Current Projects

• Shared Reference Monitor Systems: Shamon: A distributed systems security enforcement architecture based on establishing reference monitor guarantees for security enforcement software across a set of virtual machines (applications to cloud computing)
• Retrofitting for Security: (Mostly) automated generation of security code and conversion of ordinary programs into secure programs (applications for adding authorization checks and declassifiers/endorsers to Java and C programs)
• Information Flow Policy Design, Analysis, and Enforcement: Research in security policy analysis and design that would enable practical information flow guarantees and supporting enforcement mechanisms (applications for systems with access control enforcement in multiple software layers, such as VMM, operating system, and program)

Recent Projects

• Network Mandatory Access Control: Per-packet mandatory access control in Linux and supporting models and applications
• Linux Security Analysis: Applying policy and source code analysis to improving Linux Security.
• Linux Integrity Measurement Architecture: Application of the TCG TPM to integrity measurement for Linux systems and applications