Sponsored by:
NSF logo
Latest news:
Important Dates:
Contact Information:
Oakland University

2021 Projects

Advisor: Dr. Ming
Across science and engineering disciplines, it is becoming increasingly common to make use of large datasets, which make it possible for researchers to produce profound new discoveries and contributions. However, most of these scientists and engineers do not specialize in data science. As a result, they may experience technical barriers when trying to make discoveries about their data. DVf is a domain-specific functional programming language designed with general engineers and scientists in mind, offering a set of declarative language-based facilities that address this problem. In working with data sets and machine learning models, DVf must consider the way it handles potentially sensitive information. As a foundational design principle, the functional DVf programming language uses a state-of-the-art scientific workflow framework. Research efforts to improve common security issues under scientific workflow, such as provenance access control policies, should also be extended to the DVf infrastructure. Furthermore, a user of DVf may use their domain knowledge to determine which features would result in the most successful model, which essentially characterizes the related DVf program as user-associated intellectual property. The exposition of such information to unauthorized people would result in a violation of their intellectual property rights. Finally, some adversaries may attempt to reverse engineer a model to learn about the data set used to train the model. The aim of this project is to investigate and enhance the security and confidentiality of information within this programming infrastructure with the goal of protecting personal data and intellectual property.
Advisor: Dr. Lu
React is a JavaScript library that is widely used in web programs. JavaScript is a dynamically typed programming language that adheres to the ECMAScript specification. SAFE 2.0 is a static analysis tool used to analyze JavaScript programs written in the ECMAScript 5 specification. But JavaScript's syntax significantly changed during the switch from ECMAScript 5 to ECMAScript 6. Thus, SAFE cannot be used to analyze most React programs, as many developers have incorporated features from ECMAScript 6 into their code. Good static analysis of React programs is important for improving Internet security because of the prevalence of React and the dynamic nature of JavaScript which can lead to unpredictable outcomes. We will develop methods for statically analyzing new features of ECMAScript 6 which will be an important step towards understanding modern JavaScript programs, particularly React programs.
Advisor: Dr. Sen
The process of security risk assessment aids in understanding what vulnerabilities exist in computer systems and networks along with the likelihood and impact of the exploitation of these vulnerabilities. This process is of great importance to large organizations and individual users as it helps to design and develop cost-effective and efficient security measures. Traditionally, one way of performing risk assessment is by using Bayesian Attack Graphs. However, there are several limitations of this approach such as, scalability, attack backtracking and graphical cycles, tracking and representing multiple attack states, and representing and quantifying colluding and non-colluding attacks. The objective of this project is to design and develop a risk assessment framework in the growing domain of connected and autonomous vehicles (CAV). Scenarios such as vehicle-to-vehicle and vehicle-to-internet inter-connectivity increase the number of attack surfaces. Further, vehicular infrastructure may not support resource-intensive security measures to prevent attacks. The solution lies in developing lightweight security measures and evaluating their potency, the prerequisite to which is performing security risk assessments. The novelty of this research lies in its proposal of using complex probabilities for Bayesian Attack Graph modeling instead of real positive numbers. Based on initial exploratory research, modeling risk assessment using complex probabilities might be able to address the challenges mentioned in the previous paragraph. The research contributions involve creating a CAV attack repository, modeling Bayesian attack graphs using complex probabilities for CAV, and creating a prototype tool deployed through a web-application.
Advisor: Dr. Sen
User-centric service recommendation for Internet of Things (IoT) applications can be defined as identifying, recommending, and provisioning IoT devices that can optimally satisfy any user's personalized service requests. The nature of these IoT services involve users renting out the available IoT devices to either access the sensed data or deploy and execute their applications on these devices. In doing so, users provide their personalized preferences on two different input categories - functional attributes and non-functional attributes. Functional attributes like region of interest or service duration establish the basic requirements of the service. Whereas non-functional attributes like network latency or security personalize the service further and enhance the user's overall experience. The objective of this project is to research the provisioning of network security as a dynamic parameter during user-centric service recommendation for IoT applications. This is because, different users may have varying security requirements for their services which may also change over time. Furthermore, the strength of network security measures inversely affects network quality of service (QoS) metrics like bandwidth or latency. As such, security should not be provisioned as a predetermined static parameter following a universal one-size-fits-all policy. The research tasks involve doing a comprehensive survey of existing lightweight security protocols proposed for IoT applications, designing the scheme for provisioning dynamic network security, integrating its machine learning algorithm to perform service recommendation, and simulating a dynamic and secure IoT service recommendation scenario using an IoT emulator tool like CupCarbon.
Advisor: Dr. Fu
Ransomware is one of the fastest-growing cybersecurity threats and is classified into two types. It can either prevent access by locking your device or it can prevent access by encrypting your files. The recent ransomware attack on the US colonial pipeline shows how disruptive and impactful ransomware attacks can be. Many states in the southeast experienced gas shortages due to the colonial pipeline shutdown spanning from Florida to Pennsylvania. Our growing reliance on information and technology, in addition to the growing number of ransomware families, is becoming a big problem that we can no longer ignore. To fight this growing threat, detection and prevention tools must keep up with the growing number of ways that ransomware can attack and evade. This project will timeline recent ransomware attacks by describing the methodology of the malicious code and describe the impact it has on companies and the rest of society. The goal of this project is to create an effective solution that can detect ransomware and provide countermeasures to a ransomware attack.