Prateek Mittal - US grants

Designing secure systems and validating security of existing systems are hard challenges facing our society. For implementing secure applications, a serious stumbling block lies in the generation of a correct system specification for a security policy. It is non-trivial for both system designers and end users to express their intent in terms of formal logic. Similar challenges plague users' trying to validate security properties of existing applications, such as web or cloud based services, which often have no formal specifications. Thus, there is an urgent need for mechanisms that can bridge the gap between expressions of user intent and system specifications. This research designs an approach and a system called Aspire that is able to translate user intent into security specifications.

Aspire takes as input, expressions of user intent such as a system demonstration, application input-output examples, or natural language. Aspire leverages recent developments in the field of automated synthesis technologies that can consider such examples of user intent as input to the synthesis of security specifications. Aspire combines such inputs, along with a domain specific language for security applications, to synthesize a candidate set of possible outputs. The user can either choose a candidate output or provide more examples to guide the synthesis process. In this iterative fashion, the user can generate system specifications, policies, or properties. Aspire uses concepts from the domain of formal methods, machine learning, and programming languages to perform synthesis. Aspire is applicable to a variety of domains including web, mobile, and cloud applications. The output of Aspire's synthesis can either be used for analyzing security vulnerabilities, or for compilation and testing with real systems.

Autonomous systems (AS) are key building blocks of the Internet's routing infrastructure. Surveillance of AS may allow large-scale monitoring of Internet users. Those who aim to protect the privacy of their online communications may turn to anonymity systems like Tor, but Tor is not designed to protect against such AS-level adversaries. AS-level adversaries present unique challenges for the design of robust anonymity systems and present a very different threat model from the ones used to design and study systems like Tor. Thus, new research is needed to understand this threat and to defend against it.

This project is investigating the design of anonymity systems that are resilient against AS-level adversaries. First, the project aims to quantify the capabilities of AS-level adversaries, who are powerful eavesdroppers and also capable of active attacks, but also have some limitations in practice. Second, the project is designing new route-selection strategies for anonymity systems that can limit how much of the anonymized traffic the AS-level adversary can observe and attack. Finally, the project is investigating how anonymity systems can hinder an AS-level adversaries' ability to analyze encrypted traffic by injecting spurious cover traffic and timing delays. The findings and new anonymity system designs from this research will impact the privacy of a broad class of users in the context of forms of large-scale monitoring of online communications.

Social media systems have transformed our societal communications, including news discovery, recommendations, societal interactions, E-commerce, as well as political and governance activities. However, the rising popularity of social media systems has brought concerns about security and privacy to the forefront. This project aims to design trustworthy social systems by building on the discipline of network science. First, the project is developing techniques for analysis of social media data that protect against risks to individual privacy; new research is needed since existing approaches are unable to provide rigorous privacy guarantees. Second, the project is developing new approaches to mitigate the threat of "fake accounts" in social systems, in spite of attempts by the creators of those accounts to elude detection. Both deployed and academic approaches remain vulnerable to strategic adversaries, motivating the development of novel defense mechanisms based on network science. The findings and new designs from this research will directly impact the security and privacy of a broad class of social network users.

The private network analytics thrust builds on the ideas of differential privacy, ensuring sufficient uncertainty in results to hide individual relationships. The project introduces dependent differential privacy, which protects against disclosure of information associated with an individual, as well as mutual information privacy, an entropy-based measure. The Sybil mitigation thrust is based on the idea of adversarial machine learning: the creators of fake accounts are presumed to adapt their mechanisms to changing detection approaches. This work exploits new features, such as temporal dynamics of the network, to address this problem. Finally, the project aims to integrate the research with an educational initiative for developing pedagogical approaches and content for trustworthy social systems.

Data analytics is a rapidly growing field, aided by the availability of huge amounts of data and significant computing power. The immense potential of data analytics to provide benefits to the society in application areas such as health, economics, and finance, is reliant on the fundamental and urgent challenge of protecting privacy of users. In this project, new theoretical paradigms and approaches to address privacy vulnerability of users in network environments in presence of big data are studied. The vulnerability results from the indigenous structural dependencies in the network as well as the presence of exogenous auxiliary information outside of the network that permits deanonymization of the users. This project has transformative potential to impact a broad class of applications where user privacy is critical. The project?s inherently inter-disciplinary nature and real-world technological potential complements the investigators? on-going efforts to engage more students (especially women and minorities) to study topics at the intersection of application and quantitative reasoning in the STEM disciplines.

The research is divided into three thrusts: (1) Development of information-theoretic converses for deanonymization problem in random edge-labeled hyper-graphs for adversaries with access to correlated information sources. Such converses enable deriving necessary conditions under which the adversary cannot deanonymize the system, no matter how much computational power or storage is available. (2) Research practical achievable schemes: Besides tight (but not necessarily efficient) achievable schemes required for calibrating the converses, the design of practical deanonymization algorithms to quantify how much attackers can learn when the released datasets do not meet the necessary conditions of the converse, are explored. (3) Real-world evaluations: The performance of the algorithms and their practical applicability are evaluated on real world datasets.

The radio world, when viewed through a single antenna, appears as a movie with just one pixel. Multi-antenna systems could reveal the complete radio world in hi-def; however, the astounding quantity of data they generate is simply impossible for electronic computers to handle fast enough. At the same time, the signals received by different antennas are largely redundant, so the first step is generally to combine them in an intelligent way that destroys the undesired and redundant information. Optical (i.e. photonic) physics are extremely broadband and have special properties making them well-suited to multi-antenna problems. Signals carried by light can be very efficiently combined, enabling a photonic processor to funnel the signals from many antennas down to just one information-rich signal that is more manageable for the following electronics. One well-known approach for "intelligently" combining signals is called blind source separation (BSS). BSS is the most powerful technique for pulling apart radio signals that have been mixed over the air. In other words, BSS can use statistics to separate an interesting signal from an interfering signal without assuming anything about them. This project will develop a photonic approach to BSS. Combined, photonics and blind source separation could allow radio systems to better understand and share the wireless spectrum.

The objective of the proposed research is to develop a blind source separation technique by using an integrated photonics approach, thereby realizing radio-frequency interference cancellation while preserving user privacy. The project's intellectual merit stems from its orthogonal approach to the challenges of radio access, crossing disciplines of optical physics, statistical analysis, and emerging technology. Spectrum monitoring - an important tool for maintaining harmonious spectrum usage - poses a threat to users' privacy. The project will investigate "blind" spectrum monitoring techniques that can discard the signals of law-abiding users without looking at the content of their data. Science services, such as Earth exploration and radio astronomy, could benefit from format-independent techniques for resolving natural signals through the increasingly loud and complex din of man-made wireless communications. Determining how to intelligently discard undesired information presents a novel theoretical challenge. One pillar of the project will be developing algorithms to bridge the gap between optical hardware and statistical analytics by synthesizing multiple measurements of statistical invariants. A strong experimental thrust to design, build, and demonstrate will validate theoretical insights. A project goal will be the development of hardware that is compatible with recent trends in photonic integration and manufacturing. Foundry compatibility is a key step towards eventual products affordable to the general public.

Internet censorship consists of restrictions on what information can be publicized or viewed on the Internet. According to Freedom House's annual Freedom on the Net report, more than half the world's Internet users now live in a place where the Internet is censored or restricted. However, members of the Internet Freedom community lack comprehensive real-time awareness of where and how censorship is being imposed. The challenges to achieving such a solution include but are not limited to coverage, scalability, adoption, and safety. The project explores a linguistically-informed approach for measuring and circumventing Internet censorship.

The research takes a new perspective on the problem by investigating a hybrid method for censorship detection and evasion from the lens of linguistic analysis. The team develops new models to measure Internet censorship, investigates mechanisms to circumvent censorship using linguistic techniques, conducts communication and social network measurements of censored content. Active Sensing and natural language processing techniques, in conjunction with machine learning and optimization, invigorates new research directions in Internet Freedom and produces new high quality data and tools available for public use. This new allogamy between computer science, information security, network analysis and linguistics provides the foundation for evolution of anti-censorship technologies. The research contributes to a number of fields including Internet censorship, privacy and online information retrieval, as well as computational social science by modeling and analyzing the phenomenon of censorship using the signal available in language. The broader contribution includes wide dissemination of the research results via peer-reviewed publications, special topic courses and workshops. Additional benefits include providing graduate and undergraduate researchers with significant experience of highly practical work on a difficult interdisciplinary problem. Significant gains are obtained in recruitment of minority students through research training in computer science and linguistics.

This project will acquire a state-of-the-art High Performance Computing (HPC) cluster to support large scale, data-driven research. The instrument will support a variety of projects from computer science, electrical engineering, ecology, evolutionary biology, neuroscience and genomics. In neuroscience, the cluster will allow the use of advanced statistical techniques at scale to identify and connect anatomical and functional brain-imaging features of diseased and healthy subjects with specific underlying genetic profiles. In computer science, using machine learning algorithms deployed on the instrument, researchers will to seek new ways to protect the security and privacy of users in large-scale networked systems. Finally, the cluster will also enable research that will improve our understanding of evolutionary history and the molecular complexities of traits through the analysis of multi-animal, large-scale genomic datasets. In addition, through short courses and multiday boot-camps, the instrument will provide valuable opportunities for training postdoctoral fellows, graduate students, and advanced undergraduates in large-scale computational data science. The instrument will also be a valuable asset for certificate programs in statistics and machine learning (one for undergraduate students, the other for graduate students) and for a certificate program in computational science, all of which will support broadening participation of groups underrepresented in STEM. The research and training enabled by the instrument is expected to help improve our understanding of human health and well-being, help create new knowledge that will aid economic competitiveness, and help maintain the country's leadership in science and engineering.

The computing cluster will be formed of by nodes with very large memory. The system complements the institution's investments in research cyberinfrastructure and will be managed by the Princeton Institute for Computational Science and Engineering (PICSciE) and the Office of Information Technology (OIT). The instrument would initially be used by five research groups, part of the Center for Statistics and Machine Learning (CSML), which will leverage existing programs and partnerships to increase participation in data science. The initial five specific projects are united under a common theme: machine learning will be used for analyzing big data sets that may not be easily broken into smaller pieces for processing. Specifically, they will examine the following: 1) the use of probabilistic models for large-scale scientific analysis and de novo design in applications areas such as mechanical metamaterials and mixed-signal circuit development; 2) statistical machine learning in genomics, biomedicine, and health biostatistics including the analysis of hospital records to aid doctors in taking early action to improve patient outcomes, the heritability of neuropsychiatric diseases and drug responses, and statistical and experimental examination of cardiovascular disease risk; 3) security and privacy challenges in networked systems using machine learning techniques to detect and isolate attackers in networked systems such as social media; 4) large-scale machine learning for neuroscience such as joint analysis of many large-scale, multi-subject fMRI datasets where the size and number of the datasets; 5) evolutionary genomic and epigenome analyses through collection and analysis of large datasets to investigate the evolutionary history and molecular complexities of traits. Collectively, these research groups are composed of forty graduate students, ten postdocs, and include, on average, thirteen undergrad research projects per year. The instrument will also be used by other researchers engaged in large-scale, data-driven research across a wide variety of disciplines. Hence both the capacity and the capability aspects of the proposed instrument will be highly utilized and will enable the continued advancement of research at the University.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.