Research

Securing software, hardware, systems, and the safety and privacy of those who access them, relies on an integrated network of technological, legal, and social approaches. Research initiatives at the Center for Cybersecurity reflect this diversity of topics and approaches, as well as the application of the interdisciplinary expertise required to implement effective security solutions.

Below are very broad descriptions of the primary research categories in which CCS faculty and students are proving to be defensive game-changers.

You can stay abreast of all the CCS research initiatives making headlines by checking the postings under Press Highlights and CCS News.


SPECIALIZATIONS

According to the website of the U.S. Department of State’s Bureau of International Narcotics and Law Enforcement Affairs, the FBI estimated that, in 2020, more than $4 billion was lost in the United States to cybercrime activities. These attacks can range from the use of cyber technology for illegal surveillance and online harassment, to the manipulation of access to in-demand items through dark web marketplaces. Research initiatives from the Center for Cybersecurity have addressed strategies for mapping and disrupting cybercrime networks, and designed legal and policy interventions that can deter criminal networks from raising, storing, moving, and using funds.

When it comes to cybersecurity, who is responsible for developing and enforcing policies to adequately address current and future risk? Our work on cyber governance aims to identify the appropriate roles and obligations of various stakeholders—including private companies and government agencies. This includes issues of technical capacity, the regulatory environment, and commercial incentives.

Cyberphysical systems are mechanical systems that are monitored and controlled by computers. Attacks aimed at cyberphysical systems can have catastrophic effects on electric power generation and delivery, traffic flow management, public health, national and economic security, and more. Our work focuses on enhancing the security and resilience of these systems.

Securing systems and the software that powers them requires a multitude of approaches. Current research initiatives at CCS address virtualization security, memory forensics, embedded systems, data compression, security and human behavior, and the delivery of secure updates to repositories, automobiles, and other smart devices. A common thread among all these initiatives is that they are based on deployments in real world systems. In addition, CCS projects have empirically measured the security and privacy of technology systems and their intersections with society. These latter initiatives address security and privacy issues with great societal impact, such as censorship, online harassment, and the protection of vehicular systems.

As our society has been transformed into a “digital world,” where most information is created, captured, transmitted, stored, and processed in digital form, it has also spawned a new way to preserve, collect, validate, identify, analyze, interpret, document, and present digital evidence. In addition to fostering the development of these emerging technologies, there may also be a need to set parameters for their use, both legally and ethically.

In the computer science field, security has generally been piecemeal in nature, rather than a holistic operation that can guarantee the security of a project from end to end. Two different CCS initiatives are now tackling the need to secure the supply chain when creating hardware and/or software.