Current Research Projects
I am broadly interested in improving the security and reliability of system software. My work spans all layers of the software stack: from low-level operating systems code, through runtime execution environments and libraries, to high-level application code. I am currently working on the following research projects.Transactional memory is a declarative concurrency control technique that has recently emerged as a promising candidate to ease multi-threaded programming. This project seeks to leverage mechanisms implemented by transactional memory systems to improve software security. For example, we have used software transactional memory as the basis for a new reference monitor architecture that decouples security enforcement from application functionality, thereby providing a variety of benefits, including freedom from complete mediation vulnerabilities, freedom from time-to-check to time-of-use vulnerabilities and easy handling of security exceptions. We are currently investigating both foundational issues in transactional memory introspection (TMI), for example, the formal semantics of TMI, as well as other applications of TMI, for example, to information flow tracking.
Related papers: [ CCS 2008 ]
The operating system kernel is typically considered the trusted computing base on most computer systems. Malicious software, such as rootkits, and untrusted extensions, such as device drivers, compromise its integrity, thereby rendering the entire system vulnerable. This project seeks to protect the integrity of the operating system kernel using a variety of techniques. We have developed Gibraltar, a novel rootkit detection tool that automatically infers and enforces integrity constraints on kernel data structures. We have also developed Microdrivers, a new architecture for device drivers that aims to improve the programmability and fault isolation of device drivers on commodity operating systems.
Related papers:
[
ACSAC 2008,
ASPLOS 2008,
HotOS 2007
]
Funding:
[
NSF CNS-0831268
]
Web 2.0 applications aim to improve browsing experience using techniques such as client-side script execution and information integration in the form of mashups. However, such applications also raise new security concerns. How to ensure safe yet expressive script execution? How to ensure confidentiality and integrity of sensitive information? This project is investigating techniques to answer such questions in the context of Web 2.0 applications.
Related papers: [ ACSAC 2008 ]
Past Research Projects
Although I am no longer actively working on the research projects listed below, I continue to be interested in these topics.Design for Security, the principle that software must be designed to be secure from the ground up, has been a mantra of the security community for decades. Unfortunately, most deployed software is not designed for security because of economic and practical reasons. This project, upon which my Ph.D. thesis is based, sought to develop techniques and tools to analyze and mine security-sensitive operations in legacy software, and to retrofit it with mechanisms for security policy enforcement.
Related papers: [ Ph.D. Thesis, ICSE 2007, Oakland 2006, CCS 2005 ]
This project sought to improve software quality by developing techniques to analyze code for various security and reliability problems. We developed techniques to analyze both source code as well as binary executables. Techniques developed include static buffer overrun detection for C programs using linear programming, format string exploit generation using bounded model checking, and detection of heap-based bugs in pointer-manipulating programs using anomaly detection.
Related papers: [ ASPLOS 2006, ICSE 2005, CCS 2003 ]
This project sought to identify shill bidders in electronic auctions (such as those on eBay) by constructing a model of normal bidding behavior and identifying anomalies.
Related papers: [ CCS 2005 ]
This project sought to generate network-level signatures for spyware. Such signatures can be used in a NIDS that monitors outgoing network traffic to detect spyware installations within a network.
Related papers: [ ACSAC 2006 ]