As in the world of car modification, “modding”, we are starting to see mods of computer systems. As simple as a Sushi thumb drives, to the more meticulous Pez MP3 player, digital evidence is finding more ways to hide. It is important to make our investigators aware of the various methods of computer modding. 


The goal of this project is to investigate various topics in the area of federated approaches to digital identity management. The project is based on the notion that identity management encompasses two main notion: (i) login management and single-sign on techniques; (ii) management of digital properties (called also identity attributes) representing identity information of individuals (such as SSN, Address, Credit Card Number).

Current results include:
(i) The development of a multi-factor verification of identity attributes. Protocols have been developing allowing a service provider to verify the authenticity and proper use of an identity attribute presented by a party by asking this party to provide other identity attributes. The protocols use efficient zero-knowledge proof protocols to assure the privacy of the attributes submitted by a party to prove its identity. Such protocols are being extended to support also the use of biometric authentication. An implementation of the protocols has also been developed for use on cellular phones, using NFC technology. (ii) The development of identity provenance assessment methodologies. Protocols are being developed that allow a party to trace back the origin of identity information and to assess the quality of such information. Such protocols take into account the fact that in some cases part of such identity information has to be kept confidential.

In the battle against Internet malware, we have witnessed increasingly novel features of emerging malware in their infection, propagation, and contamination strategies – examples include polymorphic appearance, multi-vector infection, self-destruction, and intelligent payloads such as self-organized attack networks or mass-mailing. Furthermore, the damages caused by a malware incident can be detrimental and hard to recover (e.g., the installation of kernel-level rootkits). Our research goal is to thoroughly understand key malware behavior such as probing, propagation, exploitation, contamination, and “value-added” payloads. These results will be used to design effective malware detection and defense solutions. To reach this goal, we realize that effective malware experimentation tools and environments are lacking in current malware research. By leveraging and extending virtualization technology, we propose to develop a virtualization-based integrated platform for the capture, observation, and analysis of malware. The platform consists of two parts: The front-end of the platform is a virtual honey farm system called Collapsar, which captures and contains malware instances from the real Internet. The back-end of the platform is a virtual playground environment called vGround, where the captured malware instances are unleashed to run while remaining completely isolated from the real Internet. Using this integrated platform, security researchers will be able to observe and analyze various aspects of malware behavior as well as to evaluate corresponding malware defense solutions, with high fidelity and efficiency.

Existing vulnerabilities are a serious threat to computer systems and organizations. Research in security is needed to identify vulnerabilities in systems, evaluate the threat, and devise mechanisms that avoid them. Formalizing vulnerability, building quantitative models of threat, and experimental studies are needed to discover and evaluate solutions for dealing with threats to life and economy. This will result in algorithms, observations based on experiments, and infrastructure that can deal with expected and unexpected attacks in an adaptable and graceful manner. It will lead towards guidelines for building secure systems and databases. The research will build upon results in failure identification, fault-tolerance and reliability/safety. Vulnerabilities will be reduced by keeping an attacker uncertain and unaware about the latest version of databases/software and routing information that are in operation. This research will contribute to fundamental principles and policies for providing homeland security in information systems and applications in nuclear waste shipping, e-commerce, and disaster management. A better understanding of vulnerabilities in a variety of institutions such as schools, government agencies, air space and airports, and industrial plants will be explored. We will contribute to the outreach program of CERIAS security center at Purdue through preparation of education material and organizing workshops.