As more of our world gets connected online, we face growing risk of malicious attacks that can steal our data and our money, spy on us through our devices, undermine our infrastructure, and even take over our cars and put us in physical danger. We seek methods for protecting security and privacy in settings like these, leveraging techniques ranging from advanced cryptography to machine learning to Internet measurement and beyond.
Mohammed Armanuzzaman Tomal (advisor: Ziming Zhao)
Danielle Gonzalez (advisor: Mehdi Mirakhorli)
Sahil Gupta (advisor: H.B. Acharya)
Naureen Hoque (advisor: Hanif Rahbari)
Stephen Moskal (adviosor: Jay Yang)
Rayan Mosli (advisor: Yin Pan)
Mohammad Saidur Rahman (advisor: Matt Wright)
Joanna Santos (advisor: Mehdi Mirakhorli)
Hitesh Sapkota (advisor: Pradeep Murukannaiah)
Sovantharith (Max) Seng (advisor: Matt Wright)
Ali Shokri (advisor: Mehdi Mirakhorli)
Saniat John Sohrawardi (advisor: Matt Wright)
Shao-Hsuan (Steven) Su (advisor: Jay Yang)
Xi Tan (advisor: Ziming Zhao)
Gaurav Shivaji Wagh (advisor: Sumita Mishra)
Héctor Valdecantos (advisor: Mehdi Mirakhorli)
Gordon Werner (advisor: Jay Yang)
Waleed Zogaan (advisor: Mehdi Mirakhorli)
Computational Modeling and Simulation
Everyone uses modeling and simulation even without being aware of it. This course talks about mathematical and computational modeling and simulation as the tools to solve complex problems in the real world. Topics are divided by the category of modeling method: phenomenological models vs. mechanistic models. For mechanistic models, the course will cover differential equations (including variational principle to construct the differential equations, solutions to ordinary differential equations (ODE), and classical ODE systems) and cellular automaton in detail, and mention other mechanistic models. Similarly, for phenomenological models, the course will cover regression and neural networks in detail, and introduce other phenomenological models such as networks and power-law distributions. In parallel, paper review and discussion will serve as case studies of modeling of real-world complex systems, illustrating application domains. Course projects are required. Note: Knowledge in probability and statistics, linear algebra and calculus, experiences in computer programming/MATLAB, or permission of instructor is required.
Statistical Machine Learning
This course will cover supervised learning (linear methods, template methods, neural networks, decision trees, support vector machines), unsupervised learning (clustering, principal and independent components analysis), and related ideas (optimization, learning theory, Bayesian techniques, regularization, cross-validation, and the bias-variance tradeoff). Each student will complete several problem sets, including both mathematical and computer implementation problems. (Knowledge in probability and statistics, linear algebra and calculus, experiences in computer programming, or permission of instructor. Note: Familiarity with a numerical mathematics package (e.g. Matlab, Maple, Mathematica) is helpful but not required.
The objective of this course is to present the foundations of reconfigurable computing methodologies from both hardware and software perspectives. Topics covered are: architectures of modern field programmable gate arrays (FPGAs), digital system design methodologies using FPGAs, hardware-software co-design with embedded processors, hardware optimization techniques, system level integration under operating system, dynamic reconfiguration. Laboratory projects in which students will acquire a solid capability of Xilinx CAD tools and FPGA devices are required. The projects include the whole design flow: design of the system, VHDL modeling, software and hardware development, FPGA verification.
Hardware and Software Design for Cryptographic Applications
The objective of this course is to build knowledge and skills necessary for efficient implementations of cryptographic primitives on reconfigurable hardware. The implementation platform will be a field programmable gate array (FPGA) containing a general purpose processor and additional reconfigurable fabric for implementations of custom hardware accelerators. In the studio format, team projects require design of selected cryptographic primitives followed by comparison and contrast of various implementation alternatives, such as software, custom FPGA hardware, and hybrid hardware-software co-design. Project teams are ideally composed of one Computer Engineering student and one Software Engineering or Computer Science student. Computer Engineering students lead the hardware design portions of each project, and Software Engineering and Computer Science students lead the software development portions. Topics may include binary finite field arithmetic, block ciphers, hash functions, counter mode of operation for block ciphers, public key cryptosystems, hardware/software co-design methodologies with FPGAs, software development and profiling, high level synthesis, on-chip buses, hardware/software interfaces, custom hardware accelerators and side channel attacks.
Machine intelligence teaches devices how to learn a task without explicitly programming them how to do it. Example applications include voice recognition, automatic route planning, recommender systems, medical diagnosis, robot control, and even Web searches. This course covers an overview of machine learning topics with a computer engineering influence. Includes Matlab programming. Course topics include unsupervised and supervised methods, regression vs. classification, principal component analysis vs. manifold learning, feature selection and normalization, and multiple classification methods (logistic regression, regression trees, Bayes nets, support vector machines, artificial neutral networks, sparse representations, and deep learning).
Deep learning has been revolutionizing the fields of object detection, classification, speech recognition, natural language processing, action recognition, scene understanding, and general pattern recognition. In some cases, results are on par with and even surpass the abilities of humans. Activity in this space is pervasive, ranging from academic institutions to small startups to large corporations. This course emphasizes convolutional neural networks (CNNs) and recurrent neural networks (RNNs), but additionally covers reinforcement learning and generative adversarial networks. In addition to achieving a comprehensive theoretical understanding, students will understand current state-of-the-art methods, and get hands-on experience at training custom models using popular deep learning frameworks.
Seminar in Computing Security
This course offers an opportunity to learn about a specific seminar topic in more depth. The course description will be replaced by the specific instance of the seminar, as it is proposed by faculty.
Data Security and Privacy
This course examines policies, methods and mechanisms for securing enterprise and personal data and ensuring data privacy. Topics include data integrity and confidentiality; access control models; secure database architectures; secure transaction processing; information flow, aggregation, and inference controls; auditing; securing data in contemporary (relational, XML and other NO SQL) database systems; data privacy; and legal and ethical issues in data protection. Programming projects are required.
This course provides an introduction to secure coding including topics such as principles of secure coding, security architectures and design, operational practices and testing, programmatic use of cryptography, and defenses against software exploitation. Other topics include software based fault isolation, type-safe languages, certifying compilers; proof-carrying code, and automated program analysis and program rewriting. Programming projects, presentations, and a term paper will be required.
Foundations of Cryptography
This course provides an introduction to cryptography, its mathematical foundations, and its relation to security. It covers classical cryptosystems, private-key cryptosystems (including DES and AES), hashing and public-key cryptosystems (including RSA). The course also provides an introduction to data integrity and authentication. Note: students who complete CSCI-462 may not take CSCI-662 for credit.
Foundations of Security Measurement and Evaluation
The course will introduce students into the algorithmic foundations and modern methods used for security evaluation. It will combine a theoretical revision of the methods and models currently applied for computer security evaluation and an investigation of computer security through study of user's practice. The students will be required to complete a few home assignments, to deliver a class presentation, to implement a team project, to lead the team's work and to undertake research on the topic assigned.
Foundations of Intelligent Security Systems
The course will introduce students to the application of intelligent methodologies applications in computer security and information assurance system design. It will review different application areas such as intrusion detection and monitoring systems, access control and biological authentication, firewall structure and design. The students will be required to implement a course project on design of a particular security tool with an application of an artificial intelligence methodology and to undertake research and analysis of artificial intelligence applications in computer security.
Sensor and SCADA Security
This course is designed to provide students with knowledge of sensor network security with respect to practical implementations. In particular, secure sensor network design for Supervisor Control And Data Acquisition (SCADA) is discussed. SCADA encompasses technologies that manage and control much of the infrastructure that we depend on every day without realizing it. The failure or corruption of SCADA systems can not only be inconvenient but also hazardous when the resource is critical or life threatening. Securing SCADA systems is of great strategic importance. The role of sensor networks in SCADA is discussed and sensor security protocols for SCADA applications are evaluated and studied. To be successful in this course students should be knowledgeable in basic networking, systems, and security technologies.
Students will examine the areas of intrusion detection, evidence collection, network auditing, network security policy design and implementation as well as preparation for and defense against attacks. The issues and facilities available to both the intruder and data network administrator will be examined and evaluated with appropriate laboratory exercises to illustrate their effect. The students will be provided with an understanding of the principles and concepts of wired and wireless data network security. Students will perform a series of laboratory or homework experiments in order to explore various mechanisms for securing data networks including physical layer mechanisms, filters, applications and encryption. Students will engage in attack/defend scenarios to test their deployments against other teams. Students should be knowledgeable in networking technologies.
Graduate Seminar in Computing Security
This course explores current topics in Computing Security. It is intended as a place holder course for faculty to experiment new course offerings in Computing Security undergraduate program. Course specific details change with respect to each specific focal area proposed by faculty.
Topics in Systems
This course examines current topics in Systems. This is intended to allow faculty to pilot potential new graduate offerings. Specific course details (such as prerequisites, course topics, format, learning outcomes, assessment methods, and resource needs) will be determined by the faculty member(s) who propose a specific topics course in this area. Specific course instances will be identified as belonging to the Distributed Systems cluster, the Architecture and Operating Systems cluster, the Security cluster, or some combination of these three clusters.
This course investigates advanced topics in cryptography. It begins with an overview of necessary background in algebra and number theory, private- and public-key cryptosystems, and basic signature schemes. The course will cover number theory and basic theory of Galois fields used in cryptography; history of primality algorithms and the polynomial-time test of primality; discrete logarithm based cryptosystems including those based on elliptic curves; interactive protocols including the role of zero-knowledge proofs in authentication; construction of untraceable electronic cash on the net; and quantum cryptography, and one or more of digital watermarking, fingerprinting and stenography. Programming will be required.
Foundations of Data Science
A foundations course in data science, emphasizing both concepts and techniques. The course provides an overview of data analysis tasks and the associated challenges, spanning data preprocessing, model building, model evaluation, and visualization. Major families of data analysis techniques covered include classification, clustering, association analysis, anomaly detection, and statistical testing. The course includes a series of programming assignments which will involve implementation of specific techniques on practical datasets from diverse application domains, reinforcing the concepts and techniques covered in lectures.
Systems Modeling and Optimization
An introductory course in operations research focusing on modeling and optimization techniques used in solving problems encountered in industrial and service systems. Topics include deterministic and stochastic modeling methodologies (e.g., linear and integer programming, Markov chains, and queuing models) in addition to decision analysis and optimization tools. These techniques will be applied to application areas such as production systems, supply chains, logistics, scheduling, healthcare, and service systems.
Measuring and Improving routing security using RPKI [Chung]: Today there is a dearth of information available about the vulnerability of the RPKI, and how routers in the Internet have actually deployed and managed it. This project will develop techniques to better understand and improve the management of RPKI, helping to better secure the Internet.
SparkFHE: Distributed Dataflow Processing with Fully Homomorphic Encryption [Hu]: Cloud computing is indispensable today but outsourcing computation on private data to the Cloud can lead to privacy concerns. SparkFHE integrates fully homomorphic encryption and other cryptographic techniques into Apache Spark to enables privacy-preserving data analytics and machine learning in the Cloud. In this project, we develop cryptographic algorithms for efficiently and securely evaluating various machine learning models, such as logistic regression, deep neural network.
Resilient Design [Mirakhorli]: Architecture-first approach is more increasingly becoming the mainstream development approach for addressing cyber resiliency concerns in mission-critical and software-intensive systems. In such an approach, resilience and security is built in the system from the ground up and starts with robust architecture design. Therefore, the weaknesses in the architecture of a software system can have a greater impact on the system’s ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources. Despite the importance of the architecture-first approach to enhancing and ensuring the resiliency of mission-critical systems, the state of the art and practice lack automated tools to help engineers and architects reason the resiliency of their architecture, verify the correctness of architectural decisions, and detect the design weaknesses. In this project, we work on the development of practical solutions for addressing the above challenges.
Developing a lightweight privacy preserving framework for the Smart Grid [Mishra]: One of the impeding factors in the deployment of smart meters is the risk to consumer privacy. The functioning of the smart grid relies on the granular collection of smart metering data, which may reveal sensitive information related to consumer electricity usage. The objective of this research project is to develop a lightweight privacy preserving framework for smart metering data. We seek to develop this framework, without relying on trusted third parties.
Designing a resilient malware detection system against adversarial machine learning attacks [Pan, Yuan]: Adversarial machine learning is an emerging area that attempts to subvert machine learning models to produce misclassifications. we are trying evolutionary algorithms to regenerate adversarial examples to attack deep-learning malware detection models.
Detecting DeepFakes [Wright, Hickerson, Ptucha]: DeepFake videos like a fake presidential address could be used to undermine democracy and legitimate news. We are working with journalists to develop and deploy an AI-based tool to robustly detect DeepFakes and prevent their spread.
Website Fingerprinting in Tor [Wright]: The Tor anonymity system is vulnerable to traffic analysis attacks like website fingerprinting, and our project explores attacks and defenses based on deep learning and adversarial machine learning.
Dynamic Malware Detection System using Machine Learning Approaches for IoT Devices [Oh]: Internet of Things (IoT) is a term used to denote various appliances, low-level devices, and machines that have been connected to the Internet. In this project, we investigate security issues and solutions of IoT devices by examining different IoT protocols, services, devices, malware, and solutions. Several IoT devices and malware were selected from a particular application and evaluated for a security analysis. The results were used to propose a mitigation system for IoT devices. Our team is responsible for creating and developing the mitigation system using machine learning model approaches.
Detecting Android Malware using Cloud based Solution [Oh]: This research focuses on mobile device malware detection, especially in Android. A research team was created to dedicate significant effort to create cloud-based Android malware mitigation system with a focus on detecting botnet malware. The system considers signature-based as well as behavior-based analysis methods. Multiple levels of data collection were taken into consideration to obtain better analysis results. Our team has developed new algorithms that were used in both signature-based and behavior based analysis efficiently and efficiently. We planned to expand the research to detect malware more efficiently and effectively using real-time-based data analytic approaches.
Detection, Characterization, and Circumvention of Internet Censorship [Acharya]: The first focus of this research is to detect various forms of Internet Censorship: IP and URL blocking, DNS poisoning, and so on. We are interested in the policies as well as the mechanisms of censorship used by various countries. A question of particular interest is whether the censorship carried out by a country can affect its neighbors, as this is usually a violation of international law. Finally, we also study tools such as Decoy Routing, which aim to provide unblocked access to Internet users - particularly those who cannot otherwise access content censored by their ISP or government.
Machine learning for efficient modulation obfuscation [Rahbari]: Modulation obfuscation in wireless communications aims at hiding the payload's modulation scheme (hence, its transmission rate); eventually enhancing user privacy. The performance of modulation obfuscation is susceptible to residual carrier frequency offset (CFO). We investigate efficient machine learning methods to solve the complex problem of CFO-aware modulation obfuscation.
User anonymity without MAC address randomization [Rahbari]: Wi-Fi packets carry a MAC address in plaintext, which reveals the identity of the transmitter. In this project, we are investigating ways in which the frame preamble at the physical can convey a temporary transmitter identifier, allowing us to conceal the MAC address for better anonymity protection.
Trust in emerging wireless systems and communications [Rahbari]: Establishing trust between devices in IoT networks and among vehicles in emerging connected vehicle communications needs to be both lightweight and scalable. We are investigating physical-layer techniques, e.g., device fingerprinting and signal watermarking, to facilitate lightweight authentication.
Applied cryptography [Lukowiak, Radziszowski]: Our current research interests are in the applied cross-disciplinary area involving cryptographic engineering, secure communication technologies, reconfigurable computing, hardware and hardware-software systems, and high-performance computing. In particular we have been involved in research to advance secure communication technologies in military and government domains, side channel attacks on cryptographic primitives, and most recently in hardware-software solutions that would support deployment of homomorphic encryption (HE) techniques in the cloud.
Cache-side channel attacks on Embedded Platforms [Zhao]: The security of ARM TrustZone relies on the idea of splitting system-on-chip hardware and software into two worlds, namely normal world and secure world. We work on crossworld covert channels, which exploit the world-shared cache in the TrustZone architecture. We design a Prime+Count technique that only cares about how many cache sets or lines have been occupied. The coarser-grained approach signi!cantly reduces the noise introduced by the pseudo-random replacement policy and world switching. Using our Prime+Count technique, we build covert channels in single-core and cross-core scenarios in the TrustZone architecture.
CyberAMPS - Cyberattack Analytics, Modeling, Prediction, and Simulation [Yang]: CyberAMPS encompassses multiple projects and software prototypes, including CAPTURE, ASSERT, CASCADES, and SynGAN. ASSERT provides timely separation of intrusion alerts and empirically generated attack models to enhance cyber situation awareness. CASCADES integrates data-driven and theoretically grounded understanding of adversary behaviors to simulate synthetic cyber attack scenarios subject to a variety of network configurations. CAPTURE forecasts occurrences of future cyber attacks using a large number of seemingly irrelevant signals from the publicly accessible domains. SynGAN learns from moderate amount of intrusion logs to generate synthetic data that maintains critical and essential part of the joint feature distribution. In addition, an ongoing project aims at developing a unified front-end visual analytics to provide not only access to data consumed and generated by the aforementioned prototypes but also user interaction with the algorithmic processes that leads to a “trusted anticipatory intelligence” that will be essential to a much stronger cyber defense.