A glowing digital lock surrounded by streams of binary code and data points, symbolizing cybersecurity.

Cyber NYC Initiative

Columbia is working with Google and with partner institutions CUNY, NYU, and Cornell Tech to make New York City a hub of cybersecurity research, training, and education.

Cyber NYC Research Awards

Columbia University logo

Each year, the Cyber NYC program provides research awards to seven Columbia faculty members working in cybersecurity. In its first year, these awards resulted in 15 research papers and presentations, and 6 new software projects. Learn more about this year’s awards below.

  • Securing the Software Supply Chain via Effective Detection of Rogue Updates
    • PI: Junfeng Yang, Computer Science, with Yaniv David, Computer Science
    • This project works to detect malicious updates to benign software. This type of malware is known to be extremely dangerous; one prominent example is the famous SolarWinds hack that compromised thousands of organizations including nine US government agencies. The researchers have invented a novel algorithm and built a system for effective detection of rogue updates for packages in Javascript, one of the most widely used programming languages. 
  • Policy and Technical Foundations of Cyber Regulations
    • PIs: Jason Healey, School of International and Public Affairs
    • Little academic work has explored the nature of failures in cyber markets, or how regulation can impact these markets. This project investigates and develops initial frameworks for cyber market failures and cybersecurity regulation. It also works on more basic research, based in such frameworks, for regulatory options rooted in technology and computing. 
  • Constructive Responses to Harassment
    • PI: Susan McGregor, Data Science Institute; with Rachel Greenstadt and Damon McCoy, New York University
    • This project investigates a user-centric approach to mitigating online harassment. The researchers plan to assess how online reporting mechanisms can better meet user expectations and needs, thus mitigating the harms of online harassment and abuse. 
  • Differentially Private Streaming Algorithms for Continual Observation in the Turnstyle Model
    • PIs: Rachel Cummings, Industrial Engineering and Operations Research; Rebecca Wright, Barnard College, Computer Science
    • Differential privacy (DP) is a mathematically rigorous definition of privacy that has gained significant popularity since its formalization in 2006. However, it involves tradeoffs between privacy and accuracy that can be difficult to understand. This project builds a tool for visually explaining differential privacy to engineers, with a focus on the accuracy resulting from varying the privacy parameters. 
       
  • Bounding Measures of Inequality for Trustworthy Machine Learning
    • PI: Richard Zemel, Computer Science; with Toniann Pitassi, Computer Science
    • Learning-based predictive algorithms are widely used in real-world systems and have significantly impacted our daily lives. However, many algorithms are deployed without understanding of their potential for failure or how they perform across different populations. This project develops techniques that help algorithm designers ensure their models are fair both across and within groups. 
       
  • Multi-modal, Semantic-Aware AI Agents for Automated Vulnerability Detection & Repair
    • PIs: Baishakhi Ray and Junfeng Yang, Computer Science
    • Effectively repairing bugs in software is a task that’s important for our society and infrastructure, but often complex and costly. This project develops AI agents that use multiple different types of information - like source code, bug reports, stack traces, and system logs - to effectively locate and patch software bugs. 
       
  • Towards Bug-oriented Fuzzing Exploration
    • PIs: Suman Jana and Junfeng Yang, Computer Science
    • Fuzzing has been highly successful at finding bugs in large real-world software. However, fuzzers often hit a performance plateau after their initial success, because they lack understanding of what types of inputs to use.  This project improves fuzzers’ abilities to accurately detect bugs by improving their statistical rigor.