Security Research       

links

Security Research - News

• 2013-08: Our collaboration with UCLA on code obfuscation which will be presented as paper Candidate Indistinguishability Obfuscation and Functional Encryption for All Circuits at the IEEE Symposium on Foundations of Computer Science in October got very positive news coverage.
• 2013-05: The paper Candidate Multilinear Maps from Ideal Lattices (eprint version) by Sanjam Garg, Craig Gentry and Shai Halevi won the Best Paper Award at the IACR Eurocrypt conference: In this scientific break-through we describe plausible lattice-based constructions with properties that approximate the sought-after multilinear maps in hard-discrete-logarithm groups, and show an example application of such multilinear maps that can be realized using our approximation.
• 2013-05: The paper Pinocchio: Nearly Practical Verifiable Computation by Bryan Parno, Craig Gentry, Jon Howell and Mariana Raykova won the Best Paper Award at the IEEE Symposium on Security and Privacy, Oakland: In this paper and corresponding implementation we present a novel scheme to efficiently verify general computations delegated to the cloud, hence instilling greater confidence in such outsourcing. See also news coverage in the MIT Review.
• 2013-03: After passing a very successful first phase, our projects Hermes and ESPADA got funded for a second phase as part of the U.S. Intelligence Advanced Research Projects Activity (IARPA)'s SPAR programme, for work on homomorphic encryption and large-scale privacy-preserving database query and manipulation, respectively. See papers in Eurocrypt'12, PKC'13, Crypto'12, Crypto'13 and CCS'13 for some results.
• 2012-10: The U.S DHS Advanced Research Projects Agency awarded us a grant for the project Hardware Support for Malware Defense and End-to-End Trust in the BAA 11-02 programme. The project pursues novel research in hardware-supported malware defense and end-to-end trust, spanning a range of computing devices from servers, embedded and mobile devices and low end sensors and actuators. We will investigate what (minimal) set of changes at the hardware layers will allow to minimize the currently significant attack surface, to provide stronger isolation between different workloads (applications, processes, Virtual Machines) and to enable monitoring and verification of the integrity of these workloads. See the SecureBlue++ technical report and our presentation at the Linux Security Summit 2013 for some results.
• 2012-10: In the the highly competitive (less than 4% acceptance) U.S. DHS Advanced Research Projects Agency BAA 11-02 programme we got also won a grant for a second project: Usable Multi-Factor Authentication and Risk-based Authorization. The proposal is based on our research on reducing security risk for mobile transactions through context-aware usable strong authentication and risk-based authorization. The work leverages a range of novel techniques in security, systems, usability, accessibility and biometrics to develop an intelligent multi-factor authentication and authorization solution for mobile devices. See papers in ACSAC'12 and RAID'13 for some results.
• 2011-11-20: NJIT is hosting this falls NYC Security & Privacy Day on Dec. 2, 2011. See http://cs.njit.edu/~crix/SnP11/index.html for program and more information.
• 2011-09-30: In the context of U.S. Defense Advanced Research Projects Activity (DARPA)'s PROCEED and U.S. Intelligence Advanced Research Projects Activity (IARPA)'s SPAR programmes, our department has won won three research grants to work on homomorphic encryption and privacy-preserving database querying.
• 2010-06-06: For his breakthrough construction of a fully homomorphic encryption scheme, our Craig Gentry received the Grace Murray Hopper Award
• 2010-05-30: Our work on secure key derivation function, published in Advances in Cryptology -- CRYPTO, 2010 got standardized at IETF as RFC 5869.
• 2010-05-17: Our pioneering work on Homomorphic Encryption continues to garner recognition: Craig Gentry's STOC 2009 paper has been award the PET Award Award for Outstanding Research in Privacy Enhancing Technologies, his thesis won the prestigious ACM Doctoral Dissertation Award and various new results have appeared in this years major cryptography conferences Eurocrypt and Crypto.
• 2010-03-30: U.S. Federal Aviation Administration selects IBM to Design and Build Advanced Cyber Security Analytics System.
• 2010-02-04: U.S. Air Force selects IBM to Design and Demonstrate Mission-Oriented Cloud Architecture for Cyber Security , to benefit from technologies such as Trusted Virtual Data Center (TVDc) and Security Services in Virtualized Environments as well as our expertise in stream analytics.
• 2009-11-22: NYU will host the next NYC Security and Privacy Day on Friday, December 4th, 2009 in New York. See the webpage for the more information, e.g., program, how to register and information about past Security & Privacy days.
• 2009-10-21: See our Video on Cryptography Research IBM and the Future of Cyber Security
• 2009-09-17: Craig Gentry received the prestigeous Privacy Innovation Awards from the International Association of Privacy Professionals (IAPP).
• 2009-08-30: The second year in a row, a member of our department chairs the program committee of IACR's Crypto conference: After Shai Halevi in 2009 it honor goes to Tal Rabin for the 2010 edition.
• 2009-08-17: Our department was very active with 7 participants and a program co-chair in the invitation-only National Cyber Leap Year (NCLY) 2009 Summit as part of the Federal Networking and Information Technology Research and Development (NITRD) Program.
• 2009-06-10: The newly released Linux kernel 2.6.30 includes our Integrity Measurement Architecture (IMA). IMA is a cornerstone of trusted computing and was listed by Computerworld as one of the top 5 new features of 2.6.30. It is also in process of being adopted by IBM, Intel and OpenMoko. Find more information in the technical papers and the code .
• 2009-03-16: Rutgers University will host the next NYC Security and Privacy Day on Friday, May 15, 2009 in New Brunswick. See the webpage for the more information, e.g., program, how to register and information about past Security & Privacy days.
• 2009-02-28: We are co-organizing the third edition of the IEEE Symposium on Security and Privacy Workshop on Web 2.0 Security and Privacy, May 2009.
• 2008-11-13: We will host the next NYC Security and Privacy Day at the IBM T.J.Watson Research Center on Friday, December 5, 2008. See the webpage for the more information, e.g., program, how to register and information about past Security & Privacy days.
• 2008-04-08: At the RSA Conference 2008, IBM announced project Phantom which offers businesses a new means of securing virtualized server environments. Read more in the Press Release and see the coverage in Computerworld
• 2008-03-18: The U.S Department of Homeland Security awarded us a grant for the project MONTAGE: A Methodology for Designing Composable End-to-End Secure Distributed Systems in the context of BAA 07-09.
• 2008-03-18: IBM donated our SMash Technology for secure mashups to the OpenAjax Alliance. See the press release and some media coverage in InfoWorld, Computerworld, Web 2.0 Journal and the MIT Tech Review
• 2008-02-21: We made significant contributions to the the user-centric identity framework offered by the Eclipse Higgins Project which has just released Version 1.0 Other coverage of the release can be read here.
• 2008-02-07: Our team got awarded a National Security Agency High Assurance Platform (HAP) contract to Improve Secure Information Sharing. Read the corresponding press release ...
• 2008-01-22: We are co-organizing the second edition of the IEEE Symposium on Security and Privacy Workshop on Web 2.0 Security and Privacy, May 2008.
• 2007-10-17: Stefan Berger got elected as co-chair of the TCG Virtualized Platform Working Group
• 2007-09-01: Pankaj Rohagti will serve as Program Chair for CHES2008.
• 2007-01-22: Watch for an upcoming announcement for the IEEE Symposium on Security and Privacy Workshop on Web 2.0 Security and Privacy 2007.
• 2006-07-25: IBM announced a 10 Year Service agreement with CVS/Pharmacy which is based on a version of our Security for a Software as a Service architecture
• 2006-04-10: IBM today announced SecureBlue, a new technology designed to greatly increase the security of consumer products, medical devices, defense systems and digital media to which our team contributed significantly. See, e.g., coverage in WSJ and CNN.
• 2006-02-15: Members of our team continue to contribute to the OASIS standards with the new Web Services Security v1.1 standard. Details can be found in OASIS news.
• 2005-09-25: Security Workbench Development Environment for Java (Sword4J) is available from AlphaWorks
• 2004-10-14: The Sentry Compliance and Remediation Solution is announced in the press and released on OPAL. See also following a demo,