Projects

Current

• Model-Carrying Code (MCC): A new approach for mobile code security that can mitigate the security risks posed by mobile code without unduly restricting its functionality.
• Secure Mobile Code Execution Environment A companion project to the MCC project that emphasizes the development of a platform neutral implementation of MCC approach so as to preserve the integrity and privacy of end-user data from potentially malicious mobile code.
• Adaptive Intrusion Response This project builds on previous projects on host-based intrusion detection to develop automated responses that can protect against fast-moving attacks.
• Model-Checking for Detecting Computer System Vulnerabilities: This project develops techniques that can use high level models of system behavior, and information pertaining to system configuration to identify potential vulnerabilities automatically using model-checking techniques.
• Model-Based Approach for Securing Software Systems: This project develops a language for modeling security-related behaviors of programs and systems, and efficient algorithms for detecting deviations from these behaviors via runtime monitoring.

Previous Projects

• Specification-Based Techniques in Information Assurance: This project explores the use of techniques drawn from formal methods, software engineering and compilers to improve security of software systems.
• Programmable Adaptive Rapid Reactors: This project is concerned with developing robust and high-performance system call interposition techniques, and with the automation of responses to intrusions.
• Survivable Active Networks: This project developed techniques for building systems that can detect attacks early enough to be able to prevent damage, and to reconfigure the system to ensure continued operation.