Overview of Research
Networked information systems are playing increasingly important roles
in our infrastructures for critical services such as commerce,
transportation, telecommunication and national/international security. The
spate of "hacker attacks" at many prominent commercial, military and
governmental sites has highlighted the vulnerabilities in these systems.
In response, we have witnessed a rapid increase in public and private
spending on computer security technologies. In spite of these increased
investments, security incidents reported by organizations such as
the CERT Coordination Center have continued to increase at alarming rates.
The Secure Systems Laboratory conducts research into developing
techniques that can fundamentally alter the balance of power between
those trying to secure systems and those attempting to defeat the
security measures. The laboratory focusses on proactive
cybersecurity, which emphasizes identification of security
vulnerabilities and prevention of their exploitation, and
system survivability, which emphasizes continued system
operation in the face of attacks. These approaches are targeted at
various stages in the system lifecycle: requirements and design stage,
compile-time, install-time, and runtime. These approaches are based
on research in the following technical areas:
- Language-based security
- Security policies/behaviors
- Specification languages, type systems, and efficient enforcement
algorithms
- Compilers and runtime environments
- Program analysis/transformation
- Privacy and information flow
- Security-related programming errors, including memory errors in C.
- Operating system enhancements and related tools for security
- Secure installation/execution of (untrusted) code
- Isolation execution
- System call interposition based techniques
- Intrusion detection
- Policy/behavior based intrusion detection
- Anomaly detection
- Machine-learning
- Applications of formal methods in security
- Vulnerability analysis
- Extraction of security behavior models for large-scale software
- Verification of security properties
Specific projects conducted at the laboratory address:
- Host-based and Network-based Intrusion detection
- Model-Carrying Code for mobile code security
- Automated code diversity to limit
large-scale attacks such as worms, and the address obfuscation
technique,
- Isolated program execution technique and the
Alcatraz tool for "trying out"
potentially malicious or faulty software, software updates, etc.
- Automated intrusion response
- Network monitoring and management
- Vulnerability testing and analysis
These projects are conducted primarily in the context of the Linux
operating system, although the techniques themselves are applicable to
all OSes. Secure systems laboratory emphasizes system implementation
and experimental evaluation of all the techniques developed in the lab.
For additional information about these projects, please visit the
projects page, or our publications page.
