Active Research Projects

NSF AI Institute for Agent-based Cyber Threat Intelligence and Operation (ACTION) with collaborators at UC Santa Barbara (Giovanni Vigna, Director), Purdue University, UC Berkeley, Georgia Tech, UIC, UIUC, NSU, Rutgers, U. Washington, and the University of Chicago. (2023–2028)
ACTION seeks to change the way mission-critical systems are protected against sophisticated, ever-changing security threats. In cooperation with (and learning from) security operations experts, intelligent agents will use complex knowledge representation, logic reasoning, and learning to identify flaws, detect attacks, perform attribution, and respond to breaches in a timely and scalable fashion.
End-to-End Trustworthiness of Machine-Learning Systems with Patrick McDaniel (Penn State University), Dan Boneh (Stanford), Kamalika Chaudhuri (UCSD), Somesh Jha (U. Wisconsin), Percy Liang (Stanford), and Dawn Song (UC Berkeley) (NSF SaTC Frontier, 2018–2023)
This frontier project establishes the Center for Trustworthy Machine Learning (CTML), a large-scale, multi-institution, multi-disciplinary effort whose goal is to develop scientific understanding of the risks inherent to machine learning, and to develop the tools, metrics, and methods to manage and mitigate them.
Econometrically Inferring and Using Individual Privacy Preferences with Denis Nekipelov (UVA Economics) (NSF SaTC EAGER, 2019–2023)
This project combines research on mechanism design and econometrics to provide a new perspective on privacy. Our goal is to develop methods that use ideas from econometrics to reveal concrete privacy preferences for individuals and aggregate distributions, and connect those preferences to formal privacy models, including differential privacy.

Previous Research Projects

These projects are no longer active, but current projects build on many of the ideas and tools developed by these projects.

Adversarial Machine Learning

Evading Classifiers with Yanjun Qi, and Westley Weimer (NSF SaTC, 2016-2019)
An evolutionary framework based on genetic programming for automatically finding variants that evade detection by machine learning-based malware classifiers.

Secure Computation

Multi-Party Machine Learning with Privacy with Quanquan Gu (UCLA) (NSF SaTC, 2017–2021)
Privacy-preserving machine learning combining secure multi-party computation with differential privacy and other privacy techniques.
Secure Computation with Jonathan Katz (Maryland), Michael Hicks (Maryland), Steven Myers (Indiana), and abhi shelat (NSF Cybertrust, 2011-2018)
Tools and techniques for efficient, practical multi-party secure computation.

Web/Mobile Application Security

Automated Security Testing for Applications Integrating Third-Party Services (NSF SaTC 2014-2019)
Automated techniques to detect vulnerabilities in web applications (focusing on integration of single sign-on services) and understand behaviors of third-party embedded scripts.
Hardware, Languages, and Architectures for Defense Against Hostile Operating Systems with UC Berkeley, Harvard University, University of Illinois, Urbana-Champaign, and Stony Brook (AFOSR MURI)
An integrated suite of techniques for protecting applications and their data from hostile environments.
Side-Channel Analysis with Peter Chapman
Quantifying the risks of side-channel leaks in web applications using a dynamic, black-box approach.
GuardRails with Jonathan Burket, Austin DeVinney, Casey Mihaloew (part of AFOSR MURI)
A secure web application framework that provides rich data policies for Ruby on Rails.
Mashup Security with Adrienne Felt, Pieter Hooimeijer, and Westley Weimer
Mechanisms that allow clients to enforce meaningful security policies on untrusted content in mashup web pages.
Privacy Protection for Social Networks with Adrienne Felt
Protecting privacy for social network applications using privacy-by-proxy.

Security through Diversity

Designing for Measurable Security with Sal Stolfo and Steve Bellovin (Columbia University) (Air Force Office of Scientific Research)

Helix with Jack Davidson, Yan Huang, John Knight, Anh Nguyen-Tuong, Jeff Shirley, Westley Weimer and colleagues at UC Davis, UCSB, New Mexico (AFOSR MURI)
Protect systems from sophisticated and motivated adversaries by automatically and continuously changing the attack surface of a running system.
N-Variant Systems with Ben Cox, Jack Davidson, John Knight, and Anh Nguyen-Tuong (NSF CyberTrust)
Using structured artificial diversity to provide high security assurances against large classes of attacks.
Genesis with Jack Davidson, John Knight, and Anh Nguyen-Tuong (DARPA)
Using automatically generated diversity at various levels of abstraction to protect computer systems.

Phyiscal Security

Implementable Privacy for RFID with Ben Calhoun, John Lach, Karsten Nohl, and abhi shelat (NSF Cybertrust)
New approaches to cryptography, protocol, and system design to provide adequate security on low-power devices.
Physicrypt (NSF ITR)
How computing in the physical world impacts security.
Programming the Swarm (NSF CAREER)
Getting sensible behavior from collections of unreliable, unorganized components.

Program Analysis

Perracotta with Jinlin Yang (NSF CPA)
Techniques for automatically inferring temporal properties of real world software using dynamic analysis.
Automatic Identification and Protection of Security-Critical Data with Westley Weimer (NSF CyberTrust)
Protect vulnerable programs by storing security-critical data in a separate protected store.
Inexpensive Program Analysis (NASA, NSF CAREER)
Reducing the cost and improving the scalability of program analysis using lightweight static analysis (Splint).


Disk-Level Malware with Nate Paul, Adrienne Felt, and Sudhanva Gurumurthi (NSF CyberTrust)
Uses the disk processor to improve virus detection and response by recognizing viruses by their disk-level activity.