Research

• Sponsor: RIT
• Amount: $2,100,000
• Period: June 2016 to May 2021

This project provides the initial funding to launch the Center and for six interdisciplinary seed projects.

• Sponsor: NSF SaTC
• Amount: $500,000 ($150,000 RIT share)
• Period: Sep. 2016 to Aug. 2019

In this transitions to practice (TTP) project, RIT will work with the Tor Project to implement a new defense against traffic analysis attacks in the Tor system.

• Sponsor: NSF
• Amount: $3,549,663
• Period: Jan. 2015-Dec. 2019

This project seeks to establish a new CyberCorps®: Scholarship for Service (SFS) program at the Rochester Institute of Technology (RIT) to prepare highly-qualified Cybersecurity professionals for entry into the federal, state, local, and tribal government workforce.

Sponsor: Eaton Corporation

Amount: $142,325

Period: Sept 2018 to Aug 2019

The goal of this project is to provide a cybersecurity assessment of industrial control and loT devices.

Sponsor: NSF SaTC

Amount: $149,611.00

Period: Sept 2017 to Aug 2019

Cybersecurity can use anticipatory or proactive defense measures based on adversarial behavior and decision making, which are currently downplayed in existing technical research. Imagine a criminological theory that captures the dynamics of cyber crime and a corresponding simulator to generate attack scenarios that adapts to ever changing and diverse cyber vulnerabilities, defense, and adversary tactics. This collaborative project between RIT (PI Yang) and Temple University (PI Rege) aims at developing and evaluating an integrated Dynamic Routine Activities Theory (DRAT) aided by Monte-Carlo simulation so as to understand adversarial attack trajectories impacted by the various intrinsic and extrinsic factors.

Sponsor: USAF/Leidos, Inc.

Amount: $499,479.00

Period: Aug 2016 to March 2019

The project aims at developing and testing new automated methods that forecast cyber-attacks before they happen using unconventional sensors and signals. The unconventional sensors leverage data not typically used in practice today for cybersecurity (at least not in the way the data was originally intended), and may not be directly related to the potential victims or exploits used of the forecasted attacks. PI Yang and Co-PI McConky from RIT is part of a multidisciplinary industry-academia team to research, develop, integrate and test a prototype solution with cyber attack forecast models and algorithms.

Sponsor: VisualDx

Amount: $11,292.00

Period: June 2018-July 2018

SAFE lab will evaluate the extent to which a malicious agent could compromise VisaulDX customer data throught it's website.

Sponsor: Department of Defense

Amount: $100,202

Period: Aug 2018- Aug 2019

This scholarship is provided to a undergraduate students via Information Assurance Scholarship Program sponsored by the Department of Defense.

Sponsor: DARPA/Secure Decisions

Amount: $48,500.00

Period: Oct 2017 to July 2018

Vulnerable software affords external attackers an easy way of gaining access to critical DoD and commercial systems. The significant number of weaknesses (both quality and security) per application provides camouflage for insider threats to insert vulnerabilities without drawing attention. Current automated tools for detecting security-related weaknesses in source code suffer from both false negatives and false positives: for example, they fail to find all types of vulnerabilities (false negatives) and produce thousands of unactionable findings (false positives). Sifting through the findings of source code analyzers in search of true positives is time-consuming and is most efficient when guided by heuristics that prioritize where to search first. While manual code reviews can find weaknesses that the automated tools miss,1 manual reviews are resource-intensive and need to be targeted to the code that is likely to contain significant quality and security issues.

Sponsor: NSF/Ball State University

Amount: $160,000.00

Period: July 2017 to July 2019

Software defect data has long been used to drive improvement of the software development process. Knowledge of how security defects, which are referred to as vulnerabilities, are discovered and resolved can be used to guide development of more accurate software assurance tools. In the security community there have been two approaches in utilizing this knowledge. Several researchers have used this knowledge and developed a number of different techniques such as fuzzing, static and dynamic code verifiers to verify if code contains security vulnerabilities. Another group of researchers have attempted to use this knowledge, extract metrics and leverage data mining and statistical techniques to perform vulnerability analysis. In this proposal, we empirically compare and validate each of these techniques.

Sponsor: NSF

Amount: $200,042.00

Period: Sept 2016 to Aug 2019

The project builds a proof-of-the-concept design, which will be used to develop, verify and promote a comprehensive methodology for data quality and cybersecurity (DQS) evaluation focusing on an integration of cybersecurity with other diverse metrics reflecting DQS, such as accuracy, reliability, timeliness, and safety into a single methodological and technological framework. The framework will include generic data structures and algorithms covering DQS evaluation. While the developed evaluation techniques will cover a wide range of data sources from cloud based data systems to embedded sensors, the framework's implementation will concentrate on using an ordinary user's owned mobile devices and Android based smartphones in particular. Its operation will be based on incorporating data and process provenance schemes along with the methods evaluating data and system accuracy, reliability and trustworthiness. Graph and game theories, machine learning, information and control theory, probability and fuzzy logic techniques will be employed.

Sponsor: NSF

Amount: $645,860.00

Period: Oct 2015 to Sept 2019

The Transition to Practice (TTP) option of the proposed Attack Strategy Synthesis and Ensemble Predictions of Threats (ASSERT) project will include software prototype development, deployment of ASSERT to test networks, and evaluation via a four-phase plan. The goal of this proposed optional effort is to demonstrate a robust use of ASSERT in real- world environments. In fact, the four-phase plan is to incrementally enhance the prototype in its ability to recognize attack strategies. The TTP option overlaps with the main Sa TC proposal in the last two years, and will begin with the algorithmic implementation of the semi-supervised learning framework and continue incorporating additional features and the ensemble prediction capability as they are developed.

Sponsor: NSF

Amount: $299,994

Period: Oct 2018 to Sept 2021

Our collaborative effort with the National Technical Institute for the Deaf (NTID) will address the shortage of accessible software. We will develop a set of accessibility educational activities referred to as Accessibility Learning Labs (ALL), designed to educate and create awareness of accessibility needs for developers.

Sponsor: NSF

Amount: $439,135.00

Period: Oct 2018 to Sept 2021

 This project takes an empirical approach to study and characterize architectural vulnerabilities. In this project we identify the root causes of architectural vulnerabilities and their impact on software security, privacy and trustworthiness.

Sponsor: NSF

Amount: $500,000

Period: Aug 2018 to July 2021

The goal of this project is to explore the new landscape of WF attacks and defenses in light of our recent findings with deep learning. A key aspect of the work is that we will leverage and build upon recent advances in adversarial machine learning and be the first to apply these new findings to the context of traffic analysis.

Sponsor: NSF

Amount: $374,238

Period: Sept 2018 to Aug 2021

The goal of this project is to develop the Software Architecture INstrument (SAIN), a first-of-its-kind integration framework for assembling architecture-related techniques and tools with the goal of enabling empirical research in this domain.

Sponsor: Canandaigua City School District

Amount: $7,717

Period: July 2018 to Aug 2018

SAFE Lab will conduct a penetration test against Canandaigua Public Schools' network environment

Sponsor: NSA/NCSU

Amount: $68,679

Period: April 2018 to Sept 2022

This project will be growing the science of cybersecurity by developing metrics to predict vulnerabilities.

Sponsor: NSA

Amount: $130,908

Period; May 2018 to May 2019

This project calls for GenCyber camps on the RIT campus in the summer of 2018 to address the national need of skilled cybersecurity professionals.