Browse
A Comprehensive Policy-Driven Framework for Online Privacy Protection: Integrating IT, Human, Legal and Economic Perspectives
↓Privacy is increasingly a major concern that prevents the exploitation of the Internet’s full potential. Consumers are concerned about the trustworthiness of the websites to which they entrust their sensitive information. Although significant industry efforts are seeking to better protect sensitive information online, existing solutions are still fragmented and far from satisfactory. Specifically, existing languages for specifying privacy policies lack a formal and unambiguous semantics, are limited in expressive power and lack enforcement as well as auditing support. Moreover, existing privacy management tools aimed at increasing end-users’ control over their privacy are limited in capability or difficult to use. This project seeks to provide a comprehensive framework for protecting online privacy, covering the entire privacy policy life cycle. This cycle includes enterprise policy creation, enforcement, analysis and auditing, as well as end user agent presentation and privacy policy processing. The project integrates privacy-relevant human, legal and economic perspectives in the proposed framework. This project will develop an expressive, semantics-based formal language for specifying privacy policies, an access control and auditing language for enforcing privacy policies in applications, as well as theory and tools for verifying privacy policies. Additionally, experiments and surveys will be conducted to better understand the axes of users’ privacy concerns and protection objectives. Results from this empirical work will be used to develop an effective paradigm for specifying privacy preferences and methods to present privacy policies to end users in an accurate and accessible way.
A Framework for Managing the Assured Information Sharing Lifecycle
A High Assurance, High Capacity Platform for Information Operations
↓Contracted research from Lockheed Martin
A Multi-site Study of How Medical Surgical Medical Nurses Spend Their Time: a Baseline
A Survivable Information Infrastructure for National Civilian BioDefense
↓This project focuses on the theoretical foundation and the protocols that facilitate a survivable information infrastructure that meets the critical requirements of a national emergency response system. Specifically, the project will address the following challenges: (1) expand the existing theoretical framework to analyze the behavior of malicious and colluding participants; (2) design and construct a scalable survivable messaging system that operates correctly under a strong adversarial model that includes insider threat and denial of service attacks; (3) design and construct information access protocols that protect against compromised database servers providing incorrect data or servers that deny access to legitimate users; and (4) prevent malicious users from learning unauthorized information. The domain of application for this work is the Clinicians’ Biodefense Network (CBN), a nationwide Internet-based information exchange system designed to provide clinicians with critical information in the aftermath of a bioterrorist attack. The CBN is designed to mitigate benign Internet faults and to resist a physical attack on one location. However, it is not able to correctly operate under a stronger threat model that includes insider attacks. Solutions for this stronger threat model are not currently available and present a major research challenge. This project will construct a prototype survivable system based on the CBN, and from it draw general principles. It will develop a solid theoretical foundation and novel system tools to facilitate building national emergency networks that are resilient against cyber-attacks in crisis situations, when those networks are most urgently needed.
A Testbed for Compiler-supported Scalable Error Monitoring and Diagnosis for Reliable and Secure Sensor Networks
↓This is a planning grant that focuses on an embedded middleware development tool for sensor networks that is based on a research prototype recently developed by this team at Purdue University. For this planning grant the project team proposes to expand their existing sensor capability by purchasing a larger sensor network test-bed to validate software development tools for run-time error monitoring and diagnosis. In addition, the project will enable an application case study for carbon dioxide monitoring for indoor circulation systems. Sensor nodes typically are highly vulnerable to hardware breakdowns when deployed in harsh conditions. Because of their ad hoc and dynamic nature, the communication protocols of networked embedded systems tend to be complex and frequently error-prone. In addition, these networks experience: components and communication links that are exposed to potential adversaries and hence are under security threats such as node capture, denial of service, and malicious code injection; constrained resources such as storage, bandwidth, computing power and energy; and, even though they may be correctly designed, network protocols may be implemented incorrectly due to programming errors. The goal of this project is to permit the broad research community of Networked Embedded Systems (NES) to use the robust programming tool proposed with this project for run-time error monitoring and diagnosis. The tool will target the problem that errors can occur in any of the many components of a sensor network and those errors need to be detected quickly and effectively.
A Testbed for Research and Development of Secure IP Multimedia Communication Services
↓This collaborative project, developing a testbed that enables research on understanding and analysis of vulnerabilities of Voice over IP (VoIP), investigates issues related to Quality of Service (QoS) in VoIP, taking into account possible attacks, identity management, spamming, Denial of Service (DoS) attacks, 911 emergency management, and high availability. Research results will be translated to engineering guidelines for preventing security breaches during development and deployment of VoIP networks. This VoIP infrastructure can, in turn, be reused for different multimedia services like video and instant messaging. Since VoIP is expected to reach critical mass during the next five years, many federal agencies are already putting migration strategies in place. In view that VoIP will have to interoperate with conventional Public Switched Telephone Network (PSTN), this work anticipates discovery of security holes and vulnerabilities during deployment and usage. Thus, vulnerabilities need to be investigated proactively and algorithms and techniques need to be developed to secure VoIP from security threats due to interoperability problems, lack of standards, attacks by hackers, script kiddies, spammers, corporate espionage, and terrorism. This multi-university project limits the scope to spam prevention, defense against DoS, securing 911 emergency services, study the impact of security and QoS.
Broader Impact: With 4 universities, this collaborative project studies security threats and solutions proactively and disseminates the results to commercial and government organizations. The research results should advance the research frontier in the area of security for next generation networks and create practical applications to implementation in VoIP networks. Results, translated into engineering guidelines, should impact developers. The experiments benefit from the geographically distributed sites while the test plan stimulates collaboration between faculty and students. Workshops have been held with participation from the Department of Homeland Security, Department of Defense, FBI, NSA, NIST, FCC, industry consortiums such as International Packet Communications Consortium (IPCC) and SIP.EDU in Internet2, VoPSF, VoIPSA, telecommunication service providers, vendors, and universities. This multi-university infrastructure provides an excellent opportunity for students to experience a real-life telecommunication network. This reconfigurable testbed may be integrated into many courses enabling new research and education in VoIP.
Accelerator-based High Performance Computing
↓Commodity processors are highly programmable, but their need to support general purpose computation limits both peak and sustained performance. Such observations have motivated the use of “accelerator” boards, which are co-processing elements that interface with the host server through a standard hardware bus such as PCI-Express but have their own computational engine and typically their own memory as well. Unlike the main processor, the accelerator does not support general applications; instead, its hardware and software is tuned for only specific types of computations. Accelerators can offload the most demanding parts of an application from the host processor, speeding up the desired computation using their specialized resources. This improved performance enables various forms of high-performance computing (HPC), but comes at a high cost in programmability. This research targets high-performance computing research using PC-based clusters for cost and scalability combined with accelerators for high performance. The Purdue Everest project encompasses several related efforts in achieving high performance, low power consumption, and high programmability for highly heterogeneous systems. Acquiring a 30-node Gigabit Ethernet-based cluster of multicore PC-based workstations equipped with various accelerator boards (e.g., GPU, Cell, FPGA, Crypto) will enable research into effective and highly-programmable use of accelerator-based clusters. Supporting multiple accelerators per node allows applications to use different accelerator boards in different phases. This cluster also allows fair apples-to-apples comparisons of different accelerators by keeping the other system factors constant. This research also investigates the use of multiple concurrency domains, with parallelism across the cluster, across the cores in a single node, among the host processors and accelerators in a single node, and across the processing elements of a given accelerator.
Access Control Policy Verification Through Security Analysis And Insider Threat Assessment
↓Access control is one of the most fundamental security mechanisms in use today; however, the specification and management of access control policies remains a challenging problem, and today’s administrators have no effective tools to assist them. This research addresses these needs and arising challenges by developing new verification techniques for access control policies, and verification tools that will help administrators specify, understand, and manage their access control policies. In particular, this research studies security analysis and insider threat assessment. Security analysis techniques answer the fundamental question of whether an access control system preserves essential security properties across changes to the authorization state. Insider threat assessment techniques determine what damages insiders can cause if they misuse the trust that has been placed on them. While focusing primarily on the widely-deployed Role-Based Access Control model, this project also aims at developing theoretical foundations and general techniques for access control policy verification. Insights obtained from this research will be applicable to other richer access control models and will help improve the understanding of the power and limitation of access control.
An Integrated and Utility-Centric Framework for Federated Text Search
↓Traditional search engines like Google typically ignore a large amount of information behind the search engines of many online text information sources. Federated text search provides one-stop access to the hidden information via a single interface that connects to multiple search engines of text information sources. Existing federated search solutions only focus on content relevance and ignore a large amount of valuable information about users and information sources. This project includes novel research on: (1) Multiple Type Resource Representation: model important information of text information sources such as search response time and search engine effectiveness; (2) Utility-Centric Resource Selection: satisfy a user’s search criteria by considering multiple types of evidence such as content relevance, search results from past queries, personal information needs, and search response time; (3) Effective and Efficient Results Merging: produce accurate merged ranked results with little cost of acquiring the content information of the returned documents; (4) System Adaptation by Results Analysis: analyze the search results from past queries for more accurate federated search solutions; (5) System Development and Evaluation: build and test algorithms within research environments as well as a new FedLemur system for a real world application. The project advances the state-of-the-art of research in federated search. It will have broad impacts for other applications such as peer to peer search. The project Web site (http://www.cs.purdue.edu/~lsi/Federated_Search_Career_Award.html) will be used for results dissemination. The education component of the project will expand information retrieval instruction to address multi-disciplinary requirements, improve the education of information technology workforce, and arouse interests of K-12 students for search technologies.
