Current Research

Privacy-preserving fine-grained data collection and processing

Smart metering systems have been widely adopted in many countries, i.e., the European Commission requires an 80% AMI (Advanced Metering Infrastructure) coverage by 2020. However, recent research indicates that privacy-sensitive information, such as residents’ actions and their presence/absence, can be revealed by analyzing smart meter recordings without a paramount effort.  Such a privacy disclosure violates the safety and security laws in many countries – the deployment of smart meters in the Netherlands was even canceled by the parliament.  Nevertheless, smart meter deployment is well under way in other European countries, the US, Canada, and Asia due to the significant power system efficiency improvement incurred.  Therefore, protecting consumer privacy in AMI has attracted much attention in recent years.


 

Cost/Benefit Analysis of Cyber Surveillance Techniques

This study evaluates cyber surveillance techniques employed by government signals intelligence agencies. Historical data relating to techniques either confirmed or widely considered to be employed by the National Security Agency of the United States, Government Communications Headquarters of the United Kingdom, Communications Security Establishment Canada, and other signals intelligence surveillance agencies are considered inputs into an innovative model and intelligence-related, economic, political, and technological effects of surveillance techniques are considered outputs from the model. Based on likelihood, impact, and weight inputs from the model’s user, evaluative scores are calculated by the model. Additionally, the model is used to run simulations representing various stakeholders.


 

Building Codes for Software 

Software systems on whose security we rely might be more trustworthy if the software analog of a building code were developed and applied to them. Several projects are underway or have recently taken place here:

a. A workshop that aims to develop both (1) an initial draft for a building code for a specific domain of software-controlled systems, medical devices, which compose a domain of cyberspace in which security and trustworthiness are particularly critical, and (2) a related agenda for research into assuring desired security properties of such systems. Read more.

b. Development of a consensus building code for software that controls power systems that provides a basis for customers to specify the security required of power system software components, for vendors to produce them, and for third parties to evaluate important aspects of their security properties. The availability and use of such a code can enable the marketplace to reward producers of systems with stronger security properties. Read more.


 

Privacy in Wearable Devices and Mobile Apps

This project examines privacy issues related to wearable devices and mobile apps, with an emphasis on their uses in the context of health and wellness.  This research on wellness programs touches on the role of devices and apps in health-related “big data,” workplace privacy, and the privacy and ethical issues raised by the use of various techniques designed to increase the number of people providing data and the amount of data provided by each individual. It also examines device and app data flows and data quality for the intended uses.


 

Global ICT Supply Chain

ICT (information and communications technology - or technologies) is an umbrella term that includes any communication device or application, encompassing: radio, television, cellular phones, computer and network hardware and software, satellite systems and so on, as well as the various services and applications associated with them, such as videoconferencing and distance learning. ICTs are often spoken of in a particular context, such as ICTs in education, health care, or libraries. The term is somewhat more common outside of the United States. A global supply chain is a system of international organizations, people, activities, information, and resources from around the world involved in moving a product or service from supplier to customer. Supply chain activities transform natural resources, raw materials, and components into a finished product that is delivered to the end customer. This project would focus on the cybersecurity aspects of the of the global ICT supply chain (GICTSC). Securing this supply chain is critical for the advance of global commerce across multiple economic and industrial sectors in addition to having major national security impact on the military-industrial complex of all nations.


 

Lasting Relationships between Computer Scientists & Social Scientists

This workshop brought together social scientists, computer scientists, and others who have been leaders in projects that were done jointly by new collaborators, teams from social science and computer science over the last three years, funded by NSF under the SaTC “New Collaborations EAGER” program.  The end result of this project was a public written report that defines lessons learned from mixing the disciplines and suggestions for future efforts to encourage this cross-disciplinary collaboration.