text-only page produced automatically by LIFT Text Transcoder Skip all navigation and go to page contentSkip top navigation and go to directorate navigationSkip top navigation and go to page navigation
National Science Foundation
Search  
Awards
design element
Search Awards
Recent Awards
Presidential and Honorary Awards
About Awards
How to Manage Your Award
Grant Policy Manual
Grant General Conditions
Cooperative Agreement Conditions
Special Conditions
Federal Demonstration Partnership
Policy Office Website


Award Abstract #0433540
CyberTrust Center: Security Through Interaction Modeling (STIM)


NSF Org: CNS
Division of Computer and Network Systems
divider line
divider line
Initial Amendment Date: September 21, 2004
divider line
Latest Amendment Date: August 24, 2007
divider line
Award Number: 0433540
divider line
Award Instrument: Continuing grant
divider line
Program Manager: Karl N. Levitt
CNS Division of Computer and Network Systems
CSE Directorate for Computer & Information Science & Engineering
divider line
Start Date: October 1, 2004
divider line
Expires: January 31, 2008 (Estimated)
divider line
Awarded Amount to Date: $6574990
divider line
Investigator(s): Michael Reiter reiter@cs.unc.edu (Principal Investigator)
Bruce Maggs (Co-Principal Investigator)
Dena Haritos Tsamitis (Co-Principal Investigator)
Jeannette Wing (Former Co-Principal Investigator)
Chenxi Wang (Former Co-Principal Investigator)
divider line
Sponsor: Carnegie-Mellon University
5000 Forbes Avenue
PITTSBURGH, PA 15213 412/268-8746
divider line
NSF Program(s): ITR-CYBERTRUST,
CYBER TRUST,
INFORMATION TECHNOLOGY RESEARC,
GENI CONCEPT/DEVELOPMENT
divider line
Field Application(s): 0000912 Computer Science
divider line
Program Reference Code(s): HPCC,9218,7254
divider line
Program Element Code(s): 7456,7371,1640,024F

ABSTRACT

Proposal Number: NSF-0433540

Title: Security Through Interaction Modeling (STIM)

PI: Michael Reiter

Computer misuse is often easier to recognize in particular instances than it is to specify in general, and is highly sensitive to experience and context. Nevertheless, few computer security technologies, if any, adequately utilize models of experience and context in defending against misuse. This research explores the thesis that many computer defenses can be dramatically improved, in both efficacy and usability, by modeling experience and context in a way that allows the models to become an integral element for defending the system. The interactions that can be modeled and potentially exploited are ubiquitous---they exist among persons (e.g., different user roles in access control), among computers and networks (e.g., what computers and networks typically correspond with what others), and even among attacks (e.g., what attacks realize the preconditions of others). Developing security technologies that better utilize such interactions forms the core of the research agenda in "security through interaction modeling" (STIM). This effort promises advances in diverse areas of security technology, such as attack traffic filtering, more usable authorization systems, and intrusion detection and response. A central goal of the STIM activity is education and outreach. Its efforts here include the construction of a security education portal and cybersecurity curricula for many education levels, ranging from children through college faculty.


PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Next (Showing: 1 - 20 of 22).

C. Wong, S. Bielski, J. M. McCune and C. Wang.  "A study of mass-mailing worms,"  Proceedings of the 2004 ACM Workshop on Rapid Malcode,  2004,  p. 1.

D. Brumley, J. Newsome, D. Song, H. Wang, and S. Jha.  "Towards automatic generation of vulnerability signatures,"  Proceedings of the IEEE Symposium on Security and Privacy,  2006,  p. unknown.

D. Brumley, T. Chiueh, R. Johnson, H. Lin, and D. Song.  "Efficient and accurate detection of integer-based attacks,"  Network and Distributed System Security Symposium,  2007,  p. 0.

D. Garg, L. Bauer, K. Bowers, F. Pfenning and M. K. Reiter.  "A linear logic of authorization and knowledge,"  Proceedings of the 11th European Symposium on Research in Computer Security,  2006,  p. 297.

G. Kataria, G. Anand, R. Araujo, R. Krishnan and A. Perrig.  "Distributed stealthy coordination mechanism for worm synchronization,"  International Conference on Security and Privacy in Communication Networks (SecureComm),  2006,  p. 0.

J. Caballero, S. Venkataraman, P. Poosankam, M. G. Kang, D. Song and A. Blum.  "FiG: Automatic fingerprint generation,"  Network and Distributed System Security Symposium,  2007,  p. 0.

J. M. McCune, A. Perrig and M. K. Reiter.  "Seeing-is-believing: Using camera phones for human-verifiable authentication,"  Proceedings of the 2005 IEEE Symposium on Security and Privacy,  2005,  p. 110.

J. Newsome and D. Song.  "Dynamic taint analysis: Automatic detection, analysis, and signature generation of exploit attacks on commodity software,"  Proceedings of the Network and Distributed Systems Security Symposium,  2005,  p. unknown.

J. Newsome, B. Karp and D. Song.  "Polygraph: Automatic signature generation for polymorphic worms,"  Proceedings of the 2005 IEEE Symposium on Security and Privacy,  2005,  p. unknown.

J. Newsome, D. Brumley and D. Song.  "Vulnerability-specific execution filtering for exploit prevention on commodity software,"  Proceedings of the 13th Network and Distributed Systems Security Symposium,  2006,  p. unknown.

J. Tucek, J. Newsome, S. Lu, C. Huang, S. Xanthos, D. Brumley, Y. Zhou, and D. Song.  "Sweeper: A lightweight end-to-end system for defending against fast worms,"  European Conference on Computer Systems,  2007,  p. 0.

K. D. Bowers, L. Bauer, D. Garg, F. Pfenning, and M. K. Reiter.  "Consumable credentials in logic-based access control,"  Network and Distributed System Security Symposium,  2007,  p. 143.

L. Bauer, S. Garriss and M. K. Reiter.  "Distributed proving in access-control systems,"  Proceedings of the 2005 IEEE Symposium on Security and Privacy,  2005,  p. 81.

L. Bauer, S. Garriss, J. McCune, M. K. Reiter, J. Rouse and P. Rutenbar.  "Device-enabled authorization in the Grey system,"  Information Security: 8th International Conference, ISC 2005 (Lecture Notes in Computer Science 3650),  2005,  p. 431.

M. Collins, C. Gates and G. Kataria.  "A model for opportunistic network exploits: The case of P2P worms,"  Workshop on Economics of Information Security,  2006,  p. 0.

P. Chen, G. Kataria and R. Krishnan..  "An economic analysis of strategic interaction among computer security attackers,"  Workshop on Information Systems and Economics,  2006,  p. 0.

R. Böhme and G. Kataria.  "Models and measures for correlation in cyber-insurance,"  Workshop on Economics of Information Security,  2006,  p. 0.

R. Böhme and G. Kataria.  "A closer look at attack clustering,"  Workshop on the Economics of Securing the Information Infrastructure,  2006,  p. 0.

R. Böhme and G. Kataria.  "On the limits of cyber-insurance,"  DEXA International Conference on Trust, Privacy and Security in Digital Business,  2006,  p. 31.

Shobha Venkataraman, Dawn Song, Phil Gibbons, and Avrim Blum.  "New streaming algorithms for superspreader detection,"  Proceedings of the 2005 Internet Society Network and Distributed System Security Symposium,  2005,  p. 149.


Next (Showing: 1 - 20 of 22).

 

Please report errors in award information by writing to: awardsearch@nsf.gov.

 

 
Print this page
Back to Top of page
  Web Policies and Important Links | Privacy | FOIA | Help | Contact NSF | Contact Web Master | SiteMap  
National Science Foundation
The National Science Foundation, 4201 Wilson Boulevard, Arlington, Virginia 22230, USA
Tel: (703) 292-5111, FIRS: (800) 877-8339 | TDD: (800) 281-8749
Last Updated:
April 2, 2007
Text Only


Last Updated:April 2, 2007