Welcome to the Security of Software (SOS) Group!
Software systems are pervasive in all aspects of society. From online shopping to electronic voting, software has become an intrinsic part of business and our daily lives over the past few decades. However, software systems are not secure and robust. The media is full of reports of the catastrophic impact of software failures. A small collection of well-known software failures is available here.
The principal reason of software insecurity is the presence of software errors (i.e., bugs in computer jargon). For example, simple errors in software can result in buffer overruns or format string attacks that enable attackers to execute arbitrary code in attacked systems.
The SOS group at Penn State is a response to the urgent call for methodologies of making software secure. We are investigating the theory and constructing tools that help find and remove software errors, mitigate the effect of errors, and construct error-free software systems. The primary techniques we use are program analysis, program verification, programming languages, and compilers.
Current Projects
Past Projects
- GoNative
- Modular Control-Flow Integrity
- Interface Safety in Multilingual Software
- Static Analysis for Software Protection
- FPCC: Foundational Proof-Carrying Code
Awards Won by Past Group Members
- Ben Niu, ACM SIGSAC Doctoral Dissertation Award Runner-Up, 2016.
- Matthew Kilgore, Honorable Mention in CRA’s Outstanding Undergraduate Award, 2015.
- Jason Croft, Honorable Mention in CRA’s Outstanding Undergraduate Award, 2009.