The Security area spans topics from networking to cryptography to secure databases. By choosing different domains in which to study security students can gain a broad understanding of both theoretical and applied knowledge.
- Prof. Hans-Peter Bischof
- Prof. Chris Homan
- Prof Peizhou Hu
- Prof. Alan Kaminsky
- Prof. James Minseok Kwon
- Prof. Stanislaw P. Radziszowski
- Prof. Rajendra K. Raj
- Prof. Leon Reznik
- Prof. Warren R. Carithers
Selected Research Projects
Access Control for Secure Information Sharing
This project explores the development of newer robust and flexible models for access control for secure information sharing because current techniques based on Role-Based Access Control and newer techniques based on Attribute-Based Access Control (ABAC) have significant shortcomings. The BiLayer Access Control (BLAC) model, developed by this project, is a two-step method to integrate attributes with roles. Preliminary results of this approach seem promising and current work focuses on implementing and evaluating a proof-of-concept. A related project focuses on the development of principles, policies and tools for protection of information, and a methodology to assess the effectiveness of current access control models such as Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) in mitigating insider threats.
An OpenFlow-enabled Network Intrusion Detection Using Bloom Filters
We develop a network intrusion detection system that can test packets nearly at line speed with relatively high accuracy using a Bloom filter for packet filtering. Our system is implemented on an OpenFlow-enabled switch in which control and data planes are separated, so that the system is easily extensible.
Continuous user's authentication based on an interaction with a keyboard and other input devices
Continuous authentication schemes may significantly improve an access control mechanism because they can allow or deny usage of a system based on unique biometric features for the given user over a whole session. In this project we study several data filtering and feature extraction techniques that can be used in continuous authentication schemes to increase their classification accuracy. The multilayer access control is examined with its implementation on a variety of platforms from desktops to mobile devices.
Data quality (DQ) evaluation and assurance
The project develops a comprehensive data quality (DQ) evaluation and assurance methodology and tools focusing on an integration of various factors affecting DQ in CPS systems including accuracy, reliability, timeliness, security, and safety into a single methodological and technological framework.
Evaluation of security of ordinary computer users practice.
In this work, we seek to focus on a particular facet of general user security practices by analyzing the relationship between the occupation of such users and their personal computer security practices. In doing so, we hope to reveal the extent to which computer security practices are influenced by day-to-day occupations and activities.
This project seeks to develop principles, policies and architectures for integrating real-time fusion of emergency management data from multiple sources.
Homomorphic Encryption and its practical applications
Homomorphic Encryption (HE) has been recognized by the community as the “holy grail” of cryptography, and modern Cloud computing. It enables us to perform computation on data that we cannot “see” --- because the data is encrypted. In this project, our team is investigating on the mathematical foundation of HE and developing techniques that make HE more practical.
Intrusion Detection in Cyberphysical Systems based on SNADS
Systems Anomaly Detection System (SNADS) is designed as an implementation platform for contents based security enhancement protocols in cyberphysical systems. SNADS system is aimed to be modular, extensible, robust, and scalable. By providing a generic sensor abstraction and sensor-definable configuration mechanisms, SNADS allows for simple, secure management of arbitrary sensor networks. By supporting network nodes with different hardware and software configurations, SNADS will be a versatile cross platform tool. Modularity is achieved via a central signaling system, which allows components to work together. This setup allows for simple runtime reconfiguration of the SNADS system and minimizes the damage, which a malfunctioning component can cause.
Applications of parallel computing to cryptographic problems involving massive computation: cryptographic attacks, statistical analysis of cryptographic functions, attacks involving parallel SAT solvers.