1999 — 2003 |
Wallach, Dan Aazhang, Behnaam [⬀] Baraniuk, Richard (co-PI) [⬀] Knightly, Edward (co-PI) [⬀] Cavallaro, Joseph (co-PI) [⬀] |
N/AActivity Code Description: No activity code was retrieved: click on the grant title for more information |
Wireless Technology: Seamless Multitier Wireless Networks For Multimedia Applications @ William Marsh Rice University
In the past decade, the number of subscribers to mobile and wireless communication services has grown at an exponential rate. Concurrently, emerging wireless devices have enabled new modes of communication beyond traditional cellular voice. However, to remain continually "connected," users face the frustrating task of manually coordinating a vast disarray of services, devices, and wireless technologies.
The goal of this project is to develop a platform for truly seamless communication throughout environments as fundamentally different as high-speed indoor wireless and conventional cellular systems. The investigators propose to design, build, and evaluate RENE (Rice Everywhere NEtwork), a multi-tier system that provides network- and application-level services using a single network interface card. The key innovations of the RENE project are as follows:
1. The design of an mNIC (multi-tier Network Interface Card), a novel network interface card that is reprogrammable on-the-fly to different physical- and network-layer standards. The mNIC will support soft handoffs, both horizontally within a tier and vertically among tiers, including transitions from a prototype 100 Mbps indoor wireless LAN protocol to commercial CDMA cellular standards.
2. The building of a proxy file system that enables seamless and consistent access to a user's home working environment, independent of the user's location or available network resources. The system will respond to changes in available capacity using transcoders, allow consistent reading and writing of files (even when transcoded), and facilitate network-awareness in unmodified applications.
3. The investigators will perform an extensive measurement and modeling study of proxy traffic using multi-fractal models. Using these results, policies will be devised which enable the proxy to make intelligent decisions on when and to what extent to transcode or store user data to best meet user performance objectives.
4. The development of a new coarse-grained approach to resource reservation and admission control that enables users to obtain predictable performance in multi-tier environments. The key technique is to abstract system resources into networks of virtual bottleneck cells such that by provisioning resources in the virtual cells, quality of service objectives can be satisfied in the actual system.
This research will be conducted in collaboration with Nokia and Texas Instruments in order to build a complete prototype implementation of the RENE system and demonstrate its capabilities.
|
0.915 |
2000 — 2004 |
Wallach, Dan |
N/AActivity Code Description: No activity code was retrieved: click on the grant title for more information |
Career: Security and Resource Management in Type-Safe Language Environments @ William Marsh Rice University
CCR-9985332 Dan Wallach Rice Univ.
Abstract
Type-safe language runtime systems are being used as mechanisms for evaluating untrusted computations within a wide range of applications from Web browsers and proxy servers to databases and agent systems. Most current language-based systems have insufficient resource controls for aggregate use of memory, CPU, network bandwidth, and so forth. This research aims to implement resource management support within language-based systems, allowing for widespread use of a promising new technology. This research will design and implement language runtime mechanisms within a commercial Java system to accurately and efficiently account for memory and CPU use, and to allow for safe termination of a computation. These mechanisms will be supported by rigorous mathematical models allowing their security and efficiency to be formally studied, and their applicability to extend to a wide class of language-based systems. Educational activities at Rice University will be integrated with this research, building on topics across the traditional computer science curriculum. Course developments will teach techniques for building secure systems, emphasizing both formal methods and practical software engineering techniques with an understanding of how hackers work in practice. Additionally, community outreach will work to dispel common misconceptions about computer security through the popular press and various speaking engagements.
|
0.915 |
2005 — 2012 |
Wallach, Dan Byrne, Michael (co-PI) [⬀] |
N/AActivity Code Description: No activity code was retrieved: click on the grant title for more information |
Collaborative Research: Ct-Cs: a Center For Correct, Usable, Reliable, Auditable, and Transparent Elections (Accurate) @ William Marsh Rice University
Abstract
Voting systems require end-to-end trustworthiness, commencing with blank ballots and registration lists and concluding with the correct and auditable tallies of the marked ballots, reflecting the choices of the voters. This ballot round trip must resist well financed and organized adversaries that may include the very people who develop, maintain, or deploy the election machinery, and the process must be accessible to all citizens regardless of their disabilities or native language. The center's research investigates software architectures, tamper-resistant hardware, cryptographic protocols, and the role that various verification systems (e.g. paper, audio, cryptographic) can play in electronic voting systems. The center also examines system usability and studies how public policy and administrative procedures can, in combination with technology, better safeguard voting systems.
The voting system integrity problem is a paradigmatic hard Cyber Trust problem, requiring trustworthy system architectures, security, integrity, privacy, anonymity, high assurance, and human-machine interfaces. Voting systems must preserve a voter's privacy and anonymity, to reduce risks of voter coercion and bribery, yet they must be sufficiently auditable and transparent to allow for mistakes and errors to be identified and reconciled. This center's research develops a deeper understanding of how to organize, develop, and evaluate not only voting systems, but a wide range of other systems with end-to-end trustworthiness requirements.
|
0.915 |
2005 — 2010 |
Wallach, Dan Druschel, Peter (co-PI) [⬀] |
N/AActivity Code Description: No activity code was retrieved: click on the grant title for more information |
Csr/Pdos: Security and Incentives For Overlay Network Infrastructure @ William Marsh Rice University
CNS-0509297 CSR/PDOS: Security and Incentives for Overlay Network Infrastructure Abstract: Proposed Research Overlay network systems have largely been engineered to operate in a world where every node cooperatively executes the protocol as specified. Nodes either operate correctly, or cease to work altogether (i.e., fail-stop). This model is quite successful when nodes can trust one another, but this limits overlay systems from operating in the more general case when they might be operating on untrusted, end-user computers. Such users will be economically rational, meaning they will seek to get as much benefit from the network as possible while contributing as little of their own resources. Our research will examine extensions to these systems where nodes perform accounting, allowing them to track which nodes are and are not performing correctly, making it possible to offer preferential service to nodes that offer preferential service in return. These and other related techniques will ultimately result in incentives-compatible designs that enable a new generation of peer-to-peer applications, including distributed backup systems, distributed file systems, and distributed email systems. Our work will be disseminated as part of the FreePastry project, which provides a high-quality and scalable implementation of a variety of overlay network services and is available under a BSD-style license. Likewise, our work will become part of the next-generation Tor anonymous communication system.
|
0.915 |
2010 — 2014 |
Wallach, Dan |
N/AActivity Code Description: No activity code was retrieved: click on the grant title for more information |
Tc: Medium: Collaborative Research: Whisper - Wireless, Handheld, Infrastructureless, Secure Communication System For the Prevention of Eavesdropping and Reprisal @ William Marsh Rice University
This project focuses on the design of an infrastructureless communication system that makes it easy for people without expertise in computer security to safely communicate with friends and family members without being subjected to third-party surveillance, censorship, propaganda, or reprisal. The primary goals of this work are to (1) further open access to information people require to educate themselves and (2) make sharing information easier. Particular attention is paid to designing protocols that do not rely on centralized control points, which are subject to attack. The influence of patterns in human behavior on communication system performance, energy efficiency, and security are being studied, and the findings used to guide the development of better, user-aware, communication protocols. Design and analysis of communication protocols; defenses against side-channel attacks on portable communication devices; distributed system architecture; and energy-efficient software systems play central roles in the work.
|
0.915 |
2011 — 2015 |
Wallach, Dan |
N/AActivity Code Description: No activity code was retrieved: click on the grant title for more information |
Tc: Small: Security Architectures For Smartphones @ William Marsh Rice University
Modern smartphones from Apple, Google, and others have remarkably complex security needs. Applications, installed from a variety of third-party vendors, must be separated from one other, since some might be buggy or malicious, yet they must also communicate and share in a variety of ways, including displaying multimedia, sharing authentication credentials, and acting as local proxies for remote Internet sites to support payment services, advertisements, and so forth.
We design, implement, and evaluate novel smartphone mechanisms, leveraging Google's open-source Android project. For example, we carefully control how privileges are managed within the phone as applications collaborate. We must defeat "confused deputy" attacks, where privileged-but-buggy applications inadvertently allow their callers to exercise sensitive privileges, yet our infrastructure must also enable "intentional deputies" who are trusted to leverage dangerous privileges while offering safe interfaces.
Our work also considers the user's view of security features. Many applications require users to frequently retype passwords, annoying users and also making them vulnerable to spoofing attacks, because an attacker can fake a pixel-perfect dialog. We are studying a variety of approaches to improve security and usability, including better ways for applications to share credentials with one another (avoiding dialog boxes), and better ways for multiple applications to share screen real-estate (avoiding the need for singleton applications to be granted unnecessary privileges).
All of our research output will be available under suitable open-source licenses, helping our work to influence phone vendors and ultimately to have impact on the huge installed base of smartphone users.
|
0.915 |
2013 — 2017 |
Wallach, Dan |
N/AActivity Code Description: No activity code was retrieved: click on the grant title for more information |
Twc: Medium: Collaborative: Measurement and Analysis Techniques For Internet Freedom On Ip and Social Networks @ William Marsh Rice University
This project studies Internet censorship using novel measurement techniques, ranging from low-level packet filtering on Internet Protocol (IP) networks to high-level censorship of social media content. Collectively these techniques can provide greater situational awareness of censorship dynamics.
The project focuses on a suite of advanced inference techniques for when ?direct observation? is unavailable or impractical such as, for example, methods for detecting IP tunnels based on per-hop Maximum Transmission Unit (MTU) inference techniques in order to reason about the physical characteristics of a given IP network and, for example, measurement on social media postings of redactions and the speed of redactions.
This research has broad implications on studies of methods to provide awareness of restrictive control of information and content on networks, which would be of interest to software developers, system administrators, and policy makers alike.
|
0.915 |
2014 — 2018 |
Kortum, Philip (co-PI) [⬀] Wallach, Dan |
N/AActivity Code Description: No activity code was retrieved: click on the grant title for more information |
Twc: Ttp Option: Medium: Voting Systems Architectures For Security and Usability @ William Marsh Rice University
The security and integrity of elections is paramount in the furtherance of democracy. However, enhanced security often comes at the cost of making voting systems significantly more difficult for voters to use. With input from stakeholders in the voting process (most notably Travis County, Texas), we are constructing a prototype voting system and investigating how to design such a system so that it is significantly more secure than current solutions, without making it harder to participate in the election process. This research is closing knowledge gaps identified when designing a complex voting system that must satisfy stringent security, auditability, and usability constraints. We are conducting research on all aspects of this secure-but-usable voting system by defining the cryptography-user interactions, establishing scalable public bulletin-board systems that allow and encourage voters to verify their votes, engineering the software for the voting console, determining the correctness of the vote tallying system and understanding how voters and poll workers select and authorize specific voting stations. We are employing an iterative usability assessment and rapid design strategy that allows us to converge onto an optimal voting solution that satisfies the often-conflicting constraints of usability and security. At the conclusion of this research, we intend to have a fully operational prototype of this voting system that has been extensively tested by real voters in the laboratory and the field and is usable in its operation while being robust in its reliability and security.
|
0.915 |
2020 — 2021 |
Stein, Robert Wallach, Dan Byrne, Michael (co-PI) [⬀] Kortum, Philip (co-PI) [⬀] Adida, Benjamin |
N/AActivity Code Description: No activity code was retrieved: click on the grant title for more information |
Rapid: Optimizing Vote-by-Mail Implementations On Consumer Grade Equipment @ William Marsh Rice University
As a result of the COVID-19 virus, many states are looking to rapidly switch from in-person voting to postal voting (also called vote-by-mail or VBM), in order to reduce the infection risks to voters that might come from in-person voting. Among the many challenges of increased use of VBM, commercial ballot printing services have limited capacity and will be unable to scale to support the surge in demand they will face. To mitigate this problem, VotingWorks, a non-profit, is developing an open-source VBM solution called VxMail, targeting small- to medium-sized counties. VxMail will use commercial bulk-mailing services as well as off-the-shelf hardware for printing ballots, slicing envelopes, and scanning the ballots to provide a secure, affordable, and highly scalable VBM solution. If VxMail is successful, it will have a large impact on the practice of voting in the November 2020 general election, by making VBM available to more voters.
VotingWorks faces a variety of engineering challenges to ensure that VxMail will be accurate, including dealing with stray marks from voters, and damage that might occur to ballots in the postal mail. To address this, VotingWorks is partnering with a team from Rice University with experience in human-computer interaction and elections. This research will recruit thousands of participants, across the country, to fill out test ballots, yielding a large corpus of real-world examples. VotingWorks will use these ballots to validate and improve its scanning algorithms. Rice will use these ballots to measure voters? accuracy at filling out the ballots and following the return instructions. With multiple rounds of these experiments, Rice and VotingWorks will be able to identify and remedy deficiencies in VxMail, leading toward better voter experiences and more accurate tabulation results.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
|
0.915 |