·
Cyber attacks pose the paramount threat to critical
economic and national security infrastructure.
These attacks usually start with exploits of vulnerable software,
through which attackers infect the systems hosting the software and turn them
into "bots". Control of a
large number of bots empowers attackers to wreak even greater havoc through
such activities as distributed denial-of-service attacks (DDoS)
and identity theft. Defeating these attacks relies on an in-depth defense
framework that is composed of three key phases: prevention of exploits,
detection and disinfection of compromised systems, and containment of the
attacks from bots. My research aims at
developing efficacious techniques for all these phases, towards building a
practical in-depth defense framework. Follows are some research projects I am
working on.
We proposed a black-box exploit prevention technique
called packet vaccine which quickly
detects exploit attempts on software and automatically generates signatures to
shield its vulnerabilities without reliance on its source and binary code. This approach performs much faster than other
host-based techniques and even works on the commodity software obfuscated for
DRM purposes. In addition, we are developing a new proactive-vaccine technique
which detects and fixes software flaws before the attacker has time to come up
with an exploit.
We are working on a new technique which automatically
generates infection signatures to detect compromised systems and a process to
rid them of infections. Our technique
will enable large-scale disinfection of infected systems, even before the
perpetrator has time to use them.
We developed puzzle-based mechanisms which protect
end-to-end services from flooding attacks and routers from bandwidth exhaustion
attacks, and a capability-based approach which uses the structure of the World
Wide Web to mitigate the threat of flooding attacks on websites. We also discovered a new type of
low-bandwidth, application-layer DoS attack which
uses the delegation feature of a trust management system to deplete its
resources, and proposed countermeasures.
We proposed Spyshield, a framework that protects sensitive information
flows within an application from spy add-on, and PRECIP, a new confidentiality model that takes a first step towards
achieving practical and retrofittable information protection in a commodity
operating system even in the presence of spyware surveillance.
· Privacy
We discovered a fundamental vulnerability in existing anonymity systems: a self-interested anonymity server may have intention to expose others’ communication flows for profits. We proposed the first cures for the problem which force an anonymity server to bind anonymity of other users’ communication to its own information assets such as anonymity of its messages and secret keys.
We designed a
fair payment mechanism which offers incentives to individual mix servers to
honestly deliver the messages they are entrusted to send.
We are also
developing a privacy-preserving healthcare information system.
· Incentive Engineering
Research on incentive engineering aims at analyzing self-interested
parties' strategic moves to identify the optimal countermove, and designing a
security mechanism to encourage these parties to behave honestly. It can
provide a new avenue to achieve the security objectives which are hard to
enforce directly. Part of my previous
research is related to computational game theory and algorithmic mechanism
design. Now I am trying to apply these
techniques to secure computing systems.
My current project on this subject is incentive based defense against
insider threats.
Grants
PI:
XiaoFeng Wang
Time:
From 9/01/2007 to 8/31/2010
PI:
XiaoFeng Wang
Co-PI:
L Jean Camp
Time:
From 4/01/2007 to 3/31/2009
PI:
Javed Mostafa
Co-PI:
XiaoFeng Wang
Time:
From 10/01/2006 to 10/31/2007
PI: Javed
Mostafa
Co-PI: XiaoFeng Wang and Kiduk
Yang
Time:
From 09/15/2005 to 08/31/2007