Security and Privacy — Silicon Valley

We are currently investigating a broad spectrum of topics in security, cryptography, and privacy. These topics range from fundamental research on privacy in the context of statistical databases to new systems mechanisms for realizing security in operating systems to mitigating and preventive measures against worms and viruses.

Current Projects

Community Information Management
Expanding on the notion of personal information management (PIM), the Community Information Management (CIM) project is exploring system support for loosely structured, semitrustful communities with common information needs. We propose a new security model for loosely-coupled distributed systems using invariant statements by trusted parties and logical proofs.

Database Privacy
Statistical databases such as are produced by the US Census contain a large volume of illuminating and potentially useful data. They also run the risk of revealing a great deal of specific information about the participants, which participants generally dislike. There is an inherent tradeoff between the utility that databases can offer and the privacy they afford their constituents. We are studying this tradeoff formally, attempting to understand the relationship between privacy and utilily, and thereby find a comfortable position between the extremes of fully disclosed and completely withheld data.

Privacy Integrated Queries (PINQ)
Privacy Integrated Queries is a LINQ-like API for computing on privacy-sensitive data sets, while providing guarantees of differential privacy for the underlying records. The research project is aimed at producing a simple, yet expressive language about which differential privacy properties can be efficiently reasoned and in which a rich collection of analyses can be programmed. A paper describing this work appeared at SIGMOD 2009.

Spamming has been a growing problem in the Internet. This project focuses on spammer identification rather than spam identification, and we seek to identify zombie-based spammers. We explore host network properties (for example: proxy/NAT servers, dynamically assigned IP addresses), and correlate such fine-grained information with network telescope traces and spammimg activities. We emphasize that spammer identification at the network level is independent of spam content and is often straightforward to integrate with existing filtering frameworks.

Inactive projects

  • Gleipnir
    Mitigation for software vulnerabilities
  • Penny Black
    Computational cost for spam deterrence
  • Singularity
    Access control for a dependable OS
    Device driver isolation via virtualization
  • Vigilante
    Automatic worm containment