental reliance on the cellular and telephony system for secure communication and the establishment of identity. Our work is actively studying security risks in telephony systems, ranging from understanding robocalls to insecure VoIP systems. This work integrates knowledge from fields as diverse as signal processing and digital communications; data science, machine learning, and statistics; cryptography; program analysis; reverse engineering; and Internet and telephone networks. Slightly more information made to explain this more (and make it longer for appearances) Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam tincidunt bibendum lectus, nec consequat nunc fermentum et. Donec eget nulla eros. Cras blandit purus at semper luctus. Fusce nibh sem.
Faculty Contacts
Cloud Security
A significant amount of computation and storage is outsourced to public clouds. Our research seeks to design novel security architectures that provide enhanced security capabilities cloud environments. For example, we have proposed novel types of introspection using hypervisors that create new opportunities for forensics. We have also leveraged the elasticity and emphemeral natures of cloud computing to provide better resiliency to network-based attacks. Slightly more information made to explain this more (and make it longer for appearances) Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam tincidunt bibendum lectus, nec consequat nunc fermentum et. Donec eget nulla eros. Cras blandit purus at semper luctus. Fusce nibh sem.
Faculty Contacts
Cryptography
The Crypto Group focuses on designing protocols for advanced cryptographic tasks such as zero-knowledge proofs and secure computation, and applying them to enhance privacy in emerging technologies (e.g., blockchain). Our main activities are:
- Designing cryptographic protocols for enhancing anonymity of users with application to privacy-preserving blockchain transactions.
- Designing cryptographic building blocks that offer composable security guarantees, and can be plugged securely in complex systems.
- Designing cryptographic protocols that are agnostic to any specific hardness assumptions and can be instantiated with Post-Quantum secure primitives.
- Slightly more information made to explain this more (and make it longer for appearances) Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam tincidunt bibendum lectus, nec consequat nunc fermentum et. Donec eget nulla eros. Cras blandit purus at semper luctus. Fusce nibh sem.
Faculty Contacts
IoT Security
Internet of Things (IoT) devices represent a significant security challenge due to their heterogeneity, scale, and resource constraints. Our research has taken a network-based approach to defending IoT smart home users, proposing novel frameworks for enhanced transparency and protection. Through these investigations, we have also discover fundamental design flaws in the ways in which smart home devices report telemetry and state, leading to ways in which attackers can blind and confuse smart home devices used for physical security. Slightly more information made to explain this more (and make it longer for appearances) Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam tincidunt bibendum lectus, nec consequat nunc fermentum et. Donec eget nulla eros. Cras blandit purus at semper luctus. Fusce nibh sem.
Faculty Contacts
Mobile Security
Mobile devices are a primary computing platform for many users, if not their only platform. Our search has significantly enhanced the state of mobile platform and application security through the development of novel analysis tools and new architecture that provide enhanced protections. These efforts include both static and dynamic program analysis tools for Android applications to discover malware, privacy infrigements, and vulnerabilities. We have also targeted the platforms themselves, using static program analysis of the Android platform to discover missing or incorrect access control checks, as well as using reverse engineering to extract and formally model access control in iOS. Finally, we have also proposed generalized security frameworks for adapting the Android platform, as well as methods to incorporate strong Information Flow Control (IFC) guarantees.
Faculty Contacts
Network Security
Our rearch seeks to better understand network security through a combination of empirical measurements and novel network architectural defenses. For example, we used Software Defined Networking (SDN) to build distribured information flow protections for enterprises, as well as new models for adaptively isolating IoT smart home devices.Slightly more information made to explain this more (and make it longer for appearances) Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam tincidunt bibendum lectus, nec consequat nunc fermentum et. Donec eget nulla eros. Cras blandit purus at semper luctus. Fusce nibh sem.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam tincidunt bibendum lectus, nec consequat nunc fermentum et. Donec eget nulla eros. Cras blandit purus at semper luctus. Fusce nibh sem.
Faculty Contacts
Privacy
Our research covers a broad array of privacy topics in computing. Recent efforts have focused on privacy in mobile and Internet of Things (IoT) devices. In the mobile domain, we have used static and dynamic program analysis to study how applications abuse privacy sensitive information that is made available by the operating system (sometimes unintionally). We have also used Natural Language Processing (NLP) to infer text input semantics as well as sharing and collection practices in privacy policies. In the IoT domain, we have built network frameworks to study privacy implications of smart home devices, as well as novel defenses for end users. Slightly more information made to explain this more (and make it longer for appearances) Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam tincidunt bibendum lectus, nec consequat nunc fermentum et. Donec eget nulla eros. Cras blandit purus at semper luctus.
Faculty Contacts
Vulnerability Analysis
Our research uses static and dynamic analysis to discover vulnerabilities in software applications and platforms. These efforts commonly include static program analysis, reverse engineering, and formally modeling of security requirements (e.g., access control logic). For example, we have studied flaws in access control policy and enforcement logic in both the Android and iOS mobile platforms, discovering over a dozen CVEs. We have also perform large scale studies of software ecosystems (e.g., GitHub) to better understand the types of vulnerabilities that these environments introduce (e.g., exposing secrets within code). Slightly more information made to explain this more (and make it longer for appearances) Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam tincidunt bibendum lectus, nec consequat nunc fermentum et. Donec eget nulla eros. Cras blandit purus at semper luctus.
Faculty Contacts
Web Security and Privacy
Our research seeks to better understand how the web works and evolves over time and how we can make it more secure for the users. Research efforts range from designing a secure browser architecture to measuring and understanding large-scale Internet attacks. Also we are working on building instrumented browsers that can enable us to explore ways in which online trackers are evolving and coming up with new ways to track our digital footprint. Slightly more information made to explain this more (and make it longer for appearances) Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam tincidunt bibendum lectus, nec consequat nunc fermentum et. Donec eget nulla eros. Cras blandit purus at semper luctus. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam tincidunt bibendum lectus, nec consequat nunc fermentum et. Donec eget nulla eros. Cras blandit purus at semper luctus.