Effective Software Monitoring Leveraging Hardware Debugging Extensions

ABIDES: Adaptive BInary DEbloating and Security

Trails: Efficient Data-Flow Tracking Through HW-assisted Parallelization

Adapting Static and Dynamic Program Analysis to Effectively Harden Debloated Software

This project aims to harden debloated software by leveraging static and dynamic analysis. The aim is to increase the effort required to compromise software through techniques applied dynamically on binaries, as well as the late stages of compilation, where some source-code information may not be available. It is currently supported by the Office of Naval Research (ONR) through grant N00014-16-1-2261.

Older projects

Authentication Using Glass Wearable Devices

We are working on a new project that will assist users, specially users with difficulties using their hands, to authenticate with terminals without the use of their hands.

Cyber-physical Authentication

Use the Internet of Things to model user movement and location for authentication purposes.


MINESTRONE is a novel architecture that integrates static analysis, dynamic confinement, and code diversification techniques to enable the identification, mitigation and containment of a large class of software vulnerabilities. Our techniques will protect new software, as well as already deployed (legacy) software by transparently inserting extensive security instrumentation. They will also leverage concurrent program analysis (potentially aided by runtime data gleaned from profiling software) to gradually reduce the performance cost of the instrumentation by allowing selective removal or refinement.

MINESTRONE will also use diversification techniques for confinement and fault-tolerance purposes. To minimize performance impact, our project will also leverage multi-core hardware or (when unavailable) remote servers to enable the quick identification of potential compromises.

The developed techniques will require no specific hardware or operating system features, although they will take advantage of such features where available, to improve both runtime performance and vulnerability coverage.

Funded by the AFRL.

Go to site.


MEERKATS is a novel architecture for cloud environments that elevates continuous system evolution, adaptation, and misdirection as first-rate design principles. Our goal is to enable an environment for cloud services that constantly changes along several dimensions, toward creating an unpredictable target for an adversary. This unpredictability will both impede the adversary’s ability to achieve an initial system compromise and, if a compromise occurs, to detect, disrupt, and/or otherwise impede his ability to exploit this success. Thus, we envision an environment where cloud services and data are constantly in flux, using adaptive (both proactive and reactive) protection mechanisms and distributed monitoring at various levels of abstraction. MEERKATS will effectively exploit “economies of scale” (in resources available) to provide higher flexibility and effectiveness in the deployment and use of protection mechanisms as and where needed, focusing on current and anticipated mission needs instead of an inefficient, “blanket” approach to protecting “everything, all the time” at the same level of intensity.

Funded by DARPA.

Go to site.


The WOMBAT (Worldwide Observatory of Malicious Behaviors and Attack Threats) project aims to develop malware collectors, analysis techniques and a repository for Internet threat analysis.
Funded by the EU FP7.


The DeWorm project combines flow-based approaches to intrusion detection with payload scanning to detect and stop flash worms.
Funded by STW Sentinels.


The Noah project aims to design a Pan-European Network of Affine Honeypots that cooperate to detect intrusion attempts.
Funded by the EU FP6.


The Scampi project aimed to develop a scalable monitoring platform for the Internet.
Funded by the EU IST.