| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | July 1, 2015 |
| Latest Amendment Date: | July 18, 2022 |
| Award Number: | 1518888 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
Karen Karavanic
kkaravan@nsf.gov (703)292-2594 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2015 |
| End Date: | August 31, 2023 (Estimated) |
| Total Intended Award Amount: | $618,262.00 |
| Total Awarded Amount to Date: | $797,914.00 |
| Funds Obligated to Date: |
FY 2016 = $103,763.00 FY 2017 = $106,856.00 FY 2018 = $110,056.00 FY 2019 = $253,018.00 FY 2020 = $40,000.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
1109 GEDDES AVE STE 3300 ANN ARBOR MI US 48109-1015 (734)763-6438 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
2260 Hayward Ann Arbor MI US 48109-2121 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01001617DB NSF RESEARCH & RELATED ACTIVIT 01001718DB NSF RESEARCH & RELATED ACTIVIT 01001819DB NSF RESEARCH & RELATED ACTIVIT 01001920DB NSF RESEARCH & RELATED ACTIVIT 01002021DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
This project aims to reduce the impact of software vulnerabilities in Internet-connected systems by developing data-driven techniques for vulnerability measurement, assessment, and notification. Recent advances in Internet-wide scanning make it possible to conduct network surveys of the full public IPv4 address space in minutes. These advances, in turn, offer the promise of truly effective community responses: when new vulnerabilities are announced, the Internet security community can comprehensively identify the systems that suffer from these vulnerabilities and automatically take steps to help affected system operators correct the problems. This project seeks to directly impact the availability and reliability of the Internet and provide the security community with tools, platforms, and comprehensive vulnerability measurement data.
To achieve this vision, this project develops new techniques for vulnerability measurement, including creating improved security measurement techniques that function at global scale, in the presence of heterogeneous network systems, and in a timely, accurate, complete, and ethical manner. The investigators create new vulnerability assessment methods that lower the barriers faced by researchers seeking to access and analyze vulnerability measurement data, in order to maximize security benefits. The project explores new notification mechanisms that achieve targeted and effective notification of affected organizations, and that can be delivered and acted upon quickly in response to the emergence of new threats.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
This project developed techniques for Internet-scale measurement of vulnerable network hosts and for the effective, accurate, and timely notification of vulnerable populations. It informed not only the development of large, heterogeneous distributed systems, but also the sciences of network architecture design, network protocols, and security. The work integrated such diverse areas of study as software engineering, active measurement, automated protocol parsing, and the social, economic, and psychological factors that influence security behaviors.
The Censys search engine technology developed under this project was commercialized under license from the University of Michigan by Censys, Inc., which became a leading provider of Internet attack-surface monitoring services. The company has further developed the technology to serve the needs of enterprise and government customers.
The project resulted in numerous scholarly publications, including four best-paper award winners, one Internet Defense Prize finalist, and one Internet Defense Prize winner. The project also provided opportunities for more than 40 graduate and undergraduate students to study computer science, networking, and security. Several undergraduates who worked on this project or under the supervision of project participants went on to pursue PhDs at prestigious institutions. Multiple graduate students completed PhDs.
Additional work under this project concerning the security of election systems contributed to protecting critical election infrastructure from attack, thereby helping uphold the integrity and legitimacy of democracy.
Last Modified: 11/28/2023
Modified by: J A Halderman
Please report errors in award information by writing to: awardsearch@nsf.gov.
