Announcements
Center for Information Protection
UC Davis is planning to join the NSF I/UCRC
Center for Information Protection. We are looking
for companies to join our Industrial Advisory
Board.
Find out more here!
Conferences and Workshops
- ISGIG 2009
- ACSAC 25
- PETRA 2010 (due 11/15)
- Oakland 2010 (due 11/18)
My Links
- My Home Page
- Books
- Classes
- Papers
- Reports and Notes
- Research
- Security in Programming
- Service
- Students
- Talks
- Miscellaneous
- My Family
- About Me (CV and such)
Other Links
- MyUCDavis
- Computer Security Lab
- Dept. of Computer Science
- College of Engineering
- University of California, Davis
- City of Davis
- County of Yolo
- State of California
- United States of America
Research Projects
Here are some research projects I am involved in. Many have their own web pages, so follow the links if you are curious and want more information than is here! The web pages change often, too, so please come back.
These are currently active projects. If you are interested in helping to support them, please let me know; we really enjoy working with external people!
Technological Support for Improving Election Processes
This project is developing and evaluating the application of iterative process improvement technology to assure the privacy, security, reliability, and trustworthiness of elections, which are the very cornerstone of democracy. The focus of the project is to locate mismatches between existing voting systems and the processes that are currently using them in the conduct of elections. These mismatches can result in vulnerabilities or inaccuracy in elections. This project demonstrates how to remediate such vulnerabilities through the use of iterative process improvement. The methodology uncovers vulnerabilities by modeling processes and examining how discrepancies between the characteristics of these processes and the behaviors of voting systems that are used by the processes can lead to such vulnerabilities. In this way, this project is making a novel and important contribution to defending one of the most critical processes of democracy.The project tests the results on the election processes and systems of Yolo County. Part of the research is to model that county's processes using the process definition language, and examining what these processes require and expect from the voting systems they use. The existing voting systems can then be examined to determine whether they meet the requirements and expectations of the processes using them. Where mismatches occur, the vulnerabilities created by such mismatches can be assessed, improvements suggested, and the methodology can show how the suggested improvements address the mismatches and remove the vulnerabilities.
Sponsor: National Science Foundaton award CCF-0905503
Collaborator: Profs. Lee Osterweil and Lori Clarke, University of Massachusetts Amherst
- Computer Systems Vulnerabilities and the Efficacy of Defensive Mechanisms
Longitudinal studies of network systems are very difficult to conduct when systems are large, heterogeneous, highly interconnected, and open; yet, the importance of these studies cannot be underestimated. This project focuses on an 18-month longitudinal study on server-side vulnerabilities in the campus network of the University of California at San Diego and on client-side vulnerabilities the University of California at Davis. The issues concern the efficacy of security measures at the campus-wide networks and its implication for security of networked systems at universities, government facilities, and commercial enterprises.
Sponsor: National Science Foundaton award CNS-0831002
Collaborator: Prof. Keith Marzullo, University of California San DiegoPast Projects
These are projects that have finished. If you’re interested in pursuing them, I’ll be happy to talk to you.
- Electronic Recordation
This project examined the problem of recording real estate, liens, and other documents over the Internet.
Past sponsor: Yolo County Clerk-Recorder’s Office - Property-Based Testing
This project is designing and implementing a system to test how well programs and systems conform to stated security properties. It is part of a much larger project on integrating assurance into the software life cycle that the folks at NASA JPL are doing.
Past sponsors: NASA Jet Propulsion Laboratory, Sandia National Laboratories - Balancing Privacy and Analysis in Data Sanitization
This project examines the balance between the need of security analysis for data with the need for people to keep information private. The goal is to develop a language to express both security analysis requirements and privacy requirements as policies, and through policy reconciliation determine when the requirements conflict. It also focuses on the mechanics of mapping the requirements into a sanitization engine automatically, to do the actual data sanitization.
Past sponsors: National Science Foundation; Promia, Inc. - Vulnerabilities Analysis
This project treats vulnerabilities as a collection of conditions required for an attacker to violate the relevant security policy. We’re developing a set of conditions that apply to multiple vulnerabilties, which will help us locate previously unknown vulnerabilities, and a language to express the conditions in, which will help us reason about vulnerabilities with respect to security policies.
Current sponsor: National Science Foundation
- Electronic Recordation
Research is what I’m doing when I don’t know what I’m doing.
— Wernher von Braun
