A number of faculty and staff in the School of Computing conduct research on computer security and privacy. They work towards security and privacy goals utilizing a variety of perspectives including systems, networking, human-computer interaction, programming languages, and data management.
- Tamara Denning
- Eric Eide
- Sneha Kumar Kasera
- Feifei Li
- Matthew Might
- John Regehr
- Robert Ricci
- Kobus Van der Merwe
- Suresh Venkatasubramanian
Professor Denning’s research focuses on the human aspects of computer security and privacy, ranging from understanding how people use and reason about current technologies to designing security and privacy that better matches the human and logistical needs of people around the technology-user and non-user alike. Past areas of work include security for implantable medical devices, privacy issues surrounding augmented reality glasses, and security awareness and education.
Professor Kasera’s Advanced Networked Systems Research (ANSR) Group has several security research projects. His project on Measurements, Methodologies, and Applications of Spatio-temporal Variations of Wireless Link Characteristics focused on understanding and characterizing spatio-temporal variations of wireless links and have built several applications that benefit from these variations. The Wireless Device Fingerprinting project studied the physical characteristics of wireless devices to identify those unique characteristics that can serve as the fingerprints of devices. In the Distributed Friend-to-Friend Framework and Services Using Social Networks Project, the lab developed a novel framework by which applications can offer friend-to-friend (f2f) distributed services—p2p services among social peers—with resource sharing governed by approximated levels of social altruism.
Professor Li works on data and system security issues. In particular, he is interested at building large scale data management systems that preserve data and query security, for example, query authentication problems and query execution over encrypted data. He is also interested at system security in general, for example, integrity checking in the cloud and security issues inside a database management system.
Professor Might works on foundational security: eliminating vulnerabilities from software before it’s ever released. His lab focuses primarily on using static analysis to detect (and prove the absence of) software vulnerabilties and malicious behaviors. Professor Might is specifically interested in detecting memory usage vulnerabilities, resource usage vulnerabilites, and information leakage vulnerabilities.
Professor Regehr’s work addresses security problems via static analysis, program instrumentation, and automatic test-case generation. His favorite projects include a fuzzer that has found a large number of bugs in C compilers and an instrumentation framework for Clang that dynamically detects integer-related undefined behaviors in C/C++ code that has been part of LLVM since version 3.3.
Professor Ricci is part of the Flux Research Group and participants in the TCloud project. TCloud is a self-defending, self-evolving, and self-accounting trustworthy cloud platform.
Professor Van der Merwe, as Director of the Flux Research Group, oversees two of their security-themed research projects: TCloud and SeaCat. TCloud is a self-defending, self-evolving, and self-accounting trustworthy cloud platform. SeaCat (SDN End-to-end Application Containment) focuses on realizing end-to-end application containment in a healthcare setting, ensuring both the security and the performance of healthcare applications.
Professor Venkatasubramanian’s main research interests are in algorithms for big data and data mining, as well as data privacy. He’s also interested in certain aspects of algorithmic security (verifying properties of code as well as verifying cloud-based claims of correctness).
School of Computing faculty and staff have multiple security- and privacy-related collaborations across campus. This includes
collaborations with individuals in the Center for High Performance Computing, Electrical and Computer Engineering, and the Information Security Office Enterprise Security team.