Telephone users are regularly besieged by unsolicited sales and scam calls, cannot verify identities of callers, and enterprises frequently fall prey to expensive compromises of their telephone infrastructure. This proposal will deliver techniques to detect these issues, conduct network-wide systematic measurement, and provide practical defenses for these problems. The vision of this 5-year project is to provide technologies that will restore the telephone network to its former status as a trusted and trustworthy network.

Educating the next generation of cybersecurity professionals is a critical need for the State of North Carolina and the United States. We are utilizing our expertise in cybersecurity research to prepare undergraduate and Masters computer science students at NC State for cybersecurity jobs. Scholarship for Service (SFS) will provide students from North Carolina and the United States, especially from underrepresented groups, the opportunity to receive a high quality cybersecurity focused degree. SFS students will be part of a larger cohort of cybersecurity students who will participate in supplemental activities, events, and conferences as part of their educational experience.

Modern distributed systems and Internet services require authentication between their components to protect their services from unauthorized access and ensure appropriate billing. In practice, this authentication is performed by presenting a static secret, such as an ����������������API key��������������� or password. These are difficult for developers to manage and deploy securely, and credentials are accidentally or intentionally stored in widely readable software repositories. This threatens not just the security of the leaker, but also the authenticating service. The ultimate root cause of this issue is the adaptation of user authentication methods (e.g., passwords) to software in ways that are inappropriate and ultimately unsafe. This proposal will fund research to more reliably and consistently identify these leaked software credentials, triage them according to the risk they present, conduct developer interventions to train them to properly manage this risk, and finally develop more secure yet manageable alternative solutions to software authentication.

The goal of this work is to detect, measure, and remediate a software project's use of external, open source software dependencies with security flaws. First,we will introduce two new static analysis primitives: a global dependency graph (GDG) and a global vulnerable-dependency graph (GVDG) to simplify the detection and measurement of the extent and effects of vulnerable dependencies. We will then create novel techniques for analyzing code and textual artifacts of software projects to identify when a new version has fixed a vulnerability,even if a security advisory has not been announced. In doing so, we will help developers know when dependencies must be updated, ultimately leading to more secure software.

Unsolicited text messaging (SMS Spam) is on the rise, yet despite prior work little is known about the frequency, content, or goals of SMS Spam. In particular, it is believed some fraction of SMS spam messages are used for phishing or other types of fraud and abuse. The objective of the proposed research is to explore the current SMS phishing landscape in-depth and to make relevant security recommendations for telecommunications providers and next-generation anti-phishing systems. Because SMS phishing is just one type of text message abuse, however, this research will encompass a broader analysis of the scale and scope of text message abuse, and then evaluate the threat posed by SMS phishing in the broader context of phishing text messages and traditional lures.

Existing networking technologies are primarily focused on functionality, not security. Consequently, requirements of these technologies, such as fixed network topologies, lead to rigid architectures that fail to enable the network access control requirements of current and future computing environments. We propose the creation of a novel primitive called network views that allows a physical or virtual host to have a different set of accessible peers,regardless of network address or topological placement of those peers. We seek to explore and characterize the utility and practicality of network views in different network environments, ranging from traditional LANs to multi-site, multi-tenant networks such as those emerging in cloud and cellular networks. Our proposed design combines concepts from software-defined networking (SDN),operating systems access control, and distributed consensus protocols. Through these efforts, we seek to provide a new security foundation for the growing security needs of both public and private sector network operations.

Robocalls are unwanted spam calls, and consumers are plagued by billions of calls annually. These calls have significantly degraded the usefulness of the global telephone network. The goal of this project is to develop techniques to measure the prevelence and characteristics of robocalls. This work will pave the way for a more trustworthy and useful phone network.