Securing the Open Softphone

Mobile phones and other wireless divides are now turning into universal handsets: powerful sensor-rich software-controlled computing and communication devices. These “softphones” are increasingly entrusted with maintaining a users’ electronic identity; calendars, financial data, and social networking in one device. The increasing openness of softphones comes with equally large security issues and opportunities, some of which we are only beginning to understand.  We proposed a multi-pronged research plan that methodically considers the security implications of the open softphone and focuses on identifying, understanding, and mitigating new security risks. Two broad risk categories are addressed: threats to individual users , and threats to the entire communication system. The project ultimately aims to understand how security problems associated with softphones and their networks are different from those of traditional computers and networks, and how to harness the unique capabilities of softphones for improved security.

Toward Trustworthy Interactions in the Cloud

As one of the most promising emerging concepts in Information Technology, cloud computing is transforming our perception of how IT is consumed and managed. Cloud computing reduces IT resources and services to commodities acquired and paid for on-demand through a fast-growing set of infrastructure, platform, and service providers. Despite the relatively fast growth of clouds, our understanding of aspects related to their security, privacy, and economic value is lacking. This project addresses this challenge by, (a) extending cloud service-level agreements to govern aspects such as integrity of outsourced services, information leakage control, and fair market pricing, (b) developing mechanisms that enable the delivery and verification of requirements along, and tradeoffs across these dimensions, and (c) exposing these requirements and tradeoffs to cloud customers and system integrators in ways that are both practical and usable.
The research work pursued in this project is timely as it addresses the issues of cloud trustworthiness early enough to avoid having the conflicts among its various stakeholders develop unchecked. Doing so has the potential of improving the utility and hardness of our cyber-infrastructure, with significant benefit to our economy and society. The project will ultimately lead to a better marketplace for computing resources, in which users are assured that the services they acquire satisfy their performance, security, and privacy expectations.

Deployment Incentives for Secure Internet Routing

Securing the Internet’s interdomain routing system is a problem of central interest, which despite considerable research has not been fully solved. The Internet is a complex, distributed system with thousands of players and different economic incentives. The real challenge is to create incentives for these players to band together and deploy a secure routing protocol to improve the reliability and security of the Internet. To address this challenge, this project develops: (a) Metrics for measuring the utility of different protocols, (b) Algorithms that identify a target set of Autonomous Systems (ASes) that should be initially convinced or incentivized to adopt the new security protocols, (c) Guidelines for using secure routing protocols when they are partially deployed in the Internet, (d) Models for evaluating improvements in security as ASes gradually deploy the protocol. The approaches in this project combine domain knowledge and validation on real network data, with problem formulations inspired by emerging ideas from cryptography, game theory, and the literature on social networks.