My research focuses on security of computer systems and networks, addressing the challenges of establishing and maintaining integrity of the systems and data being processed. Within this broad area, my interests span several domains including traditional enterprise computing and cloud computing. More detailed information about my work can be found at:
My major research thrusts include:
Secure Data Provenance
Modern computers provide little in the way of transparency for end users. Data is often processed and results generated without the user being fully aware of the inputs used to generate an output. This model leads to threats that users are powerless to defend against. Furthermore, detecting and mitigating attacks becomes increasingly challenging. This research has focused on addressing these challenges through secure collection and use of data provenance. Provenance-aware systems collect metadata that details the history of each data object processed by the system. The goal of this work is to build systems that can accurately detect and mitigate attacks that compromise the integrity of the data being processed.
- W. Smith, T. Moyer, and C. Munson, “Curator: Provenance Management for Modern Distributed Systems,” in 10th USENIX Workshop on the Theory and Practice of Provenance, TaPP 2018, London, UK, July 11-12, 2018., Jul. 2018.
- T. Moyer and V. Gadepally, “High-throughput Ingest of Data Provenance Records into Accumulo,” in 2016 IEEE High Performance Extreme Computing Conference, HPEC 2016, Waltham, MA, USA, September 13-15, 2016, Sep. 2016, pp. 1–6.
- T. Moyer, P. T. Cable, K. Chadha, R. Cunningham, N. Schear, W. Smith, A. Bates, K. Butler, F. Capobianco, and T. Jaeger, “Leveraging Data Provenance to Enhance Cyber Resilience,” in 1st IEEE Cybersecurity Development (SecDev), Nov. 2016.
- A. Bates, K. R. B. Butler, and T. Moyer, “Take Only What You Need: Leveraging Mandatory Access Control Policy to Reduce Provenance Storage Costs,” in 7th USENIX Workshop on the Theory and Practice of Provenance (TaPP 15), Edinburgh, Scotland, Jul. 2015.
- (missing reference)
Graph Machine Learning for Data Provenance
One of the current limitations of secure data provenance, especially with whole-system provenance, is the volume of data generated. By leveraging recent advances in graph representational learning, we can build models of system behavior and use those models to detect attacks, determine the impact of those attacks, and provide in-depth analysis of the attack from inception to completion. The goal of this work is to extend these models to provide detection, prevention, and recovery from attacks in a robust manner.
- M. Kapoor, J. Melton, M. Ridenhour, S. Krishnan, and T. Moyer, “Prov-GEm: Automated Provenance Analysis Framework using Graph Embeddings,” in Proceedings of the IEEE 2021 International Conference on Machine Learning and Applications, ICMLA 2021, Dec. 2021.
Resilient Smart Buildings
Smart buildings rely heavily on automation through programmable logic controllers, which are also used in other areas of automation from wastewater treatment, power generation, and pipeline control. These controllers are often networked together within a building to manage a variety of operational tasks. Traditionally, these control systems have been isolated, requiring physical presence within the building to connect to and operate these controllers. However, as these systems become more common, they are also becoming remotely accessible. This creates new security challenges that can impact the safety of those in and around the area being controlled. The goal of this work is to develop new security mechanisms that ensure the safety and security of the controller and attached systems.
- A. A. Farooq, J. Marquard, K. George, and T. Moyer, “Detecting Safety and Security Faults in PLC Systems with Data Provenance,” in IEEE International Symposium on Technologies for Homeland Security, Nov. 2019.
- A. A. Farooq, E. Al-Shaer, T. Moyer, and K. Kant, “IoTC^2: A Formal Method Approach for Detecting Conflicts in Large Scale IoT Systems,” in 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Apr. 2019, pp. 442–447.
Users interact with remote machines to exchange data without first understanding the state of the remote system. The integrity state of a machine provides a user with evidence that the system has not been compromised. Consider a web server hosting a login page that is modified by an attacker to send user credentials to an attacker-controlled server. Users currently have few, if any, options to validate that the remote web server is not compromised. This research has focused on building systems that leverage trusted hardware to provide proofs to remote users that the system is high-integrity and the content has not been modified. The systems explore the use of different cryptographic constructions to amortize the high cost of inexpensive trusted hardware (the Trusted Platform Module). This research aims to build systems that generate integrity proofs that provide strong security guarantees about the system and the data being exchanged.
- T. Moyer, K. R. B. Butler, J. Schiffman, P. McDaniel, and T. Jaeger, “Scalable Web Content Attestation,” IEEE Transactions on Computers, vol. 61, no. 5, pp. 686–699, May 2012.
- T. Moyer, T. Jaeger, and P. McDaniel, “Scalable Integrity-Guaranteed AJAX,” in Web Technologies and Applications, Berlin, Heidelberg, Apr. 2012, pp. 1–19.
- K. R. B. Butler, S. McLaughlin, T. Moyer, and P. McDaniel, “New Security Architectures Based on Emerging Disk Functionality,” IEEE Security Privacy, vol. 8, no. 5, pp. 34–41, Sep. 2010.
- J. Schiffman, T. Moyer, H. Vijayakumar, T. Jaeger, and P. McDaniel, “Seeding Clouds with Trust Anchors,” in CCSW ’10: Proceedings of the 2010 ACM workshop on Cloud computing security, Oct. 2010.
Secure Cloud Computing
As more and more workloads are migrated to cloud computing platforms, the question of security for these platforms becomes even more important. Users of commercial cloud computing services are expected to trust the cloud service provider, but have limited visibility into the state of the systems they are entrusting with their data. This research has focused on creating the building blocks necessary to establish and maintain a secure foundation for cloud computing. Trusted hardware and software are used to create roots of trust within the cloud that users can leverage to construct secure cloud services. The goal of this work is to develop cloud architectures that support sensitive workloads by providing strong security guarantees for the users.
- N. Schear, P. T. Cable II, T. Moyer, B. Richard, and R. Rudd, “Bootstrapping and Maintaining Trust in the Cloud,” in Proceedings of the 32Nd Annual Conference on Computer Security Applications, New York, NY, USA, Dec. 2016, pp. 65–77.
- J. Schiffman, T. Moyer, T. Jaeger, and P. McDaniel, “Network-Based Root of Trust for Installation,” IEEE Security Privacy, vol. 9, no. 1, pp. 40–48, Jan. 2011.
- B. Hicks, S. Rueda, D. King, T. Moyer, J. Schiffman, Y. Sreenivasan, P. McDaniel, and T. Jaeger, “An Architecture for Enforcing End-to-End Access Control Over Web Applications,” in Proceedings of the 2010 Symposium on Access Control Models and Technologies, SACMAT ’10, Jun. 2010.
- J. Schiffman, T. Moyer, C. Shal, T. Jaeger, and P. McDaniel, “Justifying Integrity Using a Virtual Machine Verifier,” in 2009 Annual Computer Security Applications Conference, Dec. 2009, pp. 83–92.