William Sanders
Performance Period: 11/01/2016 - 06/01/2017
Abstract
Critical infrastructure is increasingly comprised of distributed, inter--‐dependent components and information that is vulnerable to sophisticated, multi--‐stage cyber--‐attacks. These attacks are difficult to understand as isolated incidents, and thus to improve understanding and response, organizations must rapidly share high quality threat, vulnerability and exploit--‐related, cyber--‐security information. However, pervasive and ubiquitous computing has blurred the boundary between work--‐related and personal data. This includes both the use of workplace computers for personal purposes, and the increase in publicly available, employee information that can be used to gain unauthorized access to systems through attacks targeted at employees.
To address this challenge, we envision a two part solution that includes: (1) the capability to assign information category tags to data “in transit” and “at rest” using an ontology that describes what information is personal and non--‐personal; and (2) a scoring algorithm that computes the “privacy risk” of some combination of assigned tags.
Travis Breaux
Dr. Breaux is the Director of the CMU Requirements Engineering Lab, where his research program investigates how to specify and design software to comply with policy and law in a trustworthy, reliable manner. His work historically concerned the empirical extraction of legal requirements from policies and law, and has recently studied how to use formal specifications to reason about privacy policy compliance, how to measure and reason over ambiguous and vague policies, and how security and privacy experts and novices estimate the risk of system designs.
To learn more, read about his ongoing research projects or contact him.
Performance Period: 02/15/2016 - 06/01/2017
Abstract
Anonymity is a basic right and a core aspect of Internet. Recently, there has been tremendous interest in anonymity and privacy in social networks, motivated by the natural desire to share one’s opinions without the fear of judgment or personal reprisal (by parents, authorities, and the public). We propose to study the fundamental questions associated with building such a semi-distributed, anonymous messaging platform, which aims to keep anonymous the identity of the source who initially posted a message as well as the identity of the relays who approved and propagated the message.
Pramod Viswanath
Institution: University of Illinois at Urbana-Champaign
Laurie Williams
Laurie Williams is a Distinguished University Professor in the Computer Science Department of the College of Engineering at North Carolina State University (NCSU). Laurie is a co-director of the NCSU Secure Computing Institute and the NCSU Science of Security Lablet. She is also the Chief Cybersecurity Technologist of the SecureAmerica Institute. Laurie's research focuses on software security; agile software development practices and processes, particularly continuous deployment; and software reliability, software testing and analysis. Laurie has more than 240 refereed publications.
Laurie is an IEEE Fellow. Laurie was named an ACM Distinguished Scientist in 2011, and is an NSF CAREER award winner. In 2009, she was honored to receive the ACM SIGSOFT Influential Educator Award. At NCSU, Laurie was named a University Faculty Scholars in 2013. She was inducted into the Research Leadership Academy and awarded an Alumni Association Outstanding Research Award in 2016. In 2006, she won the Outstanding Teaching award for her innovative teaching and is an inductee in the NC State's Academy of Outstanding Teachers.
Laurie leads the Software Engineering Realsearch research group at NCSU. With her students in the Realsearch group, Laurie has been involved in working collaboratively with high tech industries like ABB Corporation, Cisco, IBM Corporation, Merck, Microsoft, Nortel Networks, Red Hat, Sabre Airline Solutions, SAS, Tekelec (now Oracle), and other healthcare IT companies. They also extensively evaluate open source software.
Laurie is one of the foremost researchers in agile software development and in the security of healthcare IT applications. She was one of the founders of the first XP/Agile conference, XP Universe, in 2001 in Raleigh which has now grown into the Agile 200x annual conference. She is also the lead author of the book Pair Programming Illuminated and a co-editor of Extreme Programming Perspectives. Laurie is also the instructor of a highly-rated professional agile software development course that has been widely taught in Fortune 500 companies. She also is a certified instructor of John Musa's software reliability engineering course, More Reliable Software Faster and Cheaper.
Laurie received her Ph.D. in Computer Science from the University of Utah, her MBA from Duke University Fuqua School of Business, and her BS in Industrial Engineering from Lehigh University. She worked for IBM Corporation for nine years in Raleigh, NC and Research Triangle Park, NC before returning to academia.
Performance Period: 03/17/2016 - 03/17/2017
Institution: NC State University