Security and Software Engineering Research Center (S2ERC) at Virginia Tech - Phase 2

弗吉尼亚理工大学安全与软件工程研究中心 (S2ERC) - 第 2 阶段

• 批准号: 1650540
• 负责人: T. Charles Clancy
• 金额: $ 30万
• 依托单位: Virginia Polytechnic Institute and State University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-03-01 至 2020-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1650540&HistoricalAwards=false
• 关键词: Security; Software; Engineering; Research; Center

This project supports Virginia Tech's membership in the Security and Software Engineering Research Center (S2ERC) Industry/University Cooperative Research Center (I/UCRC). The mission of S2ERC is to conduct a program of applied and basic research on software security, system security, and software technology problems of interest to its members. The goal of this research is to enable security and software technology gains within member organizations. Virginia Tech's site specifically focuses on challenges with software and security for cyber-physical systems, with a particular emphasis on the emerging areas of critical infrastructure and the Internet of Things. Addressing security and privacy challenges with these technologies are critical to protecting homeland security and preserving civil liberties in an increasingly interconnected world. Research executed through this program will be principally funded by industry partners who join the consortium as members, with the goal of developing commercialization paths for resulting innovation. Additionally students who will be supported on projects will gain insight into real-world problems of direct interest to industry, and will forge relationships that can lead to recruiting and future career placement in an increasingly competitive technology discipline.Ultimately the specific technical problems tackled and approaches considered will be determined by the Industry Advisory Board (IAB) who provides governance for S2ERC. However Virginia Tech seeks to focus on recruiting and sustaining members with a specific interest in the security and privacy challenges with cyber-physical systems. Given the experience of the faculty and researchers involved, research undertaken is expected to leverage deep expertise in security for embedded systems, control systems, and wireless systems. Within the embedded systems domain, we will develop and leverage tools in program analysis and software synthesis to develop provably safe and secure firmware for embedded devices. For control systems we will seek to translate functions typically found in the defense of computer networks into components used in embedded control networks to detect and block anomalous control signaling. Within the wireless area, we seek to ensure resilience within networks such that attempts to disrupt wireless infrastructure have minimal effect on critical functions using the network. With the umbrella of the larger center, we seek to synthesize these concepts into tools and techniques that can transcend each in order to address security overall for systems and systems of systems. Lastly we seek to understand the human element in these cyber-physical systems and work to ensure security technologies integrate with the user experience and are effective in real-world deployments.

该项目支持弗吉尼亚理工大学成为安全和软件工程研究中心 (S2ERC) 行业/大学合作研究中心 (I/UCRC) 的成员。 S2ERC 的使命是针对其成员感兴趣的软件安全、系统安全和软件技术问题开展应用和基础研究。这项研究的目标是在成员组织内实现安全和软件技术收益。 弗吉尼亚理工大学的网站特别关注网络物理系统的软件和安全挑战，特别强调关键基础设施和物联网的新兴领域。 在日益互联的世界中，利用这些技术解决安全和隐私挑战对于保护国土安全和维护公民自由至关重要。 通过该计划执行的研究将主要由作为成员加入该联盟的行业合作伙伴资助，其目标是为由此产生的创新开发商业化路径。 此外，获得项目支持的学生将深入了解行业直接感兴趣的现实问题，并建立关系，从而在竞争日益激烈的技术学科中实现招聘和未来职业安置。最终，解决的具体技术问题和考虑的方法将由为 S2ERC 提供治理的行业咨询委员会 (IAB) 确定。 然而，弗吉尼亚理工大学寻求专注于招募和维持对网络物理系统的安全和隐私挑战特别感兴趣的成员。 鉴于所涉及的教师和研究人员的经验，所进行的研究预计将利用嵌入式系统、控制系统和无线系统安全方面的深厚专业知识。 在嵌入式系统领域，我们将开发并利用程序分析和软件综合工具来为嵌入式设备开发可证明安全的固件。 对于控制系统，我们将寻求将计算机网络防御中常见的功能转换为嵌入式控制网络中使用的组件，以检测和阻止异常控制信号。 在无线领域，我们力求确保网络的弹性，以便破坏无线基础设施的尝试对使用网络的关键功能的影响最小。 在更大中心的保护下，我们寻求将这些概念综合成可以超越每个概念的工具和技术，以解决系统和系统系统的整体安全问题。 最后，我们寻求了解这些网络物理系统中的人为因素，并努力确保安全技术与用户体验相结合，并在现实世界的部署中有效。

项目成果

SIGNet: Scalable Embeddings for Signed Networks

• DOI: 10.1007/978-3-319-93037-4_13
• 发表时间: 2017-02
• 作者: Mohammad Raihanul Islam;B. Prakash;Naren Ramakrishnan

Client Insourcing: Bringing Ops In-House for Seamless Re-engineering of Full-Stack JavaScript Applications

• DOI: 10.1145/3366423.3380105
• 发表时间: 2020-04
• 期刊: Proceedings of The Web Conference 2020
• 作者: Kijin An;E. Tilevich

RT-trust: automated refactoring for trusted execution under real-time constraints

RT-trust：实时约束下可信执行的自动重构

• DOI: 10.1145/3278122.3278137
• 发表时间: 2018
• 期刊: International Conference on Generative Programming: Concepts & Experience
• 作者: Liu, Yin;An, Kijin;Tilevich, Eli
• 通讯作者: Tilevich, Eli

RT-Trust: Automated refactoring for different trusted execution environments under real-time constraints

RT-Trust：实时约束下不同可信执行环境的自动重构

• DOI: 10.1016/j.cola.2019.100939
• 发表时间: 2020
• 期刊: Journal of Computer Languages
• 影响因子: 2.2
• 作者: Liu, Yin;An, Kijin;Tilevich, Eli
• 通讯作者: Tilevich, Eli