Research

• Sponsor: RIT
• Amount: $2,100,000
• Period: June 2016 to May 2021

This project provides the initial funding to launch the Center and for six interdisciplinary seed projects.

• Sponsor: NSF SaTC
• Amount: $500,000 ($150,000 RIT share)
• Period: Sep. 2016 to Aug. 2019

In this transitions to practice (TTP) project, RIT will work with the Tor Project to implement a new defense against traffic analysis attacks in the Tor system.

• Sponsor: NSF
• Amount: $3,549,663
• Period: Jan. 2015-Dec. 2019

This project seeks to establish a new CyberCorps®: Scholarship for Service (SFS) program at the Rochester Institute of Technology (RIT) to prepare highly-qualified Cybersecurity professionals for entry into the federal, state, local, and tribal government workforce.

Sponsor: NSA

Amount: $118,926

Period: March 2017 - March 2018

The program designs a curriculum, develops all course materials, tests and evaluates them in real college classroom settings, compiles and disseminates the practical recommendations for delivery of a college level course on Intelligent Security Systems.

Sponsor: Eaton Corporation

Amount: $124,923.00

Period: Sept 2017 to Aug 2018

The goal of this project is to provide a cybersecurity assessment of industrial control and loT devices.

Sponcer: NSF SaTC

Amount: $167,450.

Period: Sept 2017 to Aug 2020

This projest presents a comprehensive research plan for specifying and enforcing federated security policies using an approach based on Proof-Carrying Code (PCC).

Sponsor: NSA

Amount: $99,110.00

Period: April 2017 to April 2018

This project to host two one-week Gencyber student summer camp at RIT.

Sponsor: NSF SaTC

Amount: $149,611.00

Period: Sept 2017 to Aug 2019

Cybersecurity can use anticipatory or proactive defense measures based on adversarial behavior and decision making, which are currently downplayed in existing technical research. Imagine a criminological theory that captures the dynamics of cyber crime and a corresponding simulator to generate attack scenarios that adapts to ever changing and diverse cyber vulnerabilities, defense, and adversary tactics. This collaborative project between RIT (PI Yang) and Temple University (PI Rege) aims at developing and evaluating an integrated Dynamic Routine Activities Theory (DRAT) aided by Monte-Carlo simulation so as to understand adversarial attack trajectories impacted by the various intrinsic and extrinsic factors.

Sponsor: USAF/Leidos, Inc.

Amount: $373,963.00

Period: Aug 2016 to Jan 2018

The project aims at developing and testing new automated methods that forecast cyber-attacks before they happen using unconventional sensors and signals. The unconventional sensors leverage data not typically used in practice today for cybersecurity (at least not in the way the data was originally intended), and may not be directly related to the potential victims or exploits used of the forecasted attacks. PI Yang and Co-PI McConky from RIT is part of a multidisciplinary industry-academia team to research, develop, integrate and test a prototype solution with cyber attack forecast models and algorithms.

Sponsor: NSA

Amount: $171,034.00

Period: Sept 2015- Dec 2016

Cyber attacks to enterprise networks or cyber warfare have moved into an era where both attackers and security officers utilize complex strategies to confuse and mislead one another. Critical attacks often take multitudes of reconnaissance, exploitations, and obfuscation to maneuver in a network to achieve the goal of cyber espionage and/or sabotage. This project builds upon Pi Yang and Co-PI Kuhl’s previous work on Multistage Attack Scenario Simulation (MASS) and develop a simulation environment to model diverse and ever-changing adversary behavior against various network defense configurations, including the deployment of MTDs.

Sponsor: HarrisRF

Amount: $48,000.00

Period: Nov 2016 to June 2017

The objective of this project is to design a unique Authenticated Encryption algorithm (MK-3) for an FPGA based radio architecture. The algorithm offers enhanced features including integrity verification, customization, enhanced military grade design and provable computational security.

Sponsor: VisualDx

Amount: $12,483.00

Period: Jan 2017-Feb 2017

SAFE lab will evaluate the extent to which a malicious agent could compromise VisaulDX customer data throught it's website.

Sponsor: USAF/​UTx

Amount: $10,000

Period: Sept 2016 - May 2017

This sub award from UTSA is a part of funding from DHS grant to support Collegiate Cyber Defense Competition. The fund is used to support the logistics of the Northeast regional competition hosted at RIT.

Sponsor: Department of Defense

Amount: $42,836

Period: Sept 2017- May 2018

The ANNEX II project is to support Cybersecurity outreach activities.

Sponsor: Harris RF

Amount: $24,000

Period: Dec 2017- July 2018

The objective of this project will be to investigate an innovative solution to the CDS (Cross Domain Solitions) problem using homomorphic or functional crytography principles as a possible option to the "high to low" cross domain problem.

Sponsor: DARPA/Secure Decisions

Amount: $48,500.00

Period: Oct 2017 to July 2018

Vulnerable software affords external attackers an easy way of gaining access to critical DoD and commercial systems. The significant number of weaknesses (both quality and security) per application provides camouflage for insider threats to insert vulnerabilities without drawing attention. Current automated tools for detecting security-related weaknesses in source code suffer from both false negatives and false positives: for example, they fail to find all types of vulnerabilities (false negatives) and produce thousands of unactionable findings (false positives). Sifting through the findings of source code analyzers in search of true positives is time-consuming and is most efficient when guided by heuristics that prioritize where to search first. While manual code reviews can find weaknesses that the automated tools miss,1 manual reviews are resource-intensive and need to be targeted to the code that is likely to contain significant quality and security issues.

Sponsor: NSF/Ball State University

Amount: $160,000.00

Period: July 2017 to July 2018

Software defect data has long been used to drive improvement of the software development process. Knowledge of how security defects, which are referred to as vulnerabilities, are discovered and resolved can be used to guide development of more accurate software assurance tools. In the security community there have been two approaches in utilizing this knowledge. Several researchers have used this knowledge and developed a number of different techniques such as fuzzing, static and dynamic code verifiers to verify if code contains security vulnerabilities. Another group of researchers have attempted to use this knowledge, extract metrics and leverage data mining and statistical techniques to perform vulnerability analysis. In this proposal, we empirically compare and validate each of these techniques.

Sponsor: NSF

Amount: $200,042.00

Period: Sept 2016 to Aug 2019

The project builds a proof-of-the-concept design, which will be used to develop, verify and promote a comprehensive methodology for data quality and cybersecurity (DQS) evaluation focusing on an integration of cybersecurity with other diverse metrics reflecting DQS, such as accuracy, reliability, timeliness, and safety into a single methodological and technological framework. The framework will include generic data structures and algorithms covering DQS evaluation. While the developed evaluation techniques will cover a wide range of data sources from cloud based data systems to embedded sensors, the framework's implementation will concentrate on using an ordinary user's owned mobile devices and Android based smartphones in particular. Its operation will be based on incorporating data and process provenance schemes along with the methods evaluating data and system accuracy, reliability and trustworthiness. Graph and game theories, machine learning, information and control theory, probability and fuzzy logic techniques will be employed.

Sponsor: NSF

Amount: $645,860.00

Period: Oct 2015 to Sept 2019

The Transition to Practice (TTP) option of the proposed Attack Strategy Synthesis and Ensemble Predictions of Threats (ASSERT) project will include software prototype development, deployment of ASSERT to test networks, and evaluation via a four-phase plan. The goal of this proposed optional effort is to demonstrate a robust use of ASSERT in real- world environments. In fact, the four-phase plan is to incrementally enhance the prototype in its ability to recognize attack strategies. The TTP option overlaps with the main Sa TC proposal in the last two years, and will begin with the algorithmic implementation of the semi-supervised learning framework and continue incorporating additional features and the ensemble prediction capability as they are developed.