At the heart of countless cyberattacks is a single flaw in the code making up a piece of software. CyLab researchers are focusing their efforts on improving software security in a variety of ways, from creating automated methods of finding and fixing software bugs to verifying the security of software without compromising its performance.
- data security and privacy
- formal methods for security
- language-based security
- malware analysis and detection
- privacy engineering
- software security
- web security
Software security @ CyLab
Virgil Gligor inducted to the Cybersecurity Hall of Fame
Achieving provably-secure encryption
With every text message we send, every email, every item we purchase online, we blindly rely on the process of encryption, the scrambling of data that protects it from unwanted eyes.
But encryption is hard to get right
CyLab's Gligor and Woo receive Distinguished Paper Award for breakthrough result on establishing "root of trust"
In a breakthrough study, "Establishing Root of Trust Unconditionally," CyLab researchers Virgil Gligor and Maverick Woo present a test that can be run on any computing device to show whether the device has been infected with malware or not. The study was presented at last week's Network and Distributed Systems Security (NDSS) Symposiumin San Diego, California, where it received a Distinguished Paper Award.
CMU student discovers website leaking locations of cell phone customers
Some cybersleuthing by Robert Xiao, a Ph.D. student in the Human-Computer Interaction Institute, uncovered a security vulnerability on the website of LocationSmart, a Carlsbad, Calif., company that provides a service for identifying the real-time location of mobile phones in the United States and Canada.
CyLab team develops promising tool to help prevent cross-site scripting (XSS) attacks
To improve smartphone privacy, control access to third-party libraries
Smartphone apps that share users’ locations, contacts and other sensitive information with third parties often do so through a relative handful of services called third-party libraries, suggesting a new strategy for protecting privacy, Carnegie Mellon University researchers say.
CMU hackers give a glimpse into the hacker psyche
Today, billions of things are connected to the Internet – from smartphones and smart thermostats to critical infrastructure like the electric grid or water distribution systems. All of these “things” make up the so-called Internet of Things (IoT), and it’s growing at an unprecedented rate. In this podcast episode, David Brumley shares his thoughts on why there’s a shortage of cybersecurity talent right now, and members of PPP share their thoughts on hacking, giving us all a glimpse into the hacker psyche.