Ting Yu, Ph.D. - US grants

Privacy is increasingly a major concern that prevents the exploitation of the Internet's full potential. Consumers are concerned about the trustworthiness of the websites to which they entrust their sensitive information. Although significant industry efforts are seeking to better protect sensitive information online, existing solutions are still fragmented and far from satisfactory. Specifically, existing languages for specifying privacy policies lack a formal and unambiguous semantics, are limited in expressive power and lack enforcement as well as auditing support. Moreover, existing privacy management tools aimed at increasing end-users' control over their privacy are limited in capability or difficult to use.
This project seeks to provide a comprehensive framework for protecting online privacy, covering the entire privacy policy life cycle. This cycle includes enterprise policy creation, enforcement, analysis and auditing, as well as end user agent presentation and privacy policy processing. The project integrates privacy-relevant human, legal and economic perspectives in the proposed framework. This project will develop an expressive, semantics-based formal language for specifying privacy policies, an access control and auditing language for enforcing privacy policies in applications, as well as theory and tools for verifying privacy policies. Additionally, experiments and surveys will be conducted to better understand the axes of users' privacy concerns and protection objectives. Results from this empirical work will be used to develop an effective paradigm for specifying privacy preferences and methods to present privacy policies to end users in an accurate and accessible way.

The correct behavior and reliable operation of an information system
relies not only on what users are permitted to do, but oftentimes on
what users are required to do. Such obligatory actions are integral
to the security procedures of many enterprises. The management of
obligations in security policies imposes significant technical
challenges since obligations bear quite different properties from
traditional access control. For example, obligations assigned to
users often cannot be enforced. Thus, even if a system¡¯s reference
monitor is trusted, the failure of obligations must be considered,
and appropriate remedies need to be an integral part of security
policies. Also, the interaction between obligations and other
components of security policies (e.g., access control) must be
considered to ensure their consistency.

This project develops a comprehensive framework for the management
of obligations in security policies, which covers the full life
cycle of obligations, including obligation modeling, specification,
analysis, monitoring and discharges. Specifically, the project
formally identifies the desirable security objectives that are
characteristic of systems that involve obligations, and
systematically investigates dynamic and static means to maintaining
these objectives while such systems evolve. Though the framework is
formal in nature, and is designed on purpose to be general, the
evaluation of its usefulness and effectiveness is firmly grounded on
real applications, in particular, in the context of privacy policy
enforcement in health care systems.

This project aims to establish a solid foundation for the management
of obligations, and significantly improve the understanding and
practice of obligations in information systems. The societal benefit
of the project also results from the development and dissemination
of education resources on new types of security policies beyond
traditional access control.

CAREER: Trust and Privacy Management for Online Social Networks

Online social networks greatly expand the scale of people's social connections, and have the potential to become an open computing platform, where new services can be quickly offered and propagated. Mechanisms for trust management and privacy protection are integral to the future success of online social networks. A trustworthy social network should allow users to flexibly control who can access their social information and to what extend. Online social networks also broaden the scope and scale of social science. Privacy issues arise naturally when the data of online social networks are shared for research and other purposes.

This project develops theoretical and practical techniques for the management of trust and privacy for online social networks. One central goal is to look into the future of online social networks and develop techniques that are not only suitable for today?s social networks but for the future open computing platform built on top of them. In particular, this project focuses on flexible trust models for social networks, privacy preserving feedback issuing and management, and graph anonymization for the sharing of social network data. The developed techniques directly help the secure development and deployment of a wide range of new types of services that are well beyond the realm of traditional online services. This project also develops educational materials to improve undergraduate students? understanding and interests in computer science and attract more students to enroll in computer science degrees.

The primary aims of the present proposed project is to study entanglement
decoherence of many-body qubits or multilevel quantum systems and to develop a
quantum trajectory approach in several important AMO physics domains. Two examples
are: entanglement dynamics of multilevel atomic systems coupled to a quantized field
and non-Markovian trajectories for quantum systems coupled to a fermionic
environment. Our primary interest of application is quantum decoherence of quantum
open systems in AMO and condensed matter systems and the simulation of quantum
entanglement dynamics of many-body systems.

The proposal is to fund travel costs of students and invited speakers to attend the thirteen workshops affiliated with the annual ACM Computer and Communications Security Conference to be held in Chicago, November 2009.

People rely on two types of trust when making everyday decisions:
vertical and horizontal trust. Vertical trust captures trust
relationships between individuals and institutions, while horizontal
trust represents the trust inferred from the observations and opinions
of other peers. Although significant benefit could be realized by
combining horizontal and vertical trust mechanisms, they have evolved
independently in computing systems.

This project focuses on developing a composable trust model capable of
tightly coupling vertical and horizontal trust in a manner that is
both amenable to formal analysis and efficiently deployable. This
research advances the state of the art in trust management through a
series of innovative results, including the design of a unified
framework for specifying composite trust policies and the design and
analysis of efficient algorithms for policy evaluation. The composite
trust management approach championed by this project also enables
policy authors to move beyond simple proof of compliance to identify
the "top-k" preferred users satisfying security policies including
subjective assessments. The beneficiaries of this research range from
administrators of traditional computing systems who can better
incorporate previous history into their decision-making processes, to
users in social networks who can more carefully manage the exposure of
their personal data.

Risk communication is an important part of many cyber security mechanisms. Android's current risk communication mechanism is based on security warnings and has been demonstrated to be ineffective because users become habituated to ignore such warnings and tend to consent to all prompts. This multi-disciplinary research project aims at developing holistic solutions to usable risk communication and control for the Android platform.

This project investigates an approach that presents risk information at multiple granularities, including a high-level numerical risk summary, an intermediate-level summary of risk for different dimensions, and detailed risk information. The high-level risk summary is computed by information integration techniques, using information discovered from multiple sources, e.g., user reviews and app source code. This summary enables proactive risk communication (e.g., when the user searches for apps) so that users can take this information into the decision process.

This project also introduces a multi-mode approach that, in addition to communicating risks, also controls risks in the sense of discouraging risky applications and ensuring that users truly understand the risks. The project develops mechanisms that aggregate, communicate, and control risks incurred by apps at runtime, and ways to personalize risk integration, communicate, and control techniques to accommodate differences among users.

This project is expected to advance the state of the art in principles and techniques to risk communication and control, and has the potential to impact the Android app ecosystem by collaboration with Google researchers.