Grants Awarded

Grants Awarded

Below is a list of recent grants and external funding awarded to UCF faculty for CD education and/or research. A number of these grants are collaborative with colleagues from other institutions (some of these institutions are Centers of Academic Excellence for Cyber Defense).  

Title: TWC: Small: Collaborative: Toward Trusted 3rd-Party Microprocessor Cores: A Proof Carrying Code Approach 

  • Funding Agency: National Science Foundation (http://www.nsf.gov
  • PI, Co-PIs: Yier Jin (ECE; University of Central Florida), Yiorgos Makris (EE; UT Dallas) 
  • Period of Funding: October 1, 2013-September 30, 2016 
  • Amount of Funding: $259,731 (UCF portion); $216,606 (UT Dallas portion) 

Abstract: Third-party hardware Intellectual Property (IP), written as code in a Hardware Description Language (HDL), is extensively used in modern integrated circuits. Contemporary electronics typically include 75% of third party hardware IP and only 25% in-house design to provide customization or a profit-making edge. Such extensive use of third-party hardware IP in both commercial and military applications raises security and trustworthiness concerns, especially in today's globalized market. Malicious modifications to a module's HDL code may introduce vulnerabilities, jeopardizing the security of the larger system within which it is integrated. So how does one protect electronics from the threat of potentially tampered with third-party hardware IP? To this end, this project is developing a framework for facilitating acquisition of provably trustworthy microprocessor cores. Drawing concepts from software proof-carrying code (PCC), security-related properties are codified in a temporal logic to outline the boundaries of trusted operation. In the case of microprocessor cores, these security properties ensure that the microprocessor instruction set architecture (ISA) does not introduce malicious architectural state changes, thereby preventing attackers from using a programming interface to exploit maliciously introduced hardware modifications. A formal proof of these security properties is then crafted by the vendor and presented to the consumer, who can automatically check correctness and validate compliance to the security properties. An ecosystem for developing provably trustworthy microprocessor cores, including a foundations framework, libraries, software tools, and demonstrations, as well as an educational module on Trusted Integrated Circuits and Systems are being developed as part of this project. 

Title: TWC: Medium: Collaborative: Flexible and Practical Information Flow Assurance for Mobile Apps 

  • Funding Agency: National Science Foundation (http://www.nsf.gov
  • PI, Co-PIs: Gary Leavens (CS; University of Central Florida), David Naumann (CS; Stevens Institute of Technology) 
  • Period of Funding: August 1, 2012-July 31, 2016 
  • Amount of Funding: $333,690 (UCF portion), $631,808 (Stevens Institute of Technology portion) 

Abstract: This project is developing tools and techniques for cost-effective evaluation of the trustworthiness of mobile applications (apps). The work focuses on enterprise scenarios, in which personnel at a business or government agency use mission-related apps and access enterprise networks. In such scenarios there are incentives and resources for much more substantive evaluations and controls on information flow than are currently found in commodity app marketplaces. The project aims to advance the science needed for static techniques to be usable by professional development and evaluation teams and useful for achieving dramatically improved assurance. The project's goals are to: (a) find flexible and expressive ways to specify information flow requirements for apps, (b) find effective ways to specify what is assumed about the Android platform, and (c) find practical static analysis and verification techniques to check security of apps with respect to given policies and the platform. Results include specification techniques and theory - models and algorithms. These are applied in case studies with prototype tools that the project develops, to evaluate how well the goals are achieved. The project's techniques can be deployed by certification organizations to provide scientifically sound techniques for assurance, thus enabling the full benefits of highly-integrated mobile software in mission-critical situations. Software designers will benefit from being able to precisely specify end-to-end requirements as well as component interfaces. Software developers will benefit from reliable means to detect design flaws and bugs, malware in third-party software, and unintended functionality that exposes vulnerabilities. Beyond the specific target of mobile software, the techniques will be of use in other settings, especially web applications, where it is crucial to reason about interfaces between mutually untrusting parties making heavy use of callbacks. The project could help improve security in government agencies and private sector, indirectly benefitting national security and the general population. 

Title: SHF: Small: Exascale Formal Verification Algorithms for Parameterized Probabilistic Models of Complex Computational Systems 

  • Funding Agency: National Science Foundation (http://www.nsf.gov
  • PI, Co-PIs: Sumit Kumar Jha (Computer Science; University of Central Florida) 
  • Period of Funding: July 1, 2014- June 30, 2017 
  • Amount of Funding: $503,627 

Abstract: We will investigate exascale statistical model checking algorithms for verifying the correctness requirements and performance specifications of parameterized probabilistic complex computational models. Such models serve as abstractions for describing a variety of computational systems, including multi-outcome predictive models, autonomous cyber-physical systems, intelligent software systems and upcoming memristor-based crossbar computing architectures. Probabilities effectively capture the inherent uncertainty involved in describing human and environmental inputs to computational systems. Probabilistic models also serve as useful abstractions that describe the use of randomness for computation in intelligent software and hardware. A computational system often includes one or more parameters that can be tuned to ensure that its behavior satisfies a given suite of desired domain-specific objectives. The formal verification of such Parameterized Probabilistic models of Complex Computational systems (P2C2) against observed data, correctness requirements and performance specifications is of fundamental importance to several critical applications, including trusted software development, reliable probabilistic programming for advancing machine learning and high-assurance cyber-physical systems.   

Title: Design and Validation of Cyber-security Applications for Mobile Banking Platforms 

  • Funding Agency: Royal Bank of Canada 
  • PI, Co-PIs: Sumit Jha (CS; University of Central Florida) 
  • Period of Funding: February 19, 2015- February 18, 2016 
  • Amount of Funding: $50,000 

Abstract: The Royal Bank of Canada's Innovation Accelerator Lab, Orlando (Company) conducts research and development in high-assurance banking software development, and cyber-security tools to support trustworthy mobile computing for their clients. In the project under which this subcontract is being let, "Design and Validation of Cyber-security Applications for Mobile Banking Platforms," the Company is investigating novel secure platforms for performing mobile banking operations of our clients. 

Title: Smart Grid Security Protection through Cross-Layer Approaches 

  • Funding Agency: University of South Florida Education Institute (http://thefc2.org/research/grant.aspx
  • PIs, Co-PIs: Yier Jin (ECE; University of Central Florida), Changchun “Cliff” Zou (CS; University of Central Florida), Yao Liu (ECE; University of South Florida) 
  • Period of Funding: March 1, 2015- February 29, 2016 
  • Amount of Funding: $50,000 

Abstract: Supporting smart grids with cyber-physical systems (CPS) is an inevitable trend that will be realized in the next few decades. However, the associated vulnerabilities and security of the proposed energy infrastructure, which combines behaviors of both cyber and physical elements, has largely been ignored. In particular, security considerations focusing on smart device design and deployment and the smart device distribution topology is disregarded. This implies that the next generation of smart grids will be built upon insecure networked system with insecure devices, thereby leaving them entirely unprotected and inherently vulnerable to attacks at different levels. Accordingly, prior to smart grid commercialization, we propose a new security specification dedicated for smart device design and deployment in order to enhance security in energy-based CPS. A security evaluation testbed will then be developed and guided by the security specifications. Each enforceable security specification will directly address a certain type of malicious attack, either at hardware level or at network level, which will then be evaluated via the development of the security evaluation testbed. As a result, the smart grid testbed will enable system designers to easily identify the security vulnerabilities of each device, and ensure the security of smart grid construction prior to deployment. Prototypes of smart grid will then be developed as a first step toward secure energy-based CPS mass production. 

Title: Avalanche Effect in Cyber-Physical Systems Security under Large-Scale Cyberattacks on Smart Devices 

  • Funding Agency: Southeastern Center for Electrical Engineering Education 
  • PI, Co-PIs: Yier Jin (ECE; University of Central Florida) 
  • Period of Funding: July 1, 2015 – June 30, 2016 
  • Amount of Funding: $33,333 

Abstract: Using a smart grid as an example, we will attempt to investigate the avalanche effect of persistent attacks and to check whether this type of attack can cause catastrophic and/or irreversible consequences. We will also aim to develop solutions to enhance CPS security and prevent avalanche-style attacks by enhancing smart devices. The outcome from this project will serve as preliminary results for our future proposal toward highly-secure CPS construction. 

Title: Vulnerability and Survivability of Cyberspace: Basic Science to Applications 

  • Funding Agency: University of South Florida Education Institute (http://thefc2.org/research/grant.aspx
  • PIs: Mainak Chatterjee (CS; University of Central Florida), Ming Zhao (SCIS; Florida International University) 
  • Period of Funding: March 1, 2015- February 29, 2016 
  • Amount of Funding: $25,000 (UCF portion), $25,000 (FIU portion) 

Abstract: This seed project investigates the theoretical underpinnings and the engineering tradeoffs that determine the vulnerability and survivability of the cyberspace. The developed theory will be applied to characterize the topological structure of the cyberspace and identify the most critical components that must be better protected. Strategies and policies will be devised that would aid the survivability and recovery of components after a successful attack. Tools and techniques will be borrowed from several domains– graph theory, algebraic topology, evolutionary game theory, and dynamical systems theory. 

Title: Identity Assurance using Biometrics for Cybersecurity 

  • Funding Agency: University of South Florida Education Institute (http://thefc2.org/research/grant.aspx
  • PI, Co-PIs: Mubarak Shah (CS; University of Central Florida), Rangachar Kasturi (CSE; University of South Florida) 
  • Period of Funding: March 1, 2015- February 29, 2016 
  • Amount of Funding: $20,000 (UCF portion), $20,000 (USF portion) 

Abstract: We propose to design, build, and demonstrate a prototype Continuous Identity Assurance module that deploys both physical and behavioral biometrics including software for baseline person recognition/tracking and keystroke dynamics matching algorithms. 

Title: Cyber Mission Assurance for Secure Mobile Healthcare System 

  • Funding Agency: University of South Florida Education Institute (http://thefc2.org/research/grant.aspx
  • PI, Co-PIs: Jiann-Shiun Yuan (ECE; University of Central Florida), Yuguang Fang (ECE; University of Florida) 
  • Period of Funding: March 1, 2015- February 29, 2016 
  • Amount of Funding: $20,000 (UCF Portion), $20,000 (UF portion).  

Abstract: We propose to study the cyber mission assurance using the information flow tracking technique for mobile healthcare system to achieve security and privacy. A secure eHealthcare system is very important for Florida elderly population and research in cyber mission assurance is in aligned with the priorities set by the Florida Center for Cybersecurity (FC2). The joint University of Florida (UF) and University of Central Florida (UCF) team is equipped with the expertise and qualification to conduct such a proposed research. The PI and Co-PI have an extensive track record of external funding from the National Science Foundation (NSF). Additional external funding from NSF, National Institute of Health (NIH), and Department of Defense (DoD) will be sought to continue our research effort in cyber security, especially for a secure and trusted mobile healthcare system. 

Title: Aging-Aware Hardware-Trojan Detection at Runtime 

  • Funding Agency: University of South Florida Education Institute (http://thefc2.org/research/grant.aspx
  • PI, Co-PIs: Ronald DeMara (ECE; University of Central Florida), Selçuk Köse (EE; University of South Florida) 
  • Period of Funding: March 1, 2015- February 29, 2016 
  • Amount of Funding: $25,000 (UCF Portion), $25,000 (USF portion).  

Abstract: Existing on-chip voltage converter topologies will be enhanced as a hardware Trojan detector with a small area overhead that will enable the detection of hardware Trojans at runtime. The individual voltage converter stages will be exploited as an on-chip hardware Trojan detector with the help of local sensors by leveraging their distributed nature with negligible area and power overhead. A novel aging sensor is proposed to consider the aging of voltage converters when the device is in the field for a longer period of time. 

Title: The Design and Validation of Computational Models for Cyberinsurance Pricing 

  • Funding Agency: CyberRisk Partners, LLC 
  • PI, Co-PIs: Sumit Kumar Jha (CS; University of Central Florida) 
  • Period of Funding: June 1, 2015- December 31, 2016 
  • Amount of Funding: $54,333 

Abstract: The CyberRiskPartners LLC (Company) conducts research and development in cyberinsurance pricing, and predictive tools to support the cyberinsurance business of our clients. This project is developing novel prediction algorithms for pricing cyberinsurance policies.