Objective: Design frameworks for running security-critical applications.
Mentors: Casen Hunger, Ashay Rane.
Background: The recent Anthem Health and UCLA Hospital breaches lost a combined amount of 8 million medial records. How can we prevent such large-scale information leaks? This project involves exploring ways of running untrusted applications with sensitive data in secure ways. This project will dive deep into the use of containers like Docker and will analyze the security risks (if any) of using such containers.
Tools and techniques: Operating systems, containers.
Objective: Formally prove that the given code is secure.
Mentor: Ashay Rane.
Background: Static analysis techniques are intuitive and easy to use for proving specific properties of programs. Unfortunately, static analysis techniques can suffer from imprecision. There exists a different proof technique, used by theorem provers, that uses induction on programs to prove or disprove properties. The goal of this project is to use the ACL2 theorem prover to prove that a newly-constructed floating point library does not leak secrets.
Tools and techniques: ACL2 (Lisp), induction, formal verification.
Objective: Create side-channel attacks on real-world web applications.
Mentors: Oswaldo Olivo, Ashay Rane.
Background: Various real-world web applications are susceptible to timing-based and packet-size-based side-channel attacks. In such attacks, the adversary observes the page loading time or the size of the (encrypted) page to infer secret values. Such attacks are far more serious in web applications in which the attacker is able to make changes to the database, thus giving them the name "second-order" side-channel attacks. The attack is composed of two step: in the first step, the attacker adds entries of his or her own choice to the database while in the second step, the attacker observes the impact of the changes on the victim user's page. In this project, we will analyze the impact of such attacks on real-world web applications.
Tools and techniques: PHP, SQL, static analysis.
Objective: Statically analyze Javascript code, ensure that code has limited access to DOM.
Mentors: Casen Hunger, Ashay Rane.
Background: When third-party Javascript codes are included in an HTML document, the Javascript codes have access to all of your HTML elements (DOM). A malicious Javascript code can thus exfiltrate security-sensitive portions of the document. The goal of this project is to limit such exfiltration of sensitive information. We will be analyzing Javascript code to implement rudimentary containers / sandboxes / jails that will limit the code's access to DOM elements and to other Javascript objects. As part of this process, we will also build a Javascript static analyzer which construct a control-flow graph and runs various static analyses on the generated control-flow graph.
Tools and techniques: Compiler analyses, Javascript syntax.
Objective: Apply differential privacy to hide information leaks from memory access trace.
Mentor: Rohith Prakash.
Background: Differential privacy is typically applied to relational databases by adding noise to database values with the objective of limiting the leakage of sensitive information (e.g. medical records). The same principle of introducing controlled noise can be applied to the memory access traces of a given secret program. The advantage of applying differential privacy (as opposed to full-blow memory trace obfuscation techniques) is that differential privacy solutions are simpler, intuitive, and substantially reduce runtime overhead. This project leverages differential privacy to provide a trade-off between performance and privacy.
Tools and techniques: Differential privacy, knowledge of probability distributions.
Objective: Scale Raccoon's side-channel defenses.
Mentors: Ahmed Khawaja, Ashay Rane.
Background: The Usenix security paper demonstrated a proof-of-concept defense against many different side-channel attacks. However, much work needs to be done to scale Raccoon to real programs. First, Raccoon needs to support more language features. Second, we need to transform bigger program so that we can stress various parts of the system. Third, we need to use smarter transformation techniques to limit Raccoon's overhead. Together, these techniques will increase Raccoon's practicality.
Tools and techniques: LLVM, compiler transforms.
Objective: Apply specific side-channel defenses to a large-scale graph processing algorithm.
Mentor: Ashay Rane.
Background: While the Raccoon compiler can apply obfuscation to arbitrary programs, narrowing the focus to a specific program enables specific, targeted transformations. Unlike generic transformations, such targeted transformations have the potential to substantially lower the runtime overhead. This project draws out the main lessons learned from designing Raccoon in order to devise obfuscation techniques for a very specific problem -- targeted ad generation.
Tools and techniques: Graph algorithms, oblivious data structures.
Objective: Combine many malware detection techniques.
Mentor: Michael Bartling.
Background: Contemporary desktop malware analysis tools generally do not work on mobile platforms. This is for several reasons including computational complexity, power constraints, and how mobile benignware often handles payloads (accessing contacts + photos, sharing data, and computation). Essentially, the false positive rates in traditional tools is just too high for use on mobile platforms. We correlate a bunch of weak signals (i.e malicious flags) across social networks in attempt to improve the false positive rates as well as the time to detection. This idea is similar to boosting in image processing, where a set weak classifiers are combined to make a strong classifier.
Tools and techniques: Malware analysis, Android.