·
One of the greatest threats a computing system is
facing comes from malicious code or benign-yet-vulnerable programs. Mitigation of such threats inevitably
requires an in-depth analysis of these programs. This, however, can be hard to achieve without
the supports of effective analysis means.
My research endeavors to develop the technologies that enable automated
understanding, evaluation and enhancement of software’s security features. This research, once successful, can offer
effective solutions to many important security problems, from suppression of
malware spread to protection of sensitive information in bioinformatics
research. Following are related projects we are working on.
a. Vaccine-based Malware Prevention
We proposed a black-box exploit prevention technique
called packet vaccine which quickly
detects exploit attempts on software and automatically generates signatures to
shield its vulnerabilities without reliance on its source and binary code. This approach performs much faster than other
host-based techniques and even works on the commodity software obfuscated for
DRM purposes. In addition, we are developing a new proactive-vaccine technique
which detects and fixes software flaws before the attacker has time to come up
with an exploit.
b. Automatic Disinfection
We developed a new technique which automatically
generates infection signatures to detect compromised systems and a process to
rid them of infections. Our technique
will enable large-scale disinfection of infected systems, even before the
perpetrator has time to use them.
c. Spyware
Containment
We proposed Spyshield, a framework that protects sensitive information
flows within an application from spy add-on, and PRECIP, a new confidentiality model that takes a first step towards
achieving practical and retrofittable information protection in a commodity
operating system even in the presence of spyware surveillance.
We studied the information leaks caused by the
failures in enforcing proper privacy policies within commercial applications,
developed ConfigRE,
a suite of techniques that automatically recover their security settings for
misconfiguration detection, and are working towards automated enhancement of
their policy enforcement mechanisms.
We proposed Panalyst,
a technique that analyzes program errors occurred in remote clients in a
privacy preserving manner. We are also
developing new privacy-preserving computation techniques based upon automated
program analysis for bioinformatics and medical research.
· DoS Containment
We developed puzzle-based mechanisms which protect end-to-end
services from flooding attacks and routers from bandwidth exhaustion attacks,
and a capability-based approach which uses the structure of the World Wide Web
to mitigate the threat of flooding attacks on websites. We also discovered a new type of
low-bandwidth, application-layer DoS attack which
uses the delegation feature of a trust management system to deplete its
resources, and proposed countermeasures.
· Incentive Engineering
Research on incentive engineering studies
self-interested parties' strategic moves to identify their optimal responses,
or designs incentive mechanisms to encourage these parties to behave
honestly. It provides a new avenue to
achieve the security objectives hard to attain directly through technical
means. Part of my previous research is
related to computational game theory and algorithmic mechanism design. Now I am trying to apply these techniques to
secure computing systems. My current project
on this subject is incentive based defense against insider threats.
Grants
PI:
XiaoFeng Wang
Time:
From 9/01/2007 to 8/31/2010
PI:
XiaoFeng Wang
Co-PI:
L Jean Camp
Time:
From 4/01/2007 to 3/31/2009
PI:
Javed Mostafa
Co-PI:
XiaoFeng Wang
Time:
From 10/01/2006 to 10/31/2007
PI:
Javed Mostafa
Co-PI: XiaoFeng Wang and Kiduk
Yang
Time:
From 09/15/2005 to 08/31/2007