Security Research - News
- 2013-08: Our collaboration with UCLA on code obfuscation which
will be presented as paper Candidate Indistinguishability Obfuscation and Functional Encryption for All Circuits
at the IEEE Symposium on Foundations of Computer Science in October
got very positive news coverage.
- 2013-05: The paper Candidate Multilinear Maps from Ideal Lattices
(eprint version)
by Sanjam Garg, Craig Gentry and Shai Halevi
won the Best Paper Award at the IACR Eurocrypt conference: In this scientific break-through we
describe plausible lattice-based constructions with properties that
approximate the sought-after multilinear maps in
hard-discrete-logarithm groups, and show an example application of
such multilinear maps that can be realized using our approximation.
- 2013-05: The paper
Pinocchio: Nearly Practical Verifiable Computation
by Bryan Parno, Craig Gentry, Jon Howell and Mariana Raykova
won the Best Paper Award at the IEEE Symposium on Security
and Privacy, Oakland: In this paper and corresponding
implementation we present a
novel scheme to efficiently verify general computations delegated
to the cloud, hence instilling greater confidence in such outsourcing.
See also news coverage in the MIT Review.
- 2013-03: After passing a very successful first phase, our
projects Hermes and ESPADA got funded for a second
phase as part of the U.S. Intelligence Advanced Research Projects Activity (IARPA)'s SPAR programme,
for work on homomorphic encryption and large-scale privacy-preserving
database query and manipulation, respectively. See papers in
Eurocrypt'12,
PKC'13,
Crypto'12,
Crypto'13
and CCS'13 for some
results.
- 2012-10:
The U.S DHS Advanced Research Projects Agency awarded us a grant for the
project Hardware Support for Malware Defense and End-to-End Trust
in the BAA
11-02 programme.
The project pursues novel research in hardware-supported malware defense and end-to-end
trust, spanning a range of computing devices from servers, embedded
and mobile devices and low end sensors and actuators. We will
investigate what (minimal) set of changes at the hardware layers will
allow to minimize the currently
significant attack surface, to provide stronger isolation between
different workloads (applications, processes, Virtual Machines) and
to enable monitoring and verification of the integrity of these workloads.
See the SecureBlue++
technical report and our presentation at
the Linux
Security Summit 2013 for some results.
- 2012-10:
In the the highly competitive (less than 4% acceptance) U.S. DHS Advanced Research Projects Agency
BAA 11-02 programme we got also won a grant for a second project:
Usable Multi-Factor Authentication and Risk-based Authorization.
The proposal is based on our research on reducing security risk for mobile transactions through context-aware usable strong authentication and risk-based authorization. The work leverages a range of novel techniques in security, systems, usability, accessibility and biometrics to develop an intelligent multi-factor authentication and authorization solution for mobile devices. See papers in ACSAC'12 and RAID'13 for some results.
- 2011-11-20: NJIT is hosting this falls NYC Security & Privacy Day on Dec. 2, 2011. See
http://cs.njit.edu/~crix/SnP11/index.html for program and more information.
- 2011-09-30: In the context of U.S. Defense Advanced Research
Projects Activity (DARPA)'s PROCEED
and U.S. Intelligence Advanced Research Projects Activity (IARPA)'s SPAR programmes, our
department has won won three research grants to work on
homomorphic encryption and privacy-preserving database querying.
- 2010-06-06: For his breakthrough construction of a fully
homomorphic encryption scheme, our Craig Gentry received
the Grace
Murray Hopper Award
- 2010-05-30: Our work on secure key derivation function,
published
in Advances in
Cryptology -- CRYPTO, 2010 got standardized
at IETF as RFC 5869.
- 2010-05-17: Our pioneering work on Homomorphic Encryption continues to garner recognition:
Craig Gentry's STOC 2009 paper has been award
the PET Award Award for Outstanding
Research in Privacy Enhancing Technologies, his thesis won the prestigious ACM Doctoral Dissertation Award
and various new results have appeared in this years major cryptography conferences Eurocrypt and Crypto.
- 2010-03-30: U.S. Federal Aviation Administration selects IBM to Design and Build Advanced Cyber Security Analytics System.
- 2010-02-04: U.S. Air Force selects IBM to
Design and Demonstrate Mission-Oriented Cloud Architecture for Cyber Security
, to benefit from technologies such as
Trusted Virtual Data Center (TVDc) and
Security Services in Virtualized Environments as well as our
expertise in stream analytics.
- 2009-11-22: NYU will host the next NYC Security and Privacy Day
on Friday, December 4th, 2009 in New York.
See the webpage for the more information, e.g.,
program, how to register and information about past Security & Privacy days.
- 2009-10-21:
See our Video on
Cryptography Research IBM and the Future of Cyber Security
- 2009-09-17: Craig Gentry received the prestigeous Privacy Innovation Awards
from the International Association of Privacy Professionals (IAPP).
- 2009-08-30: The second year in a row, a member of our department chairs the program committee of IACR's Crypto conference:
After Shai Halevi in 2009 it honor goes to Tal Rabin for the 2010 edition.
-
2009-08-17: Our department was very active with 7 participants and a program co-chair
in the invitation-only National Cyber Leap Year (NCLY) 2009 Summit
as part of the Federal Networking and Information Technology Research and Development (NITRD) Program.
- 2009-06-10: The newly released Linux kernel 2.6.30 includes our
Integrity
Measurement Architecture (IMA). IMA is a cornerstone of trusted computing and
was listed by Computerworld as one of the top 5 new features of 2.6.30. It is also
in process of being adopted by IBM, Intel and OpenMoko.
Find more information in the technical papers
and the code .
- 2009-03-16: Rutgers University will host the next NYC Security and Privacy Day
on Friday, May 15, 2009 in New Brunswick.
See the webpage for the more information, e.g.,
program, how to register and information about past Security & Privacy days.
- 2009-02-28: We are co-organizing the third edition of the
IEEE Symposium on Security and Privacy Workshop on Web 2.0 Security and Privacy, May 2009.
- 2008-11-13: We will host the next NYC Security and Privacy Day
at the IBM T.J.Watson Research Center on Friday, December 5, 2008.
See the webpage for the more information, e.g.,
program, how to register and information about past Security & Privacy days.
- 2008-04-08: At the RSA Conference 2008, IBM announced
project Phantom which offers businesses a new means of
securing virtualized server environments. Read more in the
Press Release
and see the coverage in
Computerworld
- 2008-03-18: The U.S Department of Homeland Security
awarded
us a grant for the project MONTAGE: A
Methodology for Designing Composable End-to-End Secure Distributed
Systems in the context of BAA 07-09.
- 2008-03-18: IBM donated our SMash Technology for secure
mashups to the OpenAjax Alliance. See the
press release
and some media coverage in
InfoWorld,
Computerworld,
Web 2.0 Journal
and the
MIT Tech Review
- 2008-02-21: We made significant contributions to the the user-centric identity framework offered by the
Eclipse Higgins Project which has just released
Version 1.0
Other coverage of the release can be read here.
- 2008-02-07: Our team got awarded a National Security
Agency High Assurance Platform (HAP) contract to Improve
Secure Information Sharing.
Read the corresponding press
release ...
- 2008-01-22: We are co-organizing the second edition of the
IEEE Symposium on Security and Privacy Workshop on Web 2.0 Security and Privacy, May 2008.
- 2007-10-17: Stefan Berger got elected as co-chair of the
TCG Virtualized Platform Working Group
- 2007-09-01: Pankaj Rohagti will serve as Program Chair for
CHES2008.
- 2007-01-22: Watch for an upcoming announcement for the
IEEE Symposium on Security and Privacy Workshop on Web 2.0 Security and Privacy 2007.
- 2006-07-25: IBM announced a
10 Year Service agreement with CVS/Pharmacy which is based on a version of our
Security for a Software as a Service architecture
- 2006-04-10:
IBM today announced SecureBlue,
a new technology designed to greatly increase the security of consumer products, medical devices, defense systems and digital media
to which our team contributed significantly. See, e.g., coverage in
WSJ and
CNN.
-
2006-02-15: Members of our team continue to contribute to the OASIS standards with the new Web Services Security v1.1 standard. Details can be found in OASIS news.
-
2005-09-25: Security Workbench Development Environment for Java (Sword4J) is available from AlphaWorks
-
2004-10-14: The Sentry Compliance and Remediation Solution is
announced in the press
and released on OPAL.
See also following a demo,