Grant Year: 2022

August 8, 2022

Kohana

Challenges: Traditional layers of cybersecurity are an indispensable part of a multi-layered defense-in-depth strategy. These layers are amazingly effective at detecting and blocking known threats. However, we regularly find that adversaries still manage to bypass traditional layers of defense and live off the land undetected long enough to complete their…

March 23, 2022

Towards a Security-Aware SBOM Framework

Despite persistent and continuous efforts in the cyber-domain to produce software that is resilient to cybersecurity attacks, software security remains an unmatched challenge as attackers sooner or later find a way to breach adopted security measures. Software supply chain attacks are of particular concern to software security. These attacks seek…

January 25, 2022

Understanding Governance, Values, and Identity in the Online Election Information Infrastructure

In the United States, people are increasingly turning to online sources to find information about elections. Election information includes everything from mail-in ballot instructions to candidate Facebook page posts. In the U.S., as well as around the world, online misinformation threatens democratic systems. Politicians, technology companies, journalists, and voters all…

January 25, 2022

Transaction Costs of Cybersecurity Governance in Smart City Initiatives

Smart cities lie at the evolving intersection of people and digital technologies. Establishing cross-sector cybersecurity protocols that treat the smart city as an interdependent assemblage of activities entails more than addressing the costs associated with responding to cyberattacks. This research proposal seeks to answer the question: What are the transaction…

January 25, 2022

Robust Object Classification via Part-Based Models

Robustness becomes one of the most desired properties in machine learning (ML) models due to their increasing adoption in safety/security-sensitive settings. Most attempts to train robust methods against adversarial manipulation rely on expensive robust optimization and a large amount of data. As a result, they are difficult to scale and…

January 25, 2022

PrivGuard: Privacy Regulation Compliance Made Easier

Privacy regulation compliance is becoming a burden for most companies due to the high cost and inefficiency of human auditing. We propose a regulation enforcement framework, PrivGuard, to reduce the cost and improve productivity by partly replacing human-auditing with a static analyzer. One open challenge is that the static analysis…

January 25, 2022

Increasing the Usability of Multi-Factor Authentication (MFA) Recovery Mechanisms

Multi-factor authentication (MFA) — logging in with a combination of at least two of something you know, something you physically have, or something you are — has consistently been shown to drastically increase the security of online accounts compared to the use of a password alone. Though many online services…