My research area is computer security. Specifically, my interests include systems security, program analysis for security, virtualization, trusted computing, and access control. I have published over 100 peer-reviewed papers on these subjects, some of which are available via DBLP and Google Scholar.
My work has been funded by the National Science Foundation ( CNS-0627551, CNS-0721579, CNS-0905343, CNS-0931914, and CNS-1117692 CNS-1408880 ), Defense Advanced Research Projects Agency, Air Force Research Lab, Army Research Lab, Air Force Office of Scientific Research, and a number of industrial sponsors, including HP Labs, IBM Research, Samsung, and Applied Communication Sciences. Their support is gratefully acknowledged.
Current Research Highlights
Our recent OS security work has examined OS mechanisms to protect processes from confused deputy attacks -- Process Firewall, see USENIX Security 2014 and ACM EuroSys 2013 -- prevent apps from misusing devices on mobile systems -- see ACSAC 2015 -- and hardware-based enforcement of control-flow integrity and kernel code integrity -- see ASPLOS 2017 (to appear) and IEEE MoST 2014.
Our main focus in software security is to retrofit programs with security code, generally from declarative specifications of security. We have explored retrofitting programs with authorization hooks -- see ESSoS 2015 -- detecting restricted pointer use to enforce control-flow integrity more accurately and more efficiently -- see IEEE European S&P 2016 -- and detecting and removing insecure "copy relocations" -- see NDSS 2017 (to appear).
Cloud customers lack visibility in cloud platforms to administer their computations. One particular problem is that cloud services used to administer customer computations have been found to have many vulnerabilities. We extend the OpenStack cloud to enable customers to validate that their cloud commands are performed as expected. See ACSAC 2016, IEEE Cloud 2015, and ACM Cloud Security Workshop 2014.