Cybersecurity Center faculty and students are working on model-checking and formal methods in the automated verification of safety and security of programs/protocols/database solutions. The automated analysis of such computer programs/protocols/database solutions pose difficult challenges that are part of on-going investigations. Our focus is on techniques that employ randomization and our goal is to develop novel practical formal analysis methods that reflect the partial observability on the part of the attacker in order to faithfully analyze such systems safety and security. These projects are funded by National Science Foundation. 

Cybersecurity Center faculty and students are working on the cyber-physical system (CPS) /Internet of Things (IoT) security, and robustness analysis of machine learning (ML) algorithms for Industry 4.0 applications. Industry 4.0 is the latest industrial revolution powered by state-of-the-art ML algorithms and IoT sensors. However, sensors and ML algorithms, both are known for their vulnerabilities to cyber-physical attacks. In the context of such complex CPS, these attacks can have catastrophic consequences as they are hard to detect. Our research focuses on analyzing the robustness of such systems at the design phase, and the detection of cyber-physical attacks at runtime.

Cybersecurity Center faculty and students are working on privacy issues in social networks. In ongoing projects funded by National Science Foundation, investigations are underway to help preserve privacy during online image sharing. Our objective is to design a comprehensive framework namely iPrivacy (image Privacy), which leverages multiple factors to automatically recommend personalized privacy settings for photo sharing, and hence releases users burden and provides better privacy practice. Unlike existing works on privacy recommendation that focus only on the privacy aspect, the iPrivacy system is the first one that seamlessly integrates techniques from two different domains: the image processing and privacy management, to provide a complete policy recommendation system that is automatic, easy to use and efficient in the real social networking environment whereby huge amounts of photos are shared. 

Cybersecurity Center faculty and students are working on a sound logical representation of complexity-theoretic, probabilistic formulation of security (provable security). Such a representation is amenable to automated verification, and can also be used to find attacks when proving security fails. Efforts are underway to build a library of first-order axioms that express various standard hardness assumptions such as the discrete-logarithm, or Diffie-Hellman assumptions, as well as axioms of standard complexity-theoretic properties of cryptographic primitives, such as security against chosen plaintext or ciphertext attacks. We employ such axioms to verify various properties of protocols, such as secrecy, anonymity, authentication, etc, even of complex ones such as voting protocols. Effectiveness of our approach can be seen from our discovery of new attacks in even simple protocols such as the Needham-Schroeder-Lowe protocol. 

Secure Multiparty Computation (SMC) offers  a way to evaluate a polynomially-bounded functionality based on data from multiple independent parties, without disclosing their own data to the other participating parties. SMC can be used to develop highly secure solutions to protecting personal privacy and data security. Our faculty has been developing privacy-preserving protocols related to data mining and machine learning,  friend recommendations in social networks, anonymous communications, and distributed firewalls for enhancing network security. We are also working on novel and efficient designs of SMC primitives, such as comparison and evaluation of arithmetic circuits.