CrashSimulator is a tool that replicates “real-world” testing for new and upgraded software without the complications of “real-world” deployment. The program enables software developers to identify vulnerabilities in product designs long before they are packaged and released.
- Products: We are in stealth mode! If you want to be contacted when we publicly release, please email email@example.com.
- People: Preston Kent Moore, Justin Cappos, Phyllis Frankl, and Thomas Wies
A password database disclosure can be devastating, costing companies billions of dollars in damages. PolyPasswordHasher offers a new approach to prevent attackers from finding out which passwords are being used. By interrelating stored password data, potential hackers are forced to crack passwords in sets. This increases the attackers’ level of difficulty, making a PolyPasswordHasher-enabled database very hard to breach, even for an adversary with millions of computers.
- Products: PPH is used in several projects, including the Seattle Clearinghouse and BioBank. PPH has implementations available in seven languages, including Java, Python, C, and Ruby. Easy to integrate PPH libraries, such as the Pluggable Authentication Module (PAM), are also available for a number of operating systems, including Linux and OS X.
This project seeks to identify situations where security issues are created by the misunderstanding of APIs by developers. In particular, we are looking for security-related blind spots in popular Java and Python APIs as a way to more holistically find and address bugs.
- Products: We are in stealth mode! If you want to be contacted when we publicly release, please email firstname.lastname@example.org.
- People: Justin Cappos, Lois Anne DeLong, Daniela Oliviera (UF), Eliany Perez (UF), Sajidur Rahman (UF), Natalie Ebner (UF), Tian Lin (UF), and Yuriy Brun (UMass-Amherst)
Cloud computing can provide tremendous benefits due to its ability to offload computation on demand. However, cloud resources are often located far from users. The Seattle project enables users to securely share (and acquire) computing resources from their desktop, laptop, or smartphone in the same manner as with cloud computing. Seattle is used by educators, and for software development and research by thousands of people around the world.
- Products: Seattle is used by thousands of developers and has been installed on tens of thousands of devices. Our website contains information and links to educational modules, and a clearinghouse of available resources for those who wish to download and use the Seattle program, or to donate some computing power on their device for research purposes.
Given the close proximity of smartphones to users, researchers would benefit from accessing smartphone sensors. By giving the user control over what amount and type of data is gathered from these sensors, Sensibility ensures the privacy of user information. Sensibility also has additional security protections that ensure the safety of the device, while giving researchers access to unique information.
- Products: We have had four years of hack-a-thons, where teams compete to build the best application for Sensibility. Install our Android app or learn more by visiting our project's blog!
NetCheck is a tool that can determine the cause of a failure in a networked application, without any application or network-specific knowledge, and without any modification to the application or its infrastructure. By treating an application as a blackbox, a diagnosis can be made using just a set of system call (syscall) invocation traces from the relevant end-hosts. By simulating the syscalls against a network model, syscalls that deviate from expected network semantics can be identified. In return, these deviations can be mapped to a diagnosis by using a set of heuristics.
upPIR is a secure protocol that allows users to mask their information requests by privately retrieving information from a set of mirrors. By packaging the required information with other data that potentially could be requested, the user's preferences—and any assumptions that could be deduced from those preferences—remain hidden.
- Products: The prototype code for this project is available at its github repository.
Virtual Secure Network (VSN)Retired
Virtual Secure Network (VSN) is a network service that provides remote users the security benefits of a managed (corporate/cloud) network, without sacrificing the faster Internet performance more typical of an insecure direct connection. A VSN is analogous to a Virtual Private Network (VPN) in that it offers security protections, such as firewalls, multiple Antivirus scanners, IDSs, and IPSs. However, VSN can guarantee lower costs for management, and better performance for its end users.
- Products: This patented technique and its source code are available on the project web site.
- People: Sai Teja Peddinti, Keith Ross, Nasir Memon, and Justin Cappos