Research Areas
- Cellular and Telephone Network Security
- Cloud Security
- Cryptography
- Human-Centered Security
- IoT Security
- Mobile Security
- Network Security
- Privacy
- Vulnerability Analysis
- Web Security and Privacy
Cellular and Telephone Network Security
The world has a fundamental reliance on the cellular and telephony system for secure communication and the establishment of identity. Our work is actively studying security risks in telephony systems, ranging from understanding robocalls to insecure VoIP systems. This work integrates knowledge from fields as diverse as signal processing and digital communications; data science, machine learning, and statistics; cryptography; program analysis; reverse engineering; and Internet and telephone networks.
Faculty Contacts:
Cloud Security
A significant amount of computation and storage is outsourced to public clouds. Our research seeks to design novel security architectures that provide enhanced security capabilities cloud environments. For example, we have proposed novel types of introspection using hypervisors that create new opportunities for forensics. We have also leveraged the elasticity and ephemeral natures of cloud computing to provide better resiliency to network-based attacks.
Faculty Contacts:
Cryptography
The Crypto Group focuses on designing protocols for advanced cryptographic tasks such as zero-knowledge proofs and secure computation, and applying them to enhance privacy in emerging technologies (e.g., blockchain). Our main activities are:
- Designing cryptographic protocols for enhancing anonymity of users with application to privacy-preserving blockchain transactions.
- Designing cryptographic building blocks that offer composable security guarantees, and can be plugged securely in complex systems.
- Designing cryptographic protocols that are agnostic to any specific hardness assumptions and can be instantiated with Post-Quantum secure primitives.
Faculty Contacts:
Human-Centered Security
Our research in human centered security and privacy investigates how human factors shape the security and privacy behavior of end users and software professionals. We study how security and privacy mechanisms interact with real workflows and constraints, and we analyze how people build, maintain, and distribute software in practice. This work informs systems that fit human needs and help software professionals manage security challenges.
Faculty Contacts:
IoT Security
Internet of Things (IoT) devices represent a significant security challenge due to their heterogeneity, scale, and resource constraints. Our research has taken a network-based approach to defending IoT smart home users, proposing novel frameworks for enhanced transparency and protection. Through these investigations, we have also discover fundamental design flaws in the ways in which smart home devices report telemetry and state, leading to ways in which attackers can blind and confuse smart home devices used for physical security.
Faculty Contacts:
Mobile Security
Mobile devices are a primary computing platform for many users, if not their only platform. Our search has significantly enhanced the state of mobile platform and application security through the development of novel analysis tools and new architecture that provide enhanced protections. These efforts include both static and dynamic program analysis tools for Android applications to discover malware, privacy infringements, and vulnerabilities. We have also targeted the platforms themselves, using static program analysis of the Android platform to discover missing or incorrect access control checks, as well as using reverse engineering to extract and formally model access control in iOS. Finally, we have also proposed generalized security frameworks for adapting the Android platform, as well as methods to incorporate strong Information Flow Control (IFC) guarantees.
Faculty Contacts:
Network Security
Our research seeks to better understand network security through a combination of empirical measurements and novel network architectural defenses. For example, we used Software Defined Networking (SDN) to build distributed information flow protections for enterprises, as well as new models for adaptively isolating IoT smart home devices.
Faculty Contacts:
Privacy
Our research covers a broad array of privacy topics in computing. Recent efforts have focused on privacy in mobile and Internet of Things (IoT) devices. In the mobile domain, we have used static and dynamic program analysis to study how applications abuse privacy sensitive information that is made available by the operating system (sometimes unintentionally). We have also used Natural Language Processing (NLP) to infer text input semantics as well as sharing and collection practices in privacy policies. In the IoT domain, we have built network frameworks to study privacy implications of smart home devices, as well as novel defenses for end users.
Faculty Contacts:
Vulnerability Analysis
Our research uses static and dynamic analysis to discover vulnerabilities in software applications and platforms. These efforts commonly include static program analysis, reverse engineering, and formally modeling of security requirements (e.g., access control logic). For example, we have studied flaws in access control policy and enforcement logic in both the Android and iOS mobile platforms, discovering over a dozen CVEs. We have also perform large scale studies of software ecosystems (e.g., GitHub) to better understand the types of vulnerabilities that these environments introduce (e.g., exposing secrets within code).
Faculty Contacts:
Web Security and Privacy
Our research seeks to better understand how the web works and evolves over time and how we can make it more secure for the users. Research efforts range from designing a secure browser architecture to measuring and understanding large-scale Internet attacks. Also we are working on building instrumented browsers that can enable us to explore ways in which online trackers are evolving and coming up with new ways to track our digital footprint.
Faculty Contacts:
