Warning: Array to string conversion in __TwigTemplate_be2c7612f37b13d7f76e6c377168607f->doDisplay() (line 171 of sites/sos-vo.org/files/php/twig/66e0a3c6f306c_node--project.html.twig_rC1UD7GNdQuFskvdCiJvHYfAe/sf44tdQRERkLxQ4DWgVMrRiUQO2sU1x9A0d9qeSUxns.php).
__TwigTemplate_be2c7612f37b13d7f76e6c377168607f->doDisplay(Array, Array) (Line: 360)
Twig\Template->yield(Array) (Line: 335)
Twig\Template->render(Array) (Line: 38)
Twig\TemplateWrapper->render(Array) (Line: 33)
twig_render_template('sites/sos-vo.org/themes/sosvo_refactor/templates/nodes/node--project.html.twig', Array) (Line: 348)
Drupal\Core\Theme\ThemeManager->render('node', Array) (Line: 491)
Drupal\Core\Render\Renderer->doRender(Array, ) (Line: 248)
Drupal\Core\Render\Renderer->render(Array) (Line: 475)
Drupal\Core\Template\TwigExtension->escapeFilter(Object, Array, 'html', NULL, 1) (Line: 61)
__TwigTemplate_41b09f85c305755245a12baf7fe3424e->doDisplay(Array, Array) (Line: 360)
Twig\Template->yield(Array) (Line: 335)
Twig\Template->render(Array) (Line: 38)
Twig\TemplateWrapper->render(Array) (Line: 33)
twig_render_template('core/themes/stable9/templates/views/views-view-unformatted.html.twig', Array) (Line: 348)
Drupal\Core\Theme\ThemeManager->render('views_view_unformatted', Array) (Line: 491)
Drupal\Core\Render\Renderer->doRender(Array) (Line: 504)
Drupal\Core\Render\Renderer->doRender(Array, ) (Line: 248)
Drupal\Core\Render\Renderer->render(Array) (Line: 475)
Drupal\Core\Template\TwigExtension->escapeFilter(Object, Array, 'html', NULL, 1) (Line: 86)
__TwigTemplate_512a6568a506b089d80523a98a6433e3->doDisplay(Array, Array) (Line: 360)
Twig\Template->yield(Array) (Line: 335)
Twig\Template->render(Array) (Line: 38)
Twig\TemplateWrapper->render(Array) (Line: 33)
twig_render_template('core/themes/stable9/templates/views/views-view.html.twig', Array) (Line: 348)
Drupal\Core\Theme\ThemeManager->render('views_view', Array) (Line: 491)
Drupal\Core\Render\Renderer->doRender(Array) (Line: 504)
Drupal\Core\Render\Renderer->doRender(Array, ) (Line: 248)
Drupal\Core\Render\Renderer->render(Array, ) (Line: 238)
Drupal\Core\Render\MainContent\HtmlRenderer->Drupal\Core\Render\MainContent\{closure}() (Line: 638)
Drupal\Core\Render\Renderer->executeInRenderContext(Object, Object) (Line: 239)
Drupal\Core\Render\MainContent\HtmlRenderer->prepare(Array, Object, Object) (Line: 128)
Drupal\Core\Render\MainContent\HtmlRenderer->renderResponse(Array, Object, Object) (Line: 90)
Drupal\Core\EventSubscriber\MainContentViewSubscriber->onViewRenderArray(Object, 'kernel.view', Object)
call_user_func(Array, Object, 'kernel.view', Object) (Line: 111)
Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch(Object, 'kernel.view') (Line: 186)
Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object, 1) (Line: 76)
Symfony\Component\HttpKernel\HttpKernel->handle(Object, 1, 1) (Line: 53)
Drupal\Core\StackMiddleware\Session->handle(Object, 1, 1) (Line: 48)
Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object, 1, 1) (Line: 28)
Drupal\Core\StackMiddleware\ContentLength->handle(Object, 1, 1) (Line: 32)
Drupal\big_pipe\StackMiddleware\ContentLength->handle(Object, 1, 1) (Line: 191)
Drupal\page_cache\StackMiddleware\PageCache->fetch(Object, 1, 1) (Line: 128)
Drupal\page_cache\StackMiddleware\PageCache->lookup(Object, 1, 1) (Line: 82)
Drupal\page_cache\StackMiddleware\PageCache->handle(Object, 1, 1) (Line: 50)
Drupal\ban\BanMiddleware->handle(Object, 1, 1) (Line: 48)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object, 1, 1) (Line: 51)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object, 1, 1) (Line: 36)
Drupal\Core\StackMiddleware\AjaxPageState->handle(Object, 1, 1) (Line: 51)
Drupal\Core\StackMiddleware\StackedHttpKernel->handle(Object, 1, 1) (Line: 741)
Drupal\Core\DrupalKernel->handle(Object) (Line: 19)
Warning: Array to string conversion in __TwigTemplate_be2c7612f37b13d7f76e6c377168607f->doDisplay() (line 171 of sites/sos-vo.org/files/php/twig/66e0a3c6f306c_node--project.html.twig_rC1UD7GNdQuFskvdCiJvHYfAe/sf44tdQRERkLxQ4DWgVMrRiUQO2sU1x9A0d9qeSUxns.php).
__TwigTemplate_be2c7612f37b13d7f76e6c377168607f->doDisplay(Array, Array) (Line: 360)
Twig\Template->yield(Array) (Line: 335)
Twig\Template->render(Array) (Line: 38)
Twig\TemplateWrapper->render(Array) (Line: 33)
twig_render_template('sites/sos-vo.org/themes/sosvo_refactor/templates/nodes/node--project.html.twig', Array) (Line: 348)
Drupal\Core\Theme\ThemeManager->render('node', Array) (Line: 491)
Drupal\Core\Render\Renderer->doRender(Array, ) (Line: 248)
Drupal\Core\Render\Renderer->render(Array) (Line: 475)
Drupal\Core\Template\TwigExtension->escapeFilter(Object, Array, 'html', NULL, 1) (Line: 61)
__TwigTemplate_41b09f85c305755245a12baf7fe3424e->doDisplay(Array, Array) (Line: 360)
Twig\Template->yield(Array) (Line: 335)
Twig\Template->render(Array) (Line: 38)
Twig\TemplateWrapper->render(Array) (Line: 33)
twig_render_template('core/themes/stable9/templates/views/views-view-unformatted.html.twig', Array) (Line: 348)
Drupal\Core\Theme\ThemeManager->render('views_view_unformatted', Array) (Line: 491)
Drupal\Core\Render\Renderer->doRender(Array) (Line: 504)
Drupal\Core\Render\Renderer->doRender(Array, ) (Line: 248)
Drupal\Core\Render\Renderer->render(Array) (Line: 475)
Drupal\Core\Template\TwigExtension->escapeFilter(Object, Array, 'html', NULL, 1) (Line: 86)
__TwigTemplate_512a6568a506b089d80523a98a6433e3->doDisplay(Array, Array) (Line: 360)
Twig\Template->yield(Array) (Line: 335)
Twig\Template->render(Array) (Line: 38)
Twig\TemplateWrapper->render(Array) (Line: 33)
twig_render_template('core/themes/stable9/templates/views/views-view.html.twig', Array) (Line: 348)
Drupal\Core\Theme\ThemeManager->render('views_view', Array) (Line: 491)
Drupal\Core\Render\Renderer->doRender(Array) (Line: 504)
Drupal\Core\Render\Renderer->doRender(Array, ) (Line: 248)
Drupal\Core\Render\Renderer->render(Array, ) (Line: 238)
Drupal\Core\Render\MainContent\HtmlRenderer->Drupal\Core\Render\MainContent\{closure}() (Line: 638)
Drupal\Core\Render\Renderer->executeInRenderContext(Object, Object) (Line: 239)
Drupal\Core\Render\MainContent\HtmlRenderer->prepare(Array, Object, Object) (Line: 128)
Drupal\Core\Render\MainContent\HtmlRenderer->renderResponse(Array, Object, Object) (Line: 90)
Drupal\Core\EventSubscriber\MainContentViewSubscriber->onViewRenderArray(Object, 'kernel.view', Object)
call_user_func(Array, Object, 'kernel.view', Object) (Line: 111)
Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch(Object, 'kernel.view') (Line: 186)
Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object, 1) (Line: 76)
Symfony\Component\HttpKernel\HttpKernel->handle(Object, 1, 1) (Line: 53)
Drupal\Core\StackMiddleware\Session->handle(Object, 1, 1) (Line: 48)
Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object, 1, 1) (Line: 28)
Drupal\Core\StackMiddleware\ContentLength->handle(Object, 1, 1) (Line: 32)
Drupal\big_pipe\StackMiddleware\ContentLength->handle(Object, 1, 1) (Line: 191)
Drupal\page_cache\StackMiddleware\PageCache->fetch(Object, 1, 1) (Line: 128)
Drupal\page_cache\StackMiddleware\PageCache->lookup(Object, 1, 1) (Line: 82)
Drupal\page_cache\StackMiddleware\PageCache->handle(Object, 1, 1) (Line: 50)
Drupal\ban\BanMiddleware->handle(Object, 1, 1) (Line: 48)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object, 1, 1) (Line: 51)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object, 1, 1) (Line: 36)
Drupal\Core\StackMiddleware\AjaxPageState->handle(Object, 1, 1) (Line: 51)
Drupal\Core\StackMiddleware\StackedHttpKernel->handle(Object, 1, 1) (Line: 741)
Drupal\Core\DrupalKernel->handle(Object) (Line: 19)
Towards a Scientific Basis for User Center Security Design
Co-Pi:
Robert Proctor
Abstract

Human interaction is an integral part of any system. Users have daily interactions with a system and make many decisions that affect the overall state of security. The fallibility of users has been shown but there is little research focused on the fundamental principles to optimize the usability of security mechanisms. We plan to develop a framework to design, develop and evaluate user interaction in a security context. We will (a) examine current security mechanisms and develop basic principles which can influence security interface design; (b) introduce new paradigms for security interfaces that utilize those principles; (c) design new human-centric security mechanisms for several problem areas to illustrate the paradigms; and (d) conduct repeatable human subject experiments to evaluate and refine the principles and paradigms developed in this research.

TEAM

PIs: Ting Yu, Ninghui Li (Purdue), Robert Proctor (Purdue)
Student: Zach Jorgensen

Quantifying Mobile Malware Threats
Abstract

In this project, we aim to systematize the knowledge base about existing mobile malware (especially on Android) and quantify their threats so that we can develop principled solutions to provably determine their presence or absence in existing marketplaces. The hypothesis is that there exist certain fundamental commonalities among existing mobile malware. Accordingly, we propose a mobile malware genome project called MalGenome with a large collection of mobile malware samples.  Based on the collection, we can then precisely systematize their fundamental commonalities (in terms of violated security properties and behaviors) and quantify their possible threats on mobile devices.  After that, we can develop principled solutions to scalably and accurately determine their presence in existing marketplaces. Moreover, to predict or uncover unknown (or zero-day) malware, we can also leverage the systematized knowledge base to generate an empirical prediction model. This model can also be rigorously and thoroughly evaluated for its repeatability and accuracy.

TEAM

PI: Xuxian Jiang
Student: Yajin Zhou

An Investigation of Scientific Principles Involved in Software Security Engineering
Lead PI:
Laurie Williams
Co-Pi:
Jeffrey Carver
Mladen Vouk
Abstract

Fault elimination part of software security engineering hinges on pro-active detection of potential vulnerabilities during software development stages. This project is currently working on a) an attack operational profile definition based on known software vulnerability classifications, and b) assessment of software testing strategies based on two assumptions a) funding and time constraint are a practical limit on the quality of security engineering (how to assess and leverage that), and b) how to automatically generate test cases that would be as efficient as human non-operational testing of software.

TEAM

PIs: Mladen Vouk, Laurie Williams, Jeffrey Carver
Student: Patrick Morrison

Laurie Williams

Laurie Williams is a Distinguished University Professor in the Computer Science Department of the College of Engineering at North Carolina State University (NCSU). Laurie is a co-director of the NCSU Secure Computing Institute and the NCSU Science of Security Lablet. She is also the Chief Cybersecurity Technologist of the SecureAmerica Institute. Laurie's research focuses on software security; agile software development practices and processes, particularly continuous deployment; and software reliability, software testing and analysis. Laurie has more than 240 refereed publications.

Laurie is an IEEE Fellow. Laurie was named an ACM Distinguished Scientist in 2011, and is an NSF CAREER award winner. In 2009, she was honored to receive the ACM SIGSOFT Influential Educator Award. At NCSU, Laurie was named a University Faculty Scholars in 2013. She was inducted into the Research Leadership Academy and awarded an Alumni Association Outstanding Research Award in 2016. In 2006, she won the Outstanding Teaching award for her innovative teaching and is an inductee in the NC State's Academy of Outstanding Teachers.

Laurie leads the Software Engineering Realsearch research group at NCSU. With her students in the Realsearch group, Laurie has been involved in working collaboratively with high tech industries like ABB Corporation, Cisco, IBM Corporation, Merck, Microsoft, Nortel Networks, Red Hat, Sabre Airline Solutions, SAS, Tekelec (now Oracle), and other healthcare IT companies. They also extensively evaluate open source software.

Laurie is one of the foremost researchers in agile software development and in the security of healthcare IT applications. She was one of the founders of the first XP/Agile conference, XP Universe, in 2001 in Raleigh which has now grown into the Agile 200x annual conference. She is also the lead author of the book Pair Programming Illuminated and a co-editor of Extreme Programming Perspectives. Laurie is also the instructor of a highly-rated professional agile software development course that has been widely taught in Fortune 500 companies. She also is a certified instructor of John Musa's software reliability engineering course, More Reliable Software Faster and Cheaper.

Laurie received her Ph.D. in Computer Science from the University of Utah, her MBA from Duke University Fuqua School of Business, and her BS in Industrial Engineering from Lehigh University.   She worked for IBM Corporation for nine years in Raleigh, NC and Research Triangle Park, NC before returning to academia.

Argumentation as a Basis for Reasoning about Security
Lead PI:
Munindar Singh
Abstract

This project involves the application of argumentation techniques for reasoning about policies, and security decisions in particular. Specifically, we are producing a security-enhanced argumentation framework that (a) provides not only inferences to draw but also actions to take; (b) considers multiparty argumentation; (c) measures the mass of evidence on both attacking and supporting arguments in order to derive a defensible conclusion with confidence; and (d) develops suitable critical questions as the basis for argumentation. The end result would be a tool that helps system administrators and other stakeholders capture and reason about their rationales as a way of ensuring that they make sound decisions regarding policies.

TEAM

PIs: Munindar P. Singh, Simon D. Parsons (CUNU)
Student: Nirav Ajmeri

Munindar Singh

Dr. Munindar P. Singh is Alumni Distinguished Graduate Professor in the Department of Computer Science at North Carolina State University. He is a co-director of the DoD-sponsored Science of Security Lablet at NCSU, one of six nationwide. Munindar’s research interests include computational aspects of sociotechnical systems, especially as a basis for addressing challenges such as ethics, safety, resilience, trust, and privacy in connection with AI and multiagent systems.

Munindar is a Fellow of AAAI (Association for the Advancement of Artificial Intelligence), AAAS (American Association for the Advancement of Science), ACM (Association for Computing Machinery), and IEEE (Institute of Electrical and Electronics Engineers), and was elected a foreign member of Academia Europaea (honoris causa). He has won the ACM/SIGAI Autonomous Agents Research Award, the IEEE TCSVC Research Innovation Award, and the IFAAMAS Influential Paper Award. He won NC State University’s Outstanding Graduate Faculty Mentor Award as well as the Outstanding Research Achievement Award (twice). He was selected as an Alumni Distinguished Graduate Professor and elected to NCSU’s Research Leadership Academy.

Munindar was the editor-in-chief of the ACM Transactions on Internet Technology from 2012 to 2018 and the editor-in-chief of IEEE Internet Computing from 1999 to 2002. His current editorial service includes IEEE Internet Computing, Journal of Artificial Intelligence Research, Journal of Autonomous Agents and Multiagent Systems, IEEE Transactions on Services Computing, and ACM Transactions on Intelligent Systems and Technology. Munindar served on the founding board of directors of IFAAMAS, the International Foundation for Autonomous Agents and MultiAgent Systems. He previously served on the editorial board of the Journal of Web Semantics. He also served on the founding steering committee for the IEEE Transactions on Mobile Computing. Munindar was a general co-chair for the 2005 International Conference on Autonomous Agents and MultiAgent Systems and the 2016 International Conference on Service-Oriented Computing.

Munindar’s research has been recognized with awards and sponsorship by (alphabetically) Army Research Lab, Army Research Office, Cisco Systems, Consortium for Ocean Leadership, DARPA, Department of Defense, Ericsson, Facebook, IBM, Intel, National Science Foundation, and Xerox.

Twenty-nine students have received Ph.D. degrees and thirty-nine students MS degrees under Munindar’s direction.

Shared Perceptual Visualizations For System Security
Abstract

We are studying how to harness human visual perception in information display, with a specific focus on ways to combine layers of data in a common, well-understood display framework. Our visualization techniques are designed to present data in ways that are efficient and effective, allowing an analyst to explore large amounts of data rapidly and accurately.

TEAM

PI: Christopher G. Healey
Student: Terry Rogers

Empirical Privacy and Empirical Utility of Anonymized Data
Abstract

TEAM

PI: Ting Yu
Students: Xi Gong, Entong Shen

Improving the Usability of Security Requirements by Software Developers through Empirical Studies and Analysis
Lead PI:
Travis Breaux
Co-Pi:
Laurie Williams
Array Array
Abstract

This project aims to discover general theory to explain what cues security experts use to decide when to apply security requirements and how to present those cues in the form of security patterns to novice designers in a way that yields improved security designs.

TEAM

PIs: Travis Breaux (CMU), Laurie Williams, & Jianwei Niu (CMU)
Student: Maria Riaz

Travis Breaux

Dr. Breaux is the Director of the CMU Requirements Engineering Lab, where his research program investigates how to specify and design software to comply with policy and law in a trustworthy, reliable manner. His work historically concerned the empirical extraction of legal requirements from policies and law, and has recently studied how to use formal specifications to reason about privacy policy compliance, how to measure and reason over ambiguous and vague policies, and how security and privacy experts and novices estimate the risk of system designs.

To learn more, read about his ongoing research projects or contact him.

Software Security Metrics
Lead PI:
Tao Xie
Co-Pi:
Laurie Williams
Ehab Al-Shaer
Abstract

Software security metrics are commonly considered as one critical component of science of security. We propose to investigate existing metrics and new security metrics to predict which code locations are likely to contain vulnerabilities. In particular, we will investigate security metrics to take into account of comprehensive factors such as software internal attributes, developers who develop the software, attackers who attack the software, and users who use the software. The project also investigates metrics to evaluate firewall security objectively.  The developed metrics including risk, usability and cost are used to automate the creation of security architecture and configurations.

TEAM

PIs: Tao Xie, Laurie Williams, & Ehab S. Al-Shaer (UNC-Charlotte)
Students: Jason King, Rahul Pandita, & Mahamed Alsaleh

Tao Xie
Developing a User Profile to Predict Phishing Susceptibility and Security Technology Acceptance
Lead PI:
Christopher Mayhorn
Co-Pi:
Emerson Murphy-Hill
Abstract

Phishing has become a serious threat in the past several years, and combating it is increasingly important. Why do certain people get phished and others do not? In this project, we aim to identify the factors that cause people to be susceptible and resistant to phishing attacks. In doing so, we aim to deploy adaptive anti-phishing measures.

The objective of this project is to design empirical privacy metrics that are independent of existing privacy models to naturally reflect the privacy offered by anonymization. We propose to model privacy attacks as an inference process and develop an inference framework over anonymized data (independent of specific privacy objects and techniques for data anonymization) where machine-learning techniques can be integrated to implement various attacks. The privacy metrics is then defined as the accuracy of the inference of individuals’ sensitive attributes. Data utility is modeled as a data aggregation process and thus can be measured in terms of accuracy of aggregate query answering. Our hypothesis is that, given the above empirical privacy and utility metrics, differential privacy based anonymization techniques offers a better privacy/utility tradeoff, when appropriate parameters are set. In particular, it is possible to improve utility greatly while imposing limited impact on privacy.

TEAM

PIs: Chris Mayhorn & Emerson Murphy-Hill
Students: Kyung Wha Hong & Chris Kelly

Christopher Mayhorn
Attaining Least Privilege Through Automatic Partitioning of Hybrid Programs
Lead PI:
William Enck
Abstract

This project investigates the hard problem of resilient architectures from the standpoint of enabling new potential for incorporating privilege separation into computing systems. However, privilege separation alone is insufficient to achieve strong security guarantees. It must also include a security policy for separated components without impacting the functional requirements of the system. The general hypothesis of this project is that, legacy computing systems contain emergent properties that allow automatic software partitioning for privilege separation capable of supporting practical least privilege security policies.

Team

PIs: William Enck & Xiaohui (Helen) Gu
Students: Adwait Nadkami, Tsun-Hsuan (Anson) Ho, Ashwin Shashidharan

William Enck
Subscribe to