Guohong Cao, Major Projects
Resource-Aware Crowdsourcing in Wireless Networks
Transmitting large numbers of photos in a wireless environment with bandwidth constraints is challenging. In this project, we develop a framework to quantify the quality of crowdsourced photos based on the accessible geographical and geometrical information (called metadata) including the smartphone’s orientation, position and all related parameters of the built-in camera. From the metadata, information such as where and how the photo is taken can be inferred, and then only the most useful photos may be transmitted. Specifically, the project addresses three closely intertwined issues in resource-aware crowdsourcing. The first part investigates how to select photos based on the collected metadata by considering two scenarios: Point of Interest where the selected photos should be about a specific location or object, and Area of Interest where selected photos are related to an area. For both cases, various algorithms are designed to quantify the coverage of the photos based on the metadata, and then to select the minimum number of photos based on the coverage requirement, or to select a predefined number of photos to maximize the photo coverage. The second part focuses on metadata transmission and redundancy removal when crowdsourcing is based on peer-to peer (P2P) communications. The third part investigates techniques to automatically and accurately generate metadata based on sensors available on most off-the-shelf smartphones.
Efficient Energy-Aware Data Access in Wireless Networks
Web access is one of the most common and important services provided by smartphones. However, it currently suffers from long delays and creates a huge drain on the battery lifetime of smartphones. These limitations are caused by complex interactions between the processing flow in mobile web browsers and specialized characteristics of the wireless radio interface, and by the processing limitations of the smartphones. This project addresses these limitations by focusing on three intertwined issues: (i) various techniques to reorganize the computation sequence of the web browser to let the wireless radio interface enter sleep earlier, are designed, implemented and evaluated; (ii) practical data mining based methods are introduced to predict the user viewing time of webpages and determine when the smartphone should switch to low power state, considering the resource limitations of the smartphone and various tradeoffs between delay and power; and (iii) a new architecture is proposed to shift the computing from smartphones to the virtual-machine based proxy to address the computation limitations in smartphones considering scalability issues and bandwidth constraints.
Trent Jaeger, Major Projects
Retrofitting Software for Security Automatically
This work focuses on the problem of retrofitting legacy code in order to enforce an authorization policy. An authorization policy specifies who can access a resource in a system (e.g., files, sockets, etc) and what rights (actions such as reading, writing, etc) they have when they do so. A mechanism that enforces such a policy is called a reference monitor and must satisfy certain guarantees. One such property is that every potentially security-sensitive action on a resource is mediated by a call to the reference monitor. These calls are called authorization hook calls. This will ensure that an unauthorized user will not be able to gain access to security-sensitive operations in a program. To date, authorization hook placement in code bases, such as the X server has largely been a manual procedure, driven by informal analysis of server code, and discussions on developer forums. There is even lack of consensus on basic concepts, such as the definition of what constitutes a security-sensitive operation. Consequently past efforts have taken several years to accomplish this task manually. The goal of this thesis is to solve this problem by retrofitting a legacy program with such a reference validation mechanism in a largely automated fashion with little effort from a programmer. Research efforts in the past have attempted to solve this problem but in a largely ad hoc fashion involving significant programmer input and domain knowledge. As a result none of them have seen widespread adoption.
OS Security Mechanisms to Protect Processes During Resource Retrieval
Programs require a variety of resources from the system to function, e.g., a web server may need HTML files to serve HTTP requests. However, adversaries can try to trick victim programs into accessing malicious resources. For example, when a victim program wants to read from a file in /tmp, the adversary who has write access to /tmp can create a symbolic link to /etc/password. If the victim does not detect that the target of the symbolic link is a high-secrecy file, the victim may end up accessing and possibly leaking the high-secrecy password file, when it meant to access a low-secrecy temporary file. We find that such problems are caused because of a disconnect between programmers who write code and OS distributors/administrators who frame system access control policies/configurations. To solve this problem, we developed Process Firewall – a mechanism that can inspect both the program and the system – to protect resource access. It bridges the gap between programs and the deployed system with a broader view and finer controls on resource accesses. It is modular and extensible to protect against new vulnerability classes.
Patrick McDaniel, Major Projects
Cyber-Security Collaborative Research Alliance
The goal of the Models for Enabling Continuous Reconfigurability of Secure Missions (MACRO) Cyber-Security Collaborative Research Alliance (CRA) program is to understand and model the risks, human behaviors and motivations, and attacks within Army cyber-maneuvers. Such understanding and models will lead to an asymmetric advantage in cyber domains against known and unknown attackers both in the ability to detect and thwart attacks as well as allow mission progress in the face of ongoing and evolving threats. The overarching scientific goal of this effort is to develop a rigorous science of cyber-decision making that enables military environments to a) detect the risks and attacks present in an environment, b) understand and predict the motivations and actions of users, defenders, and attackers, c) alter the environment to securely achieve maximal maneuver success rates at the lowest resource cost. Ultimately we wish to dictate and control the evolution of cyber-maneuvers and adversarial actions.
Smartphone Application Security
Smartphones have emerged as an essential vehicle for information access and personal communication. However, the fluidity of application markets and structures of the underlying mobile hand operating systems complicate smartphone security. Over the last 4 years I have worked with a number of students and researchers across the country to investigate the security of phones and applications they support. This effort has spanned projects in, among other topics, systems design, policy, and program analysis.
Thomas La Porta, Major Projects
Collaborative Technology Alliance
As part of the Network Sciences CTA program, we are performing research on Quality of Information (QoI) Aware networking. We have defined several contextual and intrinsic attributes of information quality, such as accuracy, precision, timeliness and freshness. The desired attributes of these values may be specified to information sources by either a vector or a function. These information attributes are then mapped to data quality attributes so that an information source may be selected and proper controls instantiated in the network. Our results show that the network resources required varies non-linearly with the requested QoI. That is, by slightly reducing QoI requirements, far more pieces of information may be retrieved over a network. We have developed models that allow us to accurately characterize network scalability vs. QoI requirements. We have also developed a distributed processing algorithms to perform QoI-sensitive video analytics. We are also currently working on mapping queries made by humans into quality sensitive information requests given the imprecision of the requests.
Defense Threat Reduction Agency
As part of our DTRA project we are modeling the spread of failures across multiple interconnected networks, and developing recovery algorithms for massive failures with partial information. For the spread of failures, we developed a generic model of phenomena spreading for several different network structures and interconnect architectures. We have characterized which architectures and nodes speed or slow the spread of phenomena. For the recovery work, we have developed algorithms to provide minimum cost repairs to provide a baseline level of service to mission critical tasks. This work is being extended to the case where the full extent of the failure scenario is not known
Adam Smith, Major Projects
Large Scale Machine Learning Applications
This research focuses on methods that allow for large-scale machine learning applications that provide privacy for system users’ data. More generally, this research looks at the limits of machine learning systems — how much information about their data must they leak to be useful? To what extent can systemic problems like over-fitting be avoided? This work can be applied by government agencies and major tech companies.
Gang Gary Tan, Major Projects
GoNative Research Project
The goal of the GoNative research project is to enable safe execution of native code in software systems such as web browsers and type-safe programming languages (e.g., Java, Python, C#). We are exploring sandboxing techniques (e.g., Software-based Fault Isolation and Control-Flow Integrity) to constrain native code so that its execution won’t affect the safety of software systems. We are also designing new programming languages for writing safe glue code between native code and type-safe languages. Verifiable guarantees are what we strive for. We are leveraging formal methods to verify the security guarantees provided by our techniques.
Danfeng Zhang, Major Projects
Full-system Timing Channel Mitigation
Timing channels are long-standing threats to information security. Since computation time is affected by both software and hardware, detecting and preventing timing channels at a single level is doomed to fail. To fully address this threat, we propose an integrated approach to system security, in which security is enforced at the software level, at the hardware level, and across the software-hardware boundary.
Sencun Zhu, Major Projects
Software plagiarism detection
For both binary code and android apps, leveraging program logic and user interface.
Fully automated mechanisms
Designed to analyze information flow-level privacy leakage based on app functionality, and to generate and enforce privacy policies.
Analyze app review data
Used for detecting fake reviews and hired reviewers.