Challenges: Traditional layers of cybersecurity are an indispensable part of a multi-layered defense-in-depth strategy. These layers are amazingly effective at detecting and blocking known threats. However, we regularly find that adversaries still manage to bypass traditional layers of defense and live off the land undetected long enough to complete their…
Despite persistent and continuous efforts in the cyber-domain to produce software that is resilient to cybersecurity attacks, software security remains an unmatched challenge as attackers sooner or later find a way to breach adopted security measures. Software supply chain attacks are of particular concern to software security. These attacks seek…
In the United States, people are increasingly turning to online sources to find information about elections. Election information includes everything from mail-in ballot instructions to candidate Facebook page posts. In the U.S., as well as around the world, online misinformation threatens democratic systems. Politicians, technology companies, journalists, and voters all…
Smart cities lie at the evolving intersection of people and digital technologies. Establishing cross-sector cybersecurity protocols that treat the smart city as an interdependent assemblage of activities entails more than addressing the costs associated with responding to cyberattacks. This research proposal seeks to answer the question: What are the transaction…
Our study aims to investigate the social and psychological implications of targeted advertising on individuals with stigmatized health identities. With nearly every user on social media platforms encountering personalized advertising, the personal data economy has become a major component of our everyday lives. This use of personal data, especially as…
Robustness becomes one of the most desired properties in machine learning (ML) models due to their increasing adoption in safety/security-sensitive settings. Most attempts to train robust methods against adversarial manipulation rely on expensive robust optimization and a large amount of data. As a result, they are difficult to scale and…
Privacy regulation compliance is becoming a burden for most companies due to the high cost and inefficiency of human auditing. We propose a regulation enforcement framework, PrivGuard, to reduce the cost and improve productivity by partly replacing human-auditing with a static analyzer. One open challenge is that the static analysis…
As end-to-end encrypted storage and messaging services become widely adopted, law enforcement agencies have increasingly expressed concern that such services interfere with their ability to maintain public safety. Indeed, there is a direct tension between preserving user privacy and enabling content moderation on such platforms. Recent research has begun to…
The California Consumer Privacy Act (CCPA) provides California residents with a range of enhanced privacy protections and rights. Our project aims to investigate the extent to which Android app developers comply with the provisions of the California Consumer Privacy Act (CCPA) that require them to provide consumers with accurate privacy…
Multi-factor authentication (MFA) — logging in with a combination of at least two of something you know, something you physically have, or something you are — has consistently been shown to drastically increase the security of online accounts compared to the use of a password alone. Though many online services…