Effective Software Monitoring Leveraging Hardware Debugging Extensions
This project aims to develop technologies that leverage debugging features found on modern processors to efficiently monitor and apply security policies on software, using decoupled reference monitors (RM) running in parallel. It is supported by the Defense Advanced Research Projects Agency (DARPA) through contract D21AP10116-00.
ABIDES: Adaptive BInary DEbloating and Security
This project aims to reduce the attack surface of binaries by: hiding and removing unused library and kernel code, disabling unwanted and potentially buggy features, and specializing APIs. It is supported by the Office of Naval Research (ONR) through contract N00014-17-1-2788.
Trails: Efficient Data-Flow Tracking Through HW-assisted Parallelization
This project investigates a novel architecture for efficiently performing dynamic data-flow tracking through hardware-assisted parallelization. In particular, exploiting debugging extensions found in modern CPUs. It is supported by the Defense Advanced Research Projects Agency (DARPA) through contract FA8650-16-C-7662.
Adapting Static and Dynamic Program Analysis to Effectively Harden Debloated Software
This project aims to harden debloated software by leveraging static and dynamic analysis. The aim is to increase the effort required to compromise software through techniques applied dynamically on binaries, as well as the late stages of compilation, where some source-code information may not be available. It is supported by the Office of Naval Research (ONR) through grant N00014-16-1-2261.
Older projects
Authentication Using Glass Wearable Devices
We are working on a new project that will assist users, specially users with difficulties using their hands, to authenticate with terminals without the use of their hands.
Cyber-physical Authentication
Use the Internet of Things to model user movement and location for authentication purposes.
MINESTRONE
MINESTRONE is a novel architecture that integrates static analysis, dynamic confinement, and code diversification techniques to enable the identification, mitigation and containment of a large class of software vulnerabilities. Our techniques will protect new software, as well as already deployed (legacy) software by transparently inserting extensive security instrumentation. They will also leverage concurrent program analysis (potentially aided by runtime data gleaned from profiling software) to gradually reduce the performance cost of the instrumentation by allowing selective removal or refinement.
MINESTRONE will also use diversification techniques for confinement and fault-tolerance purposes. To minimize performance impact, our project will also leverage multi-core hardware or (when unavailable) remote servers to enable the quick identification of potential compromises.
The developed techniques will require no specific hardware or operating system features, although they will take advantage of such features where available, to improve both runtime performance and vulnerability coverage.
Funded by the AFRL.
MEERKATS
MEERKATS is a novel architecture for cloud environments that elevates continuous system evolution, adaptation, and misdirection as first-rate design principles. Our goal is to enable an environment for cloud services that constantly changes along several dimensions, toward creating an unpredictable target for an adversary. This unpredictability will both impede the adversary’s ability to achieve an initial system compromise and, if a compromise occurs, to detect, disrupt, and/or otherwise impede his ability to exploit this success. Thus, we envision an environment where cloud services and data are constantly in flux, using adaptive (both proactive and reactive) protection mechanisms and distributed monitoring at various levels of abstraction. MEERKATS will effectively exploit “economies of scale” (in resources available) to provide higher flexibility and effectiveness in the deployment and use of protection mechanisms as and where needed, focusing on current and anticipated mission needs instead of an inefficient, “blanket” approach to protecting “everything, all the time” at the same level of intensity.
Funded by DARPA.
WOMBAT
The WOMBAT
(Worldwide Observatory of Malicious Behaviors and Attack
Threats) project aims to develop malware collectors, analysis
techniques and a repository for Internet threat analysis.
Funded by the EU FP7.
DeWorm
The DeWorm project combines flow-based approaches to intrusion
detection with payload scanning to detect and stop flash worms.
Funded by STW Sentinels.