Faculty and fellows of the Center research the most pressing cybersecurity questions of our time, and use their research to help inform the public discussion about questions of technology and security. The issues on which we are focused include:


Our work focuses on mapping and disrupting cybercrime networks, as well as the legal and policy interventions that can deter criminal networks from raising, storing, moving, and using funds through cybercrime.


Cyber Governance

Our work on cyber governance aims to identify the appropriate roles and obligations of various stakeholders—including private companies and various government agencies—in the cybersecurity discussion. CCS’s work focuses on the full range of concerns influencing the cyber governance landscape, including issues of technical capacity, the regulatory environment, the strategic frameworks and priorities that motivate the actors in the cybersecurity ecosystem, and the commercial incentives that structure the behavior of private actors that own the vast majority of the cyber infrastructure in the United States.


Cyber Strategy

Many of the strategic frameworks that will define the boundaries of the cybersecurity discipline for the next generation are still in formation. The boundaries between cybersecurity and intelligence authorities, the ways in which cyber capabilities are integrated into larger strategic structures, and the role and mode of development of international laws and norms in cyberspace are all poorly defined. Our work aims to bring these issues into sharper resolution.


Security of Cyberphysical Systems  

At the heart of critical infrastructure, cyberphysical systems are controlling foundational components of current and future smart services. Cyberattacks aimed at cyberphysical systems can have debilitating effect on electric power generation and delivery, traffic flow management, public health, national economic security, etc. Our work focuses on enhancing the cybersecurity of cyberphysical systems, leveraging their unique properties and continuous interaction with the physical world while adhering to strict real-time and always-on requirements.


Software and System Security

Our work focuses on program analysis, virtualization security, memory forensics, embedded and cyber-physical systems, digital forensics, biometrics, data compression, network security and security and human behavior, improving security and other aspects of real world systems, often by addressing issues that arise in practical deployments. We empirically measure the security and privacy of technology systems and their intersections with society, including a focus on censorship evasion and anonymous communication. Many security and privacy issues with great societal impact, such as censorship, online harassment, unwanted software, and vehicular systems are poorly understood. Our work focuses on building frameworks to systematically measure security and privacy shortcomings and understand structurally what is driving these problems. The goal of our analysis is to inform better technical and policy based solutions that will improve our society.


Digital Forensics

We find ourselves today in a “digital world” where most information is created, captured, transmitted, stored, and processed in digital form. Although representing information in digital form has many compelling technical and economic advantages, it has led to new issues and significant challenges when performing forensics analysis of digital evidence. There has been a slowly growing body of scientific techniques for recovering evidence from digital data. These techniques have come to be loosely coupled under the umbrella of “Digital Forensics.” Digital Forensics can be defined as the “collection of scientific techniques for the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events, usually of a criminal nature.”



New technologies are making it easier for governments, corporations, and individuals to learn the details of our online activities. Internet companies—such as Google, Facebook and ISPs—collect our information while an expanding surveillance apparatus and outdated privacy laws allow the government to monitor us like never before. With more and more of our lives moving online, these intrusions have devastating implications for our right to privacy.

At the Center for Cybersecurity, we are particularly interested in understanding how governments, Internet companies, and third parties can use data mining to infringe on our privacy, and how systems and laws can be redesigned to limit these infringements. Our work is data driven and measurement based, and exposes privacy leakages in popular services and applications, including Facebook, Skype, Google, Wechat, YikYak, Twitter, and eBay. We have also been studying major privacy laws—such as the Children’s Online Privacy Protection Act and the Right to be Forgotten—and the degree to which they can lead to unintended consequences.


Integrated Circuits Supply Chain Security

Outsourcing the various steps of the IC design and manufacturing flow has helped mitigate increasing design complexity while eliminating the need to maintain capital-intensive fabrication facilities. On the flip side, a distributed IC design flow involving third party design vendors, offshore foundries and assembly/test facilities brings about a variety of threats, ranging from hardware Trojans and piracy to reverse engineering and counterfeiting. Our research aims at regaining this compromised trust by employing security-aware IC and system design techniques. We are also developing provably secure design-for-trust techniques to thwart attacks launched from untrusted entities in the IC design and manufacturing flow.

Augmenting the IC supply chain security, our work investigates the preserving computational privacy in the presence of untrusted hardware. Our research revisits the traditional hardware architectures built for performance, to include security and privacy considerations during the development stage. Employing cryptographic primitives at the hardware layer renders information leakage meaningless, as the leaked data would be indistinguishable from random bits, effectively protecting the system against side-channel attacks. Such hardware architectures are judiciously selected and developed given the manufacturing, power/delay considerations etc.