CyLab’s Future Enterprise Security Initiative has announced its second round of funded proposals.

The 12 selected proposals will empower researchers and industry leaders to rethink security across enterprise ecosystems through innovations in artificial intelligence, computer science, engineering, and human-factors research.

Each project falls under one of the four FutureEnterprise@CyLab key research thrusts:

• AI-driven workflows to automate security management and data-driven decision-making to minimize the need for large human teams
• Collaborative capabilities for real-time global visibility for security decision making
• Foundations for understanding cyber risk and dependencies in complex ecosystems and supply chains
• Least-privilege-by-design infrastructure, including trustworthy outsourcing, remote work/management, and deployable software-defined architectures

This year, Generative AI and Large Language Models (LLMs) were added as a technology of interest in all four research thrusts.

Funding for the projects is made possible by sponsorships from Amazon Web Services, Cisco, Microsoft, Nokia Bell Labs, PNC, and the VMware University Research Fund. Sponsors actively worked with FutureEnterprise@CyLab Co-Directors Lujo Bauer and Vyas Sekar on proposal requests and reviews.

During the execution of these projects, faculty will collaborate with FutureEnterprise@CyLab sponsors to develop a suite of novel foundations and technologies, re-imagining ways to achieve security in small- and medium-sized enterprise systems.

“The Future Enterprise Security Initiative brings lots of value to CyLab because we get to benefit from sponsors’ expertise — both their technical expertise and their understanding of which problems they're struggling with most — so that we can direct our research energies towards solving the problems that really matter right now,” said Bauer.

Funded Projects

Collaborative Capabilities

Adversarial Robustness and Unhardening Dynamics in Federated Learning

• PI: Carlee Joe-Wong - Associate Professor, Electrical and Computer Engineering (ECE)

Evaluating Large Language Models’ Privacy Risks with Privacy Attacks

• PI: Steven Wu - Assistant Professor, Software and Societal Systems Department (S3D)

Risk Assessment

Combining Program Synthesis and LLMs to Identify Code-Injection Vulnerabilities in Node.js packages

• PIs: Ruben Martins - Assistant Research Professor, CSD and Limin Jia - Research Professor, ECE

ODO: Open Dependency Observatory for Software Dependencies

• PIs: Yuvraj Agarwal - Associate Professor, S3D and Rohan Padhye - Assistant Professor, S3D

Harnessing LLMs for enabling fuzzing of high-level API properties

• PI: Rohan Padhye - Assistant Professor, S3D

AI-Driven Workflows

Conversational AI to Simplify Wireless Enterprise Security

• PI: Swarun Kumar - Associate Professor, ECE

LLM Self-Defense Against Adversarial Attacks for Coding Tasks

• PI: Corina Pasareanu - Principal Systems Scientist, CyLab and Limin Jia - Research Professor, ECE

Least Privilege By Design

Beyond Zero Trust Architectures for Enterprise Security

• PI: Virgil Gligor - Professor, ECE

Verus: Enabling Engineers to Develop Provably Secure and Performant Software

• PI: Bryan Parno - Associate Professor, CSD and ECE

Adaptive Deployment of SDN/NFV Network Security Infrastructure with SyNAPSE

• PI: Justine Sherry - Associate Professor, Computer Science Department (CSD)

Provable and Practical Defenses against Spatial Algorithmic Complexity Attacks

• PI: Justine Sherry - Associate Professor, CSD

Enhancing Security and Portability with Lightweight Sandboxing using the WebAssembly Linux Interface

• PIs: Ben L. Titzer - Principal Researcher, S3D and Anthony Rowe - Professor, ECE