Completed Research Projects

These projects are no longer active, but current projects build on many of the ideas and tools developed by these projects.

Web/Mobile Application Security

Hardware, Languages, and Architectures for Defense Against Hostile Operating Systems with UC Berkeley, Harvard University, University of Illinois, Urbana-Champaign, and Stony Brook (AFOSR MURI)
An integrated suite of techniques for protecting applications and their data from hostile environments.
Side-Channel Analysis with Peter Chapman
Quantifying the risks of side-channel leaks in web applications using a dynamic, black-box approach.
GuardRails with Jonathan Burket, Austin DeVinney, Casey Mihaloew (part of AFOSR MURI)
A secure web application framework that provides rich data policies for Ruby on Rails.
Mashup Security with Adrienne Felt, Pieter Hooimeijer, and Westley Weimer
Mechanisms that allow clients to enforce meaningful security policies on untrusted content in mashup web pages.
Privacy Protection for Social Networks with Adrienne Felt
Protecting privacy for social network applications using privacy-by-proxy.

Security through Diversity

Helix with Jack Davidson, Yan Huang, John Knight, Anh Nguyen-Tuong, Jeff Shirley, Westley Weimer and colleagues at UC Davis, UCSB, New Mexico (AFOSR MURI)
Protect systems from sophisticated and motivated adversaries by automatically and continuously changing the attack surface of a running system.
N-Variant Systems with Ben Cox, Jack Davidson, John Knight, and Anh Nguyen-Tuong (NSF CyberTrust)
Using structured artificial diversity to provide high security assurances against large classes of attacks.
Genesis with Jack Davidson, John Knight, and Anh Nguyen-Tuong (DARPA)
Using automatically generated diversity at various levels of abstraction to protect computer systems.

Phyiscal Security

Implementable Privacy for RFID with Ben Calhoun, John Lach, Karsten Nohl, and abhi shelat (NSF Cybertrust)
New approaches to cryptography, protocol, and system design to provide adequate security on low-power devices.
Physicrypt (NSF ITR)
How computing in the physical world impacts security.
Programming the Swarm (NSF CAREER)
Getting sensible behavior from collections of unreliable, unorganized components.

Program Analysis

Perracotta with Jinlin Yang (NSF CPA)
Techniques for automatically inferring temporal properties of real world software using dynamic analysis.
Automatic Identification and Protection of Security-Critical Data with Westley Weimer (NSF CyberTrust)
Protect vulnerable programs by storing security-critical data in a separate protected store.
Inexpensive Program Analysis (NASA, NSF CAREER)
Reducing the cost and improving the scalability of program analysis using lightweight static analysis (Splint).

Malware

Disk-Level Malware with Nate Paul, Adrienne Felt, and Sudhanva Gurumurthi (NSF CyberTrust)
Uses the disk processor to improve virus detection and response by recognizing viruses by their disk-level activity.