Researchers from Cornell Tech and the Cornell Ann S. Bowers College of Computing and Information Science are part of the first cohort of participants from four institutions to receive funding from the Google Cyber NYC Institutional Research Program, a Google-funded initiative to improve standards of online privacy, safety and security, and to establish New York City as the epicenter of cybersecurity research.

In partnership with Google, seven projects from Cornell faculty have been selected that combine basic research with computer innovations to expand our understanding of – and provide solutions to – cybersecurity issues in society. Each team will work with a Google sponsor and receive funding and access to Google Cloud Platform credits for up to three years.

“Through support from Google and in collaboration with our partners, New York will emerge as the hub for cutting-edge exploration and innovation in the fields of cybersecurity, trust, and safety,” said Greg Morrisett, the Jack and Rilla Neafsey Dean and Vice Provost of Cornell Tech and principal investigator for Cornell.

Along with Cornell, three other schools will receive funding through the program: City University of New York, Columbia University’s Fu Foundation School of Engineering and Applied Science and New York University’s Tandon School of Engineering. The Google Cyber NYC Institutional Research Program is part of the $10 billion cybersecurity initiative announced in 2021.

“Google is dedicated to forward-thinking and responsible AI development,” said Phil Venables, Google Cloud chief information security officer. “We are excited to partner with these leading institutions in AI through the Google Cyber NYC Institutional Research Program to address the ever-evolving threat landscape in cybersecurity.”

Beyond advancing digital technologies that increase digital trust and safety, the funding will also enable Cornell Bowers CIS to expand its leadership in the field of cybersecurity and increase the number and diversity of qualified cybersecurity professionals entering the workforce.

The inaugural projects from Cornell are:

  • Fred Schneider, Samuel B. Eckert Professor of Computer Science: “Towards an Applied Theory of Information Flows.” Traditionally in cybersecurity, researchers have devised ways to suppress information flows, such as data leaks. This project will develop a theory for surfacing information flows in systems so they can be used to establish accountability and to determine effective means to control their content.

  •  Noah Stephens-Davidowitz, assistant professor of computer science: “Foundations of post-quantum cryptography.” This work focuses on the theoretical foundations of post-quantum cryptography – cryptographic methods that enable a traditional computer to fend off attacks from a quantum computer (one that uses the quantum states of subatomic particles to store information and that can solve especially complex problems). This work is becoming increasingly important as quantum computing technology advances.

  • Andrew Myers, professor of computer science: “Making Hardware Comprehensively Secure Against Spectre – by Construction.” Recently, there have been several prominent timing attacks aimed at hardware in which attackers steal sensitive information, such as passwords, by analyzing the time required to perform computations. This project will develop a new secure hardware description language to build processors that are immune to this class of attacks.

  • Nicola Dell, associate professor of information science at the Jacobs Technion-Cornell Institute at Cornell Tech, and co-PI Thomas Ristenpart, professor of computer science at Cornell Tech: “Improving Account Security for At-Risk Users.” Many online services employ user-facing account security interfaces (ASIs) to show security-related information, such as recent logins and connected devices. But ASIs can be compromised, putting users – especially survivors of intimate partner violence, journalists and refugees – at risk. The researchers propose to develop more secure ASIs that preserve privacy and offer better user experience.

  • Dell and Ristenpart, in collaboration with researchers at NYU: “Discovering and Locating Unwanted IoT Devices for Survivors of Intimate Partner Violence.” Abusers use Internet of Things (IoT) devices, like location trackers and hidden cameras, to surveil and harass their victims. This research aims to build tools that can discover and locate IoT devices, create a guide to train survivors on how to use the tools, and test protocols for deploying them with survivors in NYC.

  • Nate Foster, professor of computer science, in collaboration with researchers at NYU: “ProSecco: Programmable In-Network Security.” As the reach of networks has expanded from servers and desktops to phones, cars, IoT devices, and cameras, attacks perpetrated through networks have increased in scale, sophistication, and frequency. The researchers propose ProSecco, a project that will use programmable network devices to create more proactive, dynamic, and automated defenses for network security.

  • Kevin Ellis, assistant professor of computer science, with co-PIs Owolabi Legunsen, assistant professor of computer science, and Alexandra Silva, professor of computer science: “Safe Program Generation and Deployment by Large Language Models.” AI systems have tremendous potential for managing a range of problems and tasks in everyday life – such as dispensing medication in a hospital or handling employee calendars – but there is still the possibility of dangerous mistakes. In this project, researchers propose a key safety property, and propose developing new techniques for eliciting, specifying, validating, and monitoring this safety property for machine learning systems.

Patricia Waldron is a writer for the Cornell Ann S. Bowers College of Computing and Information Science.