Projects

 

·        Automatic Program Analysis

One of the greatest threats a computing system is facing comes from malicious code or benign-yet-vulnerable programs.  Mitigation of such threats inevitably requires an in-depth analysis of these programs.  This, however, can be hard to achieve without the supports of effective analysis means.   My research endeavors to develop the technologies that enable automated understanding, evaluation and enhancement of software’s security features.  This research, once successful, can offer effective solutions to many important security problems, from suppression of malware spread to protection of sensitive information in bioinformatics research. Following are related projects we are working on.

 

a.       Vaccine-based Malware Prevention

We proposed a black-box exploit prevention technique called packet vaccine which quickly detects exploit attempts on software and automatically generates signatures to shield its vulnerabilities without reliance on its source and binary code.  This approach performs much faster than other host-based techniques and even works on the commodity software obfuscated for DRM purposes. In addition, we are developing a new proactive-vaccine technique which detects and fixes software flaws before the attacker has time to come up with an exploit.

 

                              b.   Automatic Disinfection

We developed a new technique which automatically generates infection signatures to detect compromised systems and a process to rid them of infections.  Our technique will enable large-scale disinfection of infected systems, even before the perpetrator has time to use them.

 

                              c.   Spyware Containment

We proposed Spyshield, a framework that protects sensitive information flows within an application from spy add-on, and PRECIP, a new confidentiality model that takes a first step towards achieving practical and retrofittable information protection in a commodity operating system even in the presence of spyware surveillance.

 

We studied the information leaks caused by the failures in enforcing proper privacy policies within commercial applications, developed ConfigRE, a suite of techniques that automatically recover their security settings for misconfiguration detection, and are working towards automated enhancement of their policy enforcement mechanisms.

              

We proposed Panalyst, a technique that analyzes program errors occurred in remote clients in a privacy preserving manner.  We are also developing new privacy-preserving computation techniques based upon automated program analysis for bioinformatics and medical research.

 

·        DoS Containment 

We developed puzzle-based mechanisms which protect end-to-end services from flooding attacks and routers from bandwidth exhaustion attacks, and a capability-based approach which uses the structure of the World Wide Web to mitigate the threat of flooding attacks on websites.  We also discovered a new type of low-bandwidth, application-layer DoS attack which uses the delegation feature of a trust management system to deplete its resources, and proposed countermeasures.

 

·        Incentive Engineering  

Research on incentive engineering studies self-interested parties' strategic moves to identify their optimal responses, or designs incentive mechanisms to encourage these parties to behave honestly.   It provides a new avenue to achieve the security objectives hard to attain directly through technical means. Part of my previous research is related to computational game theory and algorithmic mechanism design.  Now I am trying to apply these techniques to secure computing systems.  My current project on this subject is incentive based defense against insider threats. 

 

 

Grants

PI: XiaoFeng Wang

Time: From 9/01/2007 to 8/31/2010

 

PI: XiaoFeng Wang

Co-PI: L Jean Camp

Time: From 4/01/2007 to 3/31/2009

 

PI: Javed Mostafa

Co-PI: XiaoFeng Wang

Time: From 10/01/2006 to 10/31/2007

 

PI: Javed Mostafa

Co-PI:  XiaoFeng Wang and Kiduk Yang

Time: From 09/15/2005 to 08/31/2007