Focusing on research and education in the US national interest is a priority for the Cybersecurity Center faculty and students. Several research grants and contracts have been secured for many cybersecurity projects with US DOD and Intelligence agencies including the US Naval Research Laboratory, US Army Research Laboratory and National Security Agency, as well as the National Science Foundation and US Department of Energy. Cybersecurity Center faculty and students have a strong publication record in competitive, top conferences and journals in interdisciplinary cyber security (e.g., Journal of Computer Security, ACM Computer and Communications Security, IEEE INFOCOM, IEEE Transactions on Services Computing, IEEE Transactions in Network Service Management, IEEE Transactions on Cloud Computing, among others).
Cloud and Data Security
Cybersecurity Center faculty and students are working on usable cybersecurity in order to systematically study the synergies as well as constraints in balancing resilience (security) and user experience (performance/usability). At MU, projects funded by the National Science Foundation are underway to investigate new foundations and architectures for usable cybersecurity by considering the CIA triad (Confidentiality, Integrity and Availability) requirements. Our goal is to advance the state-of- the-art in usable cybersecurity relating to access control, anomaly detection, defense using pretense, and other cyber defense concepts. We particularly focus on the context of cloud-hosted application architectures and services delivery within operational environments of media content providers (e.g., just-in-time news feeds, video streaming, health information sharing, video gaming, social virtual reality).
Formal Methods in Security
Cybersecurity Center faculty and students are working on model-checking and formal methods in the automated verification of safety and security of programs/protocols/database solutions. The automated analysis of such computer programs/protocols/database solutions pose difficult challenges that are part of on-going investigations. Our focus is on techniques that employ randomization and our goal is to develop novel practical formal analysis methods that reflect the partial observability on the part of the attacker in order to faithfully analyze such systems safety and security. These projects are funded by National Science Foundation.
Cybersecurity Center faculty and students are working on the cyber-physical system (CPS) /Internet of Things (IoT) security, and robustness analysis of machine learning (ML) algorithms for Industry 4.0 applications. Industry 4.0 is the latest industrial revolution powered by state-of-the-art ML algorithms and IoT sensors. However, sensors and ML algorithms, both are known for their vulnerabilities to cyber-physical attacks. In the context of such complex CPS, these attacks can have catastrophic consequences as they are hard to detect. Our research focuses on analyzing the robustness of such systems at the design phase, and the detection of cyber-physical attacks at runtime.
Privacy in Pervasive Environments
Cybersecurity Center faculty and students are working on privacy issues in social networks. In ongoing projects funded by National Science Foundation, investigations are underway to help preserve privacy during online image sharing. Our objective is to design a comprehensive framework namely iPrivacy (image Privacy), which leverages multiple factors to automatically recommend personalized privacy settings for photo sharing, and hence releases users burden and provides better privacy practice. Unlike existing works on privacy recommendation that focus only on the privacy aspect, the iPrivacy system is the first one that seamlessly integrates techniques from two different domains: the image processing and privacy management, to provide a complete policy recommendation system that is automatic, easy to use and efficient in the real social networking environment whereby huge amounts of photos are shared.
Cybersecurity Center faculty and students are working on a sound logical representation of complexity-theoretic, probabilistic formulation of security (provable security). Such a representation is amenable to automated verification, and can also be used to find attacks when proving security fails. Efforts are underway to build a library of first-order axioms that express various standard hardness assumptions such as the discrete-logarithm, or Diffie-Hellman assumptions, as well as axioms of standard complexity-theoretic properties of cryptographic primitives, such as security against chosen plaintext or ciphertext attacks. We employ such axioms to verify various properties of protocols, such as secrecy, anonymity, authentication, etc, even of complex ones such as voting protocols. Effectiveness of our approach can be seen from our discovery of new attacks in even simple protocols such as the Needham-Schroeder-Lowe protocol.
Secure Multiparty Computation
Secure Multiparty Computation (SMC) offers a way to evaluate a polynomially-bounded functionality based on data from multiple independent parties, without disclosing their own data to the other participating parties. SMC can be used to develop highly secure solutions to protecting personal privacy and data security. Our faculty has been developing privacy-preserving protocols related to data mining and machine learning, friend recommendations in social networks, anonymous communications, and distributed firewalls for enhancing network security. We are also working on novel and efficient designs of SMC primitives, such as comparison and evaluation of arithmetic circuits.