Projects

 

·        Cyber Defense

Cyber attacks pose the paramount threat to critical economic and national security infrastructure.  These attacks usually start with exploits of vulnerable software, through which attackers infect the systems hosting the software and turn them into "bots".   Control of a large number of bots empowers attackers to wreak even greater havoc through such activities as distributed denial-of-service attacks (DDoS) and identity theft. Defeating these attacks relies on an in-depth defense framework that is composed of three key phases: prevention of exploits, detection and disinfection of compromised systems, and containment of the attacks from bots.  My research aims at developing efficacious techniques for all these phases, towards building a practical in-depth defense framework. Follows are some research projects I am working on.

 

1. Vaccine-based Malware Prevention

 

We proposed a black-box exploit prevention technique called packet vaccine which quickly detects exploit attempts on software and automatically generates signatures to shield its vulnerabilities without reliance on its source and binary code.  This approach performs much faster than other host-based techniques and even works on the commodity software obfuscated for DRM purposes. In addition, we are developing a new proactive-vaccine technique which detects and fixes software flaws before the attacker has time to come up with an exploit.

 

2. Automatic Disinfection

 

We are working on a new technique which automatically generates infection signatures to detect compromised systems and a process to rid them of infections.  Our technique will enable large-scale disinfection of infected systems, even before the perpetrator has time to use them.

 

3. DoS Containment

 

We developed puzzle-based mechanisms which protect end-to-end services from flooding attacks and routers from bandwidth exhaustion attacks, and a capability-based approach which uses the structure of the World Wide Web to mitigate the threat of flooding attacks on websites.  We also discovered a new type of low-bandwidth, application-layer DoS attack which uses the delegation feature of a trust management system to deplete its resources, and proposed countermeasures.

 

4. Spyware Containment

 

We proposed Spyshield, a framework that protects sensitive information flows within an application from spy add-on, and PRECIP, a new confidentiality model that takes a first step towards achieving practical and retrofittable information protection in a commodity operating system even in the presence of spyware surveillance.

                       

 

·        Privacy 

We discovered a fundamental vulnerability in existing anonymity systems: a self-interested anonymity server may have intention to expose others’ communication flows for profits.  We proposed the first cures for the problem which force an anonymity server to bind anonymity of other users’ communication to its own information assets such as anonymity of its messages and secret keys.  

We designed a fair payment mechanism which offers incentives to individual mix servers to honestly deliver the messages they are entrusted to send.

We are also developing a privacy-preserving healthcare information system.

 

·        Incentive Engineering  

Research on incentive engineering aims at analyzing self-interested parties' strategic moves to identify the optimal countermove, and designing a security mechanism to encourage these parties to behave honestly.   It can provide a new avenue to achieve the security objectives which are hard to enforce directly.  Part of my previous research is related to computational game theory and algorithmic mechanism design.  Now I am trying to apply these techniques to secure computing systems.  My current project on this subject is incentive based defense against insider threats. 

 

 

Grants

• NSF-CNS-0716292: "CT-ISG: Automatic Generation of  Vaccine Exploits to Protect Commodity Software"

PI: XiaoFeng Wang

Time: From 9/01/2007 to 8/31/2010

 

• I3P/DHS: "Mitigating Insider Threat with Incentives" (IU part of the project "Human Behavior, Insider Threat and Awareness")

PI: XiaoFeng Wang

Co-PI: L Jean Camp

Time: From 4/01/2007 to 3/31/2009

 

• NSF-IIS-064621:"NSF Frontiers in Health Information Delivery Workshop"  

PI: Javed Mostafa

Co-PI: XiaoFeng Wang

Time: From 10/01/2006 to 10/31/2007

 

• NSF-IIS-0549313: "A test-bed for personalized, privacy-preserving and high quality health information delivery" 

PI: Javed Mostafa

Co-PI:  XiaoFeng Wang and Kiduk Yang

Time: From 09/15/2005 to 08/31/2007