College of Engineering and Applied Science » Research » Centers & Labs » Center of Academic Excellence in Cyber Operations » Research

Research

Current Research Projects

Project members: Nan Niu and Wentao Wang

Abstract:

Web applications empower people's ability to acquire information and connect with other. Meanwhile, they also attract the attentions from malicious attackers, affecting the confidentiality, integrity, or availability of critical information. Although security testing has been applied to unit and integration levels, improved approaches are needed for system-level security testing. This project is aimed at leveraging the infrastructure of ORC@UC to create a practical solution for developers and testers to perform system-level security testing of web applications. The main research objectives are to best configure the nodes of ORC@UC to maximize testing efficiency and to develop an innovative way to define sandbox-based resource constraints to quickly discover software vulnerabilities. The project outcomes include new use cases of using OCR@UC for software organizations developing and deploying web applications, as well as practical learning modules for software engineering courses at UC.

Members: Boyang Wang, Gowtham Atluri

Abstract:

Individuals and companies leverage public data services to save local storage and computation overhead. However, due to the presence of hackers, internal attacks and software errors, devastating data breaches keep happening on public servers. Leveraging traditional encryption can protect data privacy for users but disable the capability of performing machine learning algorithms on private data. In this project, we propose a secure and efficient learning scheme over users’ sensitive data. Particularly, by leveraging Ohio Cyber Range@UC, we plan to develop a lightweight scheme, where a public (or an untrusted) server can securely learn and classify sensitive data utilizing k-nearest-neighbor method without accessing users’ data in plaintext. We integrate privacy enhancing technologies, space

Previously Published Research

  • M. Guo, P. Bhattacharya, Mechanism Design in Data Replica Placement Problem in Strategic Settings, Journal of Privacy and Security (Accepted for publication). (Publisher: Taylor and Francis).
  • P. Bhattacharya, L. Yang, M. Guo, M. Yang, Learning Mobile Security with Labware, IEEE Security & Privacy, vol. 12, no. 1, pp. 69-72 (2014). (Publisher: IEEE Computer Society).
  • P. Meharia, D.P. Agrawal, The Human Key: Identification and Authentication in Wearable Devices using Gait, Special Issue on Secured Communication in Wireless and Wired Networks for the Journal of Information Privacy and Security (JIPS), 2015.
  • D.P. Agrawal, Introduction to Special Issue on Secured Communication in Wireless and Wired Networks, Journal of Information Privacy and Security (JIPS), 2015.
  • S. Vaidyanathan, S. Chakraborty, D.P. Agrawal, Efficient reorganization of a multi-hop wireless body area network, AshEse Journal of Engineering, vol. 1, no. 2, pp. 008-015, June 2015.
    Dharma P Agrawal, Secured Communication and Authentication in Wireless Sensor Networks, invited paper, International Journal of Sensors, Wireless Communications and Control, Bentham Science, 2015, vol. 5, no. 1, pp. 1-10.
  • I. Mashal, O. Alsaryrah, T.-Y. Chung, C.-Z. Yang, W.-H. Kuo, and D. P. Agrawal, Choices for Interaction with Things on Internet and Underlying Issues, Ad Hoc Networks Journal, 6 January 2015.
  • A. Prakash, D. P. Agrawal, Y. Chen, Network Coding combined with Onion Routing for Anonymous and Secure Communication in a Wireless Mesh Network, International Journal of Computer Networks & Communications (IJCNC), vol. 6, no. 6, Nov. 2014, pp. 1-14.
  • N. Weragama, J. H. Jun‎, J. Mitro, D. P. Agrawal, Modeling and Performance of a Mesh Network with Dynamically Appearing and Disappearing Femtocells as Additional Internet Gateways, IEEE Transactions on Parallel and Distributed Systems, Vol. 25, no. 5, May 2014, pp. 1278 - 1288.
  • J. H. Jun, W. Fu, and D. P. Agrawal, Impact of biased random walk on the average delay of opportunistic single copy delivery in Manhattan area, Ad Hoc & Sensor Wireless Networks, Ad Hoc and Sensor Wireless Networks, 2014, vol. 20, no. 3/4, pp. 1–28.
  • N. Niu, X. Jin, Z. Niu, J.-R. C. Cheng, L. Li, M.Y. Kataev, A Clustering-Based Approach to Enriching Code Foraging Environment, IEEE Transactions on Cybernetics, Volume:PP, Issue 99, 2015.
  • T. Bhowmik, N. Niu, W. Wang, J.-R. C. Cheng, L. Li, X. Cao, Optimal Group Size for Software Change Tasks: A Social Information Foraging Perspective, IEEE Transactions on Cybernetics, Volume PP, Issue 99, 2015.
    Y. Li, R. Dai, J. Zhang, Morphing communications of Cyber-Physical Systems towards moving-target defense, IEEE International Conference on Communications, pp. 592-598, 2014.

Conferences

  • Coleman Kane, Cyber Intelligence: Concrete Analysis in a Fluid World, at Bsides 2015, Cincinnati, Ohio, July 2015.
  • Kristin Rozier, Systers Lunch keynote speaker, at the Grace Hopper Celebration of Women in Computing (GHC 2014), Phoenix, Arizona, October 10, 2014.
  • John Franco and Vicki Baker, CISSE, Las Vegas, Nevada, June, 2015. Most significantly, participated in the NSF scholarship tutorial.
  • Eric Rozier spoke at the Corporate Law Symposium: Corporate Compliance, March 13, 2015, on the subject of security of Big Data.
  • Eric Rozier was invited speaker and panelist at the Third Biennial Meeting of the World Bank Group’s International Corruption Hunters Alliance, 2014. Talk title: Detecting Suspicious and Anomalous Activities in Award Patterns.
  • Eric Rozier was keynote speaker at the International Foreign Bribery Taskforce Operational Meeting of May 20, 2015. The FBI was the host.
  • Chengcheng Li attended the NICE (National Initiative For Cybersecurity Education) conference in Washington, D.C. This conference is primarily a professional networking event that discusses National Cybersecurity Workforce Framework and educational opportunities. It’s funded by NSF and NSA.
  • Chengcheng Li attended a 3-day SEED (SEcurity EDucation) workshop in Syracuse, New York. This is an NSF funded workshop that develops and disseminates cybersecurity education materials.
  • Chengcheng Li attended a 6-week Cybersecurity Summer Research Workshop in New York City. This is another NSF funded workshop that teams college faculty with NYU’s cybersecurity faculty, allowing college faculty to learn, observe, and participate in ongoing research projects. We created a team with NYU faculty and the US Secret Service, conducting email forensics. Three research papers may come out of this activity within the next 6 months. During the workshop, we also formed long-term collaboration teams to conduct research on cybersecurity education and writing NSF grant proposals.
  • W. You, K. Qian, M.Guo, P.Bhattacharya. A hybrid approach for mobile security threat analysis, 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WISEC 2015): 28, New York City, June 2015.
  • W. You, K. Qian, D. Lo P.Bhattacharya, Y. Qian. Web Service-enabled Spam Filtering with Naïve Bayes Classification, IEEE Big Data Service Conference, 2015. San Francisco.
  • D. Lo, K. Qian, W. Chen, T. Rogers, P.Bhattacharya, J. Chern, A Hands-On Learning Labware Design of Defensive Programming on Mobile Application Development, IEEE Integrated STEM Education Conference, 2015, Princeton, NJ.
  • H. Chun, Y. Elmehdwi, F. Li, P. Bhattacharya, J. Wei, Outsourceable two-party privacy-preserving biometric authentication, 9th acm symposium on information, computer and communication security (asiaccs), kyoto, japan, june 2014, pp. 401-412.
  • M. Guo, P. Bhattacharya, C.T.D. Lo, X. He, Enhancing the Information Assurance and Security (IAS) in CS Education with Mobile-device based Hands-on Labs, 19th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education, p. 343 June 2014, Uppsala, Sweden.
  • M. Guo, P. Bhattacharya, C.T.D. Lo, X. He, Problem Solving Hands-on Labware for Teaching Big Data Cybersecurity Analysis, World Congress on Engineering and Computer Science (WCECS'14), San Francisco, October 2014, vol. 1, pp. 344-348.
  • M. Guo, P. Bhattacharya, Diverse virtual replicas for improving intrusion tolerance in the cloud, 9TH Cyber and Information Security Research Conference, Oak Ridge, TN, pp. 41-44, April 2014.
  • P. Meharia, D. P. Agrawal, The Able Amble: Gait Recognition using Gaussian Mixture Model for Biometric Applications, International Workshop on Future Information Security, Privacy and Forensics for Complex Systems (FISP-2015), in conjunction with 12th ACM International Conference on Computing Frontiers (CF-2015), Ischia, Italy, May 18-21, 2015.
  • A. Mishra and D. P. Agrawal, Continuous Health Condition Monitoring by 24x7 Sensing and Transmission of Physiological data over 5-G Cellular Channels, Invited Paper, International Conference on Computing, Networking and Communications, (ICNC 2015) Anaheim, California, USA, Feb. 16-19, 2015, pp. 584-590.
  • A. G. Krishnamurthy, J. Jun, D. P. Agrawal, Temperature gradient search for temperature-aware routing in Bio-medical Sensor networks, 9th International Conference on Body Area Networks, September 29–October 1, 2014, London, Great Britain.
  • M. Stockman, R. Heile, A. Ren, An Open-Source Honeynet System to Study System Banner Message Effects on Hackers, ACM/SIGITE Research in IT Conference ‘15 Proceedings and the ACM Digital Library, 2015.
  • M. Stockman, Insider Hacking: Applying Situational Crime Prevention to a New White-Collar Crime, ACM/SIGITE Research in IT Conference ‘14 Proceedings and the ACM Digital Library, 2014.

Grants

  • NSF Award Number: 1241651, Collaborative Project: Capacity Building in Mobile Security Through Curriculum and Faculty Development, Li Yang, University of Tennessee Chattanooga (PI), Prabir Bhattacharya, University of Cincinnati (Co-PI), program officer: R. Corby Hovis, 2012-2015, renewable with new proposal.
  • NSF Award Number: 1244697, Collaborative Research: Real World Relevant Security Labware for Mobile Threat Analysis and Protection Experience, Prabir Bhattacharya, University of Cincinnati (PI), John Franco, University of Cincinnati (Co-PI), Yi Pan, Georgia State University (Co-PI), Southern Kai Qian, Polytechnic State University (Co-PI), program officer: Valerie Barr, 2013-2016, renewable with new proposal.
  • NASA Aeronautics Research Institute (NARI), Efficient Reconfigurable Cockpit Design and Fleet Operations using Software Intensive, Networked and Wireless Enabled Architecture (ECON), Eric Rozier (Co-I), 2015-2016. Work will develop secure and trustworthy methods for communication in wireless and cloud enabled cockpit systems during aircraft operation.
  • World Bank, Development of an Entity Resolution Methodology for the World Bank Group, Eric Rozier, University of Cincinnati (PI), 2015-2016. Work will help fight corruption in large-scale multi-national procurement by identifying patterns that are predictive of collusion, corruption, and fraud.
  • NSA Laboratory for Telecommunication Science, Early Response to Attack Vectors Using Low Confidence Indicators, with Coleman Kane, submitted.
  • NSF Award Number: 1404766, Challenge-Based Learning and Engineering Design Process: Enhanced Research Experiences for Middle and High School In-Service Teachers, Project 6: Secure Cyberspace, 2015-2016.
  • Faculty Development Funds, Interdisciplinary Cybersecurity Program of Applied Learning and Research, Richard Harknett (Principal) with Mark Stockman, Joe Nedelec and John Franco.
  • Ohio Board of Regents Equipment Grant for IT Workforce Development, Chengcheng Li. The grant was completed this summer. Most of the funding was used to set up remote cybersecurity labs and purchasing security software.
  • NSF Award Number: 1440420, SI2-SSE: Scalable Big Data Clustering by Random Projection Hashing, Phillip Wilsey, University of Cincinnati (PI), 2014-2017. Random Projection Hashing is combined with Locality Sensitive Hashing to implement an algorithm that performs clustering across a distributed data set without exchanging protected data between the distributed data sets in a map-reduce framework.