Cybersecurity is generally thought of as the implementation of strategies to protect computer systems or the Internet against viruses or fraud. Yet, in actual practice, cybersecurity is not one discipline, but an integrated network of technological, legal, and social issues. The Center for Cybersecurity embraces “problem-driven research” in all aspects of the profession. Research initiatives begin by identifying an issue: a privacy concern, an existing gap in a security framework, or a growing threat of truly fake news aided by doctored images. Then, CCS faculty marshals its cross-disciplinary resources to design a viable solution.
Follow the links below to learn more about the research conducted and implemented by our community.
Research initiatives have addressed strategies for mapping and disrupting cybercrime networks, and legal and policy interventions that can deter criminal networks from raising, storing, moving, and using funds.
When it comes to cybersecurity, who is responsible for developing and enforcing policies to adequately address current and future risk? Our work on cyber governance aims to identify the appropriate roles and obligations of various stakeholders—including private companies and government agencies. This includes issues of technical capacity, the regulatory environment, and commercial incentives.
As cybersecurity is still a young discipline, many of the strategic frameworks that will define it are still in formation. CCS research is working to sharpen the boundaries between cybersecurity and intelligence authorities, the ways in which cyber capabilities are integrated into larger strategic structures, and the development of international laws and norms.
Cyberphysical systems are mechanical systems that are monitored and controlled by computers. Attacks aimed at cyberphysical systems can have catastrophic effects on electric power generation and delivery, traffic flow management, public health, national and economic security, and more. Our work focuses on enhancing the security and resilience of these systems.
Securing systems and the software that powers them requires a multitude of approaches. Current research initiatives at CCS address virtualization security, memory forensics, embedded systems, data compression, security and human behavior, and the delivery of secure updates to repositories, automobiles, and other smart devices. A common thread among all these initiatives is that they are based on deployments in real world systems. In addition, CCS projects have empirically measured the security and privacy of technology systems and their intersections with society. These latter initiatives address security and privacy issues with great societal impact, such as censorship, online harassment, and the protection of vehicular systems.
As our society has been transformed into a “digital world,” where most information is created, captured, transmitted, stored, and processed in digital form, it has also spawned a new way to preserve, collect, validate, identify, analyze, interpret, document, and present digital evidence. In addition to fostering the development of these emerging technologies, there may also be a need to set parameters for their use, both legally and ethically.
In the computer science field, security has generally been piecemeal in nature, rather than a holistic operation that can guarantee the security of a project from end to end. Two different CCS initiatives are now tackling the need to secure the supply chain when creating hardware and/or software.