Agency: NSF | Branch: Continuing grant | Program: | Phase: Secure &Trustworthy Cyberspace | Award Amount: 913.69K | Year: 2015
The proliferation and increasing sophistication of censorship warrants continuing efforts to develop tools to evade it. Yet, designing effective mechanisms for censorship resistance ultimately depends on accurate models of the capabilities of censors, as well as how those capabilities will likely evolve. In contrast to more established disciplines within security, censorship resistance is relatively nascent, not yet having solid foundations for understanding censor capabilities or evaluating the effectiveness of evasion technologies. Consequently, the censorship resistance tools that researchers develop may ultimately fail to serve the needs of citizens who need them to communicate. Designers of these tools need a principled foundation for reasoning about design choices and tradeoffs.
To provide such a foundation, this project develops a science of censorship resistance: principled approaches to understanding the nature of censorship and the best ways to facilitate desired outcomes. The approach draws upon empirical studies of censorship as the foundation for models and abstractions to allow us to reason about the censorship-resistant technologies from first principles. The project aims to characterize and model censorship activities ranging from blocked search results to interference with international network traffic. The research develops theoretical models of censorship; reconciles these with large-scale empirical measurements; and uses these observations to design censorship-resistance tools to deploy in practice, as both components of Tor and standalone systems.
Agency: NSF | Branch: Standard Grant | Program: | Phase: COMPUTING RES INFRASTRUCTURE | Award Amount: 607.57K | Year: 2016
The FrameNet lexical semantic database records the meanings of words (and multi-word expressions) in everyday English; it is a sort of super dictionary that is both human-readable and machine-readable. This database is based on the fact that individual words can evoke and entire situation in our minds, complete with roles for people and things that participate in the situation. For example, the word hire evokes the situation of Employment, with roles for the Employer, the Employee, the Position, etc.; both the word vengeance and the expression get back at evoke Revenge, with the roles Avenger, Injured party, Injury, Offender, and Punishment. These situations are called semantic frames, and the project is guided by the theory of Frame Semantics, developed by the late Prof. Charles J. Fillmore of UC Berkeley. The FrameNet lexical database currently includes descriptions of more than 1,000 semantic frames, more than 13,000 senses of words and expressions (called Lexical units), and more than 200,000 manually annotated examples which show how the various roles are expressed by different parts of a sentence.
The FrameNet database is widely used in natural language processing; it helps engineers create software to analyze written texts into semantic frames and participants, so that computers can reason about the situations described. Thousands of researchers and companies are already using such software for applications such as automatic analysis of reports from combat or natural disaster situations, understanding financial news reports, recognizing expressions of opinion on blogs and product websites, and searching clinical records and medical research reports.
Although the frames were mainly created for English, most of them have been shown to be useful for other languages as well, and researchers around the world are now creating FrameNet databases for many other languages. The Multilingual FrameNet project will align the databases for different languages, both at the level of semantic frames and at the level of lexical units. The aligned database will help to improve applications such as foreign language teaching, cross-linguistic information retrieval, and machine translation. The new project also includes setting up a website and software so that teachers and students everywhere can participate in the project by adding to English FrameNet, creating a more complete and more useful FrameNet for its many users.
Agency: NSF | Branch: Standard Grant | Program: | Phase: | Award Amount: 200.00K | Year: 2016
The International Computer Science Institute proposes SInRGI (a Shared, Integrated Resource for Global Impact), a collaborative effort among AP® Computer Science Principles (CSP) projects that will curate and develop teaching resources for CSPs Global Impact learning objectives. As the first official CSP courses roll out in Fall 2016, teachers will be looking for creative, engaging instructional materials to cover the learning objectives detailed in its curricular framework. That framework is organized around seven Big Ideas, including Global Impact (GI). For most of the CSP Big Ideas, there is already a wide range of solid instructional materials available, but that is not yet the case for GI. At the same time, the GI learning objectives are furthest from the programming core that has traditionally been the focus for many high-school CS teachers.
The SInRGI resource will be developed as a collaboration between the International Computer Science Institute (ICSI) and seven of the groups that have been developing content aligned to the CSP framework: the Beauty and Joy of Computing (BJC), CISS (Computing in Secondary Schools), Code.org, CS4Alabama/CSP4HS, CS Matters, Mobile CSP, and Thriving in Our Digital World: AP. Each group will each contribute materials, and then they will all work together to identify the best combination of approaches, and to create any new materials that are needed to fill gaps. This combined resource will then be distributed via the NSF-supported CS10K Community of Practice and other outreach channels. Finally the project team will work with providers of CSP professional development to incorporate the new material.
Agency: NSF | Branch: Standard Grant | Program: | Phase: RES IN NETWORKING TECH & SYS | Award Amount: 150.00K | Year: 2016
One of the Internets greatest strengths is the degree to which it facilitates access to any of its resources from users anywhere in the world. Various forces, however, have arisen that restrict particular users from accessing particular destinations, resulting in a balkanization of the network. The principal investigators (PIs) explore methodologies for understanding such balkanization, an effort they will undertake in the context of examining regional discrimination, i.e., the degree to which certain web services deny or degrade access to users from particular geographic regions. The project seeks to develop techniques that can (1) illuminate the blocking practices of websites at scale, (2) characterize the implications of such balkanization for both users and websites, and (3) identify alternative approaches that can reduce the adverse effects of blocking.
Accurately distinguishing between the presence of network discrimination/control versus benign reasons for observing differences in website responses poses a challenging technical problem. First, measurement results can differ based on the properties of the vantage points used. Second, websites may block automated measurement even though regular users can access the websites. These errors include blocking due to unusual web access behavior, e.g., uncommon user agents or excessive web requests per minute. Third, repeated automated measurement from an affected region can potentially induce new blocking. Finally, discrimination may manifest at high semantic levels (e.g., the inability to finalize a purchase) not readily discernible from network-level analysis. In addition, accurate measurement alone does not suffice for understanding the significance of differences in website responses. Websites can differ in regions based on language and copyright regulations, for example. Discriminatory blocking can also occur because websites lack sufficiently fine-grained controls to govern blocking. For example, using the security protection provided by content delivery networks (CDNs) and hosting services can result in inadvertent discrimination. The PIs will undertake the development of scientifically rigorous measurement and analysis methodologies for detecting and understanding differential treatment of Internet users, using the domain of regional discrimination to focus the work. Combining measurements across network layers they will characterize the methods used for such blocking and investigate potential reasons and implications for both users and websites. The PIs will also explore alternative solutions to reduce the damaging effects of regional blocking while still protecting the services from abuse.
The Internet has a huge and pervasive impact on the lives of people all over the world. The prevalence of moving away from a global and singular Internet to a multiplicity of regional or national internets, shaped by commerce, the state, and region-specific network security concerns, has seen little methodical exploration. With this work the PIs aim to develop approaches for systematically illuminating the presence of network differences and blocking arising from such balkanization, allowing characterization of its prevalence, and by providing transparency strengthen the overall understanding of how the Internet works in practice.
Agency: NSF | Branch: Standard Grant | Program: | Phase: Secure &Trustworthy Cyberspace | Award Amount: 1.20M | Year: 2015
Our lives are surrounded by a constant web of data, picked up by a global network of unseen programs that gather, coalesce, combine, and merge every scrap of data they can acquire. These programs and companies operate out of public view, collecting and exchanging data for profit without clear public knowledge. This is a complex ecosystem, the original collectors of data are likely unaware of eventual uses, users of data may be unaware of the original source. This project seeks to illuminate this ecosystem through a series of experiments by attempting to measure and perturb unseen data pools by selectively adding or retrieving information. Additionally, this project focuses on creating traps and triggers, artificial data that future data providers might employ, enabling discovery of new collection and use of data. Finally, simply researching the phenomenon is insufficient: a final critical factor is education and outreach, empowering the public with an understanding of these otherwise unseen programs. The philosophy of this project is simple: If these data pools affect our lives, we must know what they are and what they do.
The technical focus of this project involves perturbing the data systems and soundly measuring the results. Some data brokers provide user access, allowing the direct validation of inferences. The project also involves creating ?personas?, artificial identities designed to leave traces in data pools. If a data broker purchases and acts on this data, this creates a causal link between data source and data consumer, allowing attribution of data flows within the data ecosystem. Other portions of the project involve purchasing data directly from brokers, evaluating the potential damage that such brokers may entail, and deliberately seeding multimedia content which includes various levels of identifiable information to detect when data brokers begin scraping these multimedia sources.
Agency: NSF | Branch: Standard Grant | Program: | Phase: STEM + Computing (STEM+C) Part | Award Amount: 200.00K | Year: 2016
The International Computer Science Institute proposes SInRGI (a Shared, Integrated Resource for Global Impact), a collaborative effort among AP® Computer Science Principles (CSP) projects that will curate and develop teaching resources for CSPs Global Impact learning objectives. As the first official CSP courses roll out in Fall 2016, teachers will be looking for creative, engaging instructional materials to cover the learning objectives detailed in its curricular framework. That framework is organized around seven Big Ideas, including Global Impact (GI). For most of the CSP Big Ideas, there is already a wide range of solid instructional materials available, but that is not yet the case for GI. At the same time, the GI learning objectives are furthest from the programming core
that has traditionally been the focus for many high-school CS teachers.
The SInRGI resource will be developed as a collaboration between the International Computer Science Institute (ICSI) and seven of the groups that have been developing content aligned to the CSP framework: The Beauty and Joy of Computing (BJC), CISS (Computing in Secondary Schools), Code.org, CS4Alabama/CSP4HS, CS Matters, Mobile CSP, and Thriving in Our Digital World: AP. Each group will each contribute materials, and then they will all work together to identify the best combination of approaches, and to create any new materials that are needed to fill gaps. This combined resource will then be distributed via the NSF-supported CS10K Community of Practice and other outreach channels. Finally the project team will work with providers of CSP professional development to
incorporate the new material.
Agency: NSF | Branch: Standard Grant | Program: | Phase: Cyber Secur - Cyberinfrastruc | Award Amount: 999.51K | Year: 2016
Scientific research requires the free exchange of information and ideas among collaborators worldwide. For this, scientists depend critically on full and open access to the Internet. Yet in todays world, such open access also exposes sites to incessant network attacks like theft of information, parasitic resource consumption, or suffering from (or inadvertently participating in) denial-of-service (DOS) attacks. Some of the most powerful networks today remain particularly hard to defend: the 100G environments and backbones that facilitate modern data-intensive sciences - physics, astronomy, medicine, climate research - prove extremely sensitive to the slightest disturbances. For these networks, traditional enterprise solutions such as firewalls and intrusion detection systems (IDS), remain infeasible as they cannot operate reliably at such high speeds. This project develops a novel, comprehensive framework that integrates software and hardware for the economical protection of critical high-performance science infrastructure.
The project increases the performance of network monitoring by offloading low-level operations from software into hardware, such as switches and computer network interface cards. The project enables network monitoring systems to tie into the hardware offloading being developed. Furthermore, the project expands the capabilities of network monitoring systems to create visibility into science networks, for example, by adding support for the protocols used for high-speed scientific data transfers. It also extends support for responding actively to malicious activity like denial-of-service attacks. This project implements these capabilities in the open-source Bro network security monitor utilized by many NSF-supported organizations nationwide to protect their scientific cyberinfrastructure.
Agency: NSF | Branch: Standard Grant | Program: | Phase: CISE RESEARCH RESOURCES | Award Amount: 300.00K | Year: 2017
With the capacity ultra-broadband residential networks provide we have the opportunity to re-center our digital lives around our residence. This project develops the technology to fruitfully leverage the raw capacity of ultra-broadband residential networks to shift a residential users digital hub to his or her residence. The project focuses on two themes. The first theme is centered around an appliance in homes -- a home point of presence -- that provides a variety of services to the users in the house regardless of where they are physically located and hence connected to the network. A base-level service is a data attic, or a single place for users to store all their information that leaves them in direct control over the use of their data. We introduce infrastructureless CDNs that aim to leverage homes with ultra-broadband connectivity to move us away from delivering content from large service providers and towards massively distributed delivery that is ultimately cheaper and faster. Our second theme involves monitoring the operational Case Connection Zone ultra-broadband fiber-to-the-home network to better understand how protocols and applications can be extended to work better in such high-speed residential settings.
This re-structuring offers societal-scale benefits. Rather than spreading our digital lives across myriad services and providers across the Internet, we will enable individuals to retain control of their resources while at the same time sharing them with friends and trusted services, as needed and on demand. The advent of ultrabroadband residential networks facilitates this change, as individuals will now have the resources to serve their own data in a way they see fit, rather than being beholden to large service providers for the required resources.
Agency: NSF | Branch: Continuing grant | Program: | Phase: RES IN NETWORKING TECH & SYS | Award Amount: 318.48K | Year: 2016
Despite our growing reliance on mobile phones for a wide range of daily tasks, their operation remains largely opaque even for experts. Mobile users have little insight into how their mobile apps operate and perform in the network, into how (or whether) they protect the information that users entrust to them, and with whom they share users personal information. A number of previous studies have addressed elements of this problem in a partial fashion, trading off analytic comprehensiveness and deployment scale. This project seeks to overcome the limitations of previous approaches by building a handset-, traffic-, and user-centric mobile measurement platform: the ICSI Haystack. Haystack offers a novel and flexible mobile vantage point capable of correlating real-world mobile traffic with user input and high-fidelity device activity at scale while also enabling mechanisms to aid mobile users to stay in control of their mobile traffic and personal data. The research community, operators and regulatory bodies will also benefit from the novel measurement mechanisms and from the data collected in order to safeguard mobile users and to increase the operational transparency of mobile apps and trackers.
To achieve this vision, this project develops novel techniques to perform high-fidelity mobile measurements by capturing user traffic in user-space on the device using native platform support. As a result, Haystack will be available for anyone to install from traditional app stores such as Google Play, thereby enhancing user reach. In order to gain a truly in-depth and broad understanding of the mobile ecosystem, Haystack takes advantage of its local operation to correlate network traffic with user input and local context, such as which app generated a particular network flow and device location, obtained from the operating system itself with real network and user stimuli. Critically, Haystacks system design must be flexible and extensible in order to enable researchers to conduct a wide range of mobile measurements, to cope with new mobile technologies, and to reach a broad cross-section of mobile users. The ability to combine all these features together in user devices makes Haystack an ideal vantage point to conduct a wide range of mobile measurements such as mobile traffic characterization in the wild, privacy leak detection, identifying online tracking services, auditing app security, and network performance measurements.
Agency: NSF | Branch: Standard Grant | Program: | Phase: RES IN NETWORKING TECH & SYS | Award Amount: 250.00K | Year: 2016
It is of vital importance that we maintain and evolve the infrastructure that underlies the modern Internet. A fundamental question within this infrastructure is that of `packet scheduling which determines the order in which data is transmitted across the switches and links that form the Internets infrastructure. Packet scheduling is thus a richly explored research topic: as networks evolve to support new applications and technologies, so do the requirements placed on packet schedulers, hence researchers and practitioners alike have continued to develop new schedulers to suit current needs. The implicit assumption to date has been that new scheduling goals necessitate new scheduling algorithms. The research being undertaken in this project posits an alternate viewpoint: rather than design new scheduling algorithms as new needs emerge, it asks whether there exists a single scheduling algorithm that can be tuned (i.e., through configuration changes) to match the performance of any scheduling algorithm. Thus the project addresses a seemingly simple question: Is there a universal packet scheduling (UPS) algorithm? The results will clarify the fundamental limits of any packet scheduling algorithm as well as influence the development of network switch hardware.
The existence of a universal or near-universal packet scheduler could lower the barrier to evolving network infrastructure and hence contribute to the broader goal of ensuring that the Internet continues to serve as a transformative communication service for the nation. The results of the research will be incorporated into the curriculum for networking courses at both the undergraduate and graduate levels.