Browse

Privacy-Constrained Searching

Principal Investigator(s): Mikhail Atallah

We propose to develop techniques for database searching in a privacy-constrained manner: A private database provider allows only properly authorized searches (through signed search warrants) by clients, in a manner that does not reveal a client’s warrant or search criteria, yet enforces the requirement that the client learns nothing that is not authorized by the search warrant. The search warrant is signed by a trusted certificate authority (CA); this is done off-line, hence the protocol should not require CA participation in an online client-database search protocol. We will do so by extending the techniques we developed for online negotiations where the participants’ inputs need to be kept private from (i.e., not revealed to) the other participants, yet have to be verified as truthful by these other participants. Our previous work on contract negotiations and trust negotiations satisfies one or both of these requirements, but in rather restricted domains and in ways whose efficiency needs to be improved.

This proposal seeks to improve and extend these techniques so they work efficiently for more general forms of online negotiations, in particular for our chosen application of privacy-constrained searching. The techniques we will initially develop will be for the case of exact matches. We will then extend these to the more difficult case of approximate matching. If multiple matches are found, our system will either produce all of them, or produce a subset of the best of them, under appropriately defined notions of quality (in approximate matching there is a natural notion of quality, namely, having smaller distance to the target specified by the query). The main challenge is for the protocol to verify the validity of the search warrant and to carry out a search that enforces the warrant’s rules without revealing them.

Privacy-Preserving Data Integration and Sharing

Principal Investigator(s): Chris Clifton, Ahmed Elmagarmid

Integrating and sharing data from multiple sources has been a long-standing challenge in the database community. This problem is crucial in numerous contexts, including data integration for enterprises and organizations, data sharing on the Internet, collaboration among government agencies, and the exchange of scientific data. Many applications of national importance, such as emergency preparedness and response; as well as research in many scientific domains, require integrating and sharing data among participants.

Data integration is seriously hampered by an inability to ensure privacy. Without a privacy framework, sources are reluctant to share their data. Problems include fear of disclosing confidential information as well as regulations protecting individual privacy. While there has been progress in computing aggregations of distributed data without disclosing that data; e.g., privacy-preserving distributed data mining, it assumes data integration problems (schema matching, record linkage) are solved. As a consequence, the lack of a privacy-preserving data integration framework has become a key bottleneck to deploying data integration.

This project will develop the technology needed to create and manage federated databases while controlling the disclosure of private data. While the emphasis will be on general techniques for data integration that preserve privacy, the project will work in the context of diverse but particularly relevant problem domains, including scientific research and emergency preparedness. Involvement of domain experts from these fields in developing and testing the techniques will ensure impact on areas of national importance.

Process Coloring: an Information Flow-Preserving Approach to Malware Investigation

Principal Investigator(s): Dongyan Xu, Eugene Spafford

Cyberinfrastructures are facing increasingly stealthy and sophisticated malware threats. For example, recent reports have suggested that new computer worms and viruses deliberately avoid fast massive propagation. Instead, they lurk in infected machines and inflict contaminations over time, such as rootkit and backdoor installation, botnet creation, and private data theft. Current methods for detection and investigation do not fully exploit the use of information flows tracked at the operating system level. We argue that OS-level information flow is currently an under-utilized tool for malware investigation. We will use operating system information flows to propagate malware break-in provenance information to demonstrate that provenance preservation can help achieve more efficient and effective malware investigation. We will also show that this technique can be used to produce live alerts for malware that existing tools are unable to provide.

Protecting TCP Congestion Control: Tools for Design, Analysis, and Emulation

Principal Investigator(s): Sonia Fahmy; Ness Shroff

The increasing volume of non-conforming and malicious traffic flows poses a serious challenge to the stability of the Internet. Such traffic flows could significantly throttle the data rates sustainable by TCP flows, and could affect millions of users who rely on the Internet for their daily business. The following three types of misbehaving flows: unresponsive TCP sessions, low-rate TCP-targeted attacks, and randomly scanning TCP worms, can be easy to launch and are enormously damaging.

This research takes an ambitious step in systematically developing: (i) dynamic router-based quarantine schemes to penalize unresponsive TCP flows; (ii) defense strategies for low-rate TCP-targeted attacks; (iii) router-based designs to effectively control indiscriminate TCP worms; and (iv) tools and methodologies for the evaluation of the proposed schemes, specifically using the DETER/Emulab emulation platform. The research will enable in-depth characterization of the misbehaving flows and the design of effective solutions for minimizing the vulnerability of the Internet to such flows.

This work will have an enormous practical impact, will foster new research directions towards a trustworthy Internet, will accelerate security research by streamlining the experimental process, and will train security students in both theory and hands-on experimentation.

Provably Assurable Ad Hoc Networks Under Arbitrary Malicious Behaviors

Principal Investigator(s): Saurabh Bagchi: Xiaojun Lin

Purdue Phone Phorensics

Principal Investigator(s): Rick Mislan

Considered to be the “Underwriters Lab” of Mobile Device Forensics, P3, or “Purdue Phone Phorensics” is intended to help investigators cut through the morass of literally hundreds of unique models of mobile phones and their accompanying requirements. This resource will literally take the guesswork out of processing most mobile devices. Don’t know what hardware and software to use? P3 will guide you. Just enter the brand and model, and P3 provides all the essential details you will need to examine the device. The hardware, software, and accompanying instructions will all have been tested for specific model of device under examination. Not sure what model you have in your hand? Use the “Phone Phinder” tool to identify the device by answering a few simple questions.

Purdue Univ. Program for Homeland Security - STEM Career Development

Principal Investigator(s): Sandra Amass, David Ebert

Purdue University Regional Visualization and Analytics Center

Principal Investigator(s): David Ebert

Purdue University Regional Visualization and Analytics Center (PURVAC)

Principal Investigator(s): David Ebert; Bill Cleveland; Chris Clifton; Ed Delp; Ahmed Elmagarmid

Remote Examination and Manipulation of Electric and Electronic Devices Using Inverse Evaluation of Scattering (Remedies)

Principal Investigator(s): Ed Delp