Security Research - overview
About the Team
The TJW Security Department's research focuses on developing security technologies, design methodologies, best practices and standards. The goal is to significantly raise the bar on the quality of security in products and services while simultaneously easing the overhead of developing and deploying such secure solutions.
Members of the group are known for their pioneering work on a variety of topics that have led to new technologies being incorporated in IBM's products and services, definitive industry leading standards as well as publications in premier security workshops and conferences.
The group continues to do innovative work on various topics including:
- cryptographic research from the theoretical foundations to the design and implementation of practical protocols.
- cybersecurity analytics
- cloud security and secure service delivery environments
- emerging identity and access control management such as privileged user monitoring, role modeling and mining
- secure hypervisors and operating systems
- secure processor technologies via physical secure co-processors, service processors and novel hardware architectures
- ethical hacking as part of theGlobal Security Analysis (GSAL) activities
In The News
- 2013-08: Our collaboration with UCLA on code obfuscation which will be presented as paper Candidate Indistinguishability Obfuscation and Functional Encryption for All Circuits at the IEEE Symposium on Foundations of Computer Science in October got very positive news coverage.
- 2013-05: The paper Candidate Multilinear Maps from Ideal Lattices (eprint version) by Sanjam Garg, Craig Gentry and Shai Halevi won the Best Paper Award at the IACR Eurocrypt conference: In this scientific break-through we describe plausible lattice-based constructions with properties that approximate the sought-after multilinear maps in hard-discrete-logarithm groups, and show an example application of such multilinear maps that can be realized using our approximation.
- 2013-05: The paper Pinocchio: Nearly Practical Verifiable Computation by Bryan Parno, Craig Gentry, Jon Howell and Mariana Raykova won the Best Paper Award at the IEEE Symposium on Security and Privacy, Oakland: In this paper and corresponding implementation we present a novel scheme to efficiently verify general computations delegated to the cloud, hence instilling greater confidence in such outsourcing. See also news coverage in the MIT Review.
- 2013-03: After passing a very successful first phase, our projects Hermes and ESPADA got funded for a second phase as part of the U.S. Intelligence Advanced Research Projects Activity (IARPA)'s SPAR programme, for work on homomorphic encryption and large-scale privacy-preserving database query and manipulation, respectively. See papers in Eurocrypt'12, PKC'13, Crypto'12, Crypto'13 and CCS'13 for some results.
- 2012-10: The U.S DHS Advanced Research Projects Agency awarded us a grant for the project Hardware Support for Malware Defense and End-to-End Trust in the BAA 11-02 programme. The project pursues novel research in hardware-supported malware defense and end-to-end trust, spanning a range of computing devices from servers, embedded and mobile devices and low end sensors and actuators. We will investigate what (minimal) set of changes at the hardware layers will allow to minimize the currently significant attack surface, to provide stronger isolation between different workloads (applications, processes, Virtual Machines) and to enable monitoring and verification of the integrity of these workloads. See the SecureBlue++ technical report and our presentation at the Linux Security Summit 2013 for some results.
- 2012-10: In the the highly competitive (less than 4% acceptance) U.S. DHS Advanced Research Projects Agency BAA 11-02 programme we got also won a grant for a second project: Usable Multi-Factor Authentication and Risk-based Authorization. The proposal is based on our research on reducing security risk for mobile transactions through context-aware usable strong authentication and risk-based authorization. The work leverages a range of novel techniques in security, systems, usability, accessibility and biometrics to develop an intelligent multi-factor authentication and authorization solution for mobile devices. See papers in ACSAC'12 and RAID'13 for some results.
To find out more about our activities, explore the following list of current projects:
- Cybersecurity Network & Device Analytics
- Cryptographic Research
- Mobile Security
- Systems and Cloud Security
You might also be interested in some of our completed projects ...
If you are interested in these topics and you have a strong background in security, software engineering and services: Our team has openings for a variety of research positions including interns, coops and Research Staff Members. Please contact Josyula R. Rao for more information.