jump to

Kevin Hamlen


Current externally funded research projects:

  • Language-based Security for Polymorphic Malware Protection (NSF Career, 2011–2016): This project develops runtime code analyses for malware detection and defense. It recasts traditionally static programming language-based security approaches, such as strong type-checking, model-checking, and in-lined reference monitoring, as hybrid static-dynamic algorithms that detect and prevent malicious program behaviors as the untrusted code executes. SIGNAL magazine, FEDcyber.com, and ACM Technews ran a news story about the project in October, and UTD publicized it in a press release in August.
  • Securing Web Advertisements (NSF Trustworthy Computing, 2011–2014): Web ads introduce unique challenges for end-to-end software security. This project develops tools and algorithms for malicious ad detection and trust negotiation at the level of ad developers, ad distributors, and ad recipients. The sidebar of this press release summarizes the project.
  • Reactively Adaptive Malware (AFOSR Active Defense, 2009–2013): Traditional polymorphic malware undergoes undirected (random) mutation as it propagates so that no two instances look exactly alike. This makes the malware harder to detect. This project examines more powerful directed mutation strategies that allow next-generation malware to reactively learn and adapt to deployed malware defenses. Anticipating this next generation of malware is critical for keeping pace with the cyber-security arms race. UTD devoted a press release to the project in May 2010. Subsequently, our work has been reported on by hundreds or thousands of news outlets. (See the "In the News" sidebar to the right for a few.) See also this UTD press release.

Completed projects:

  • Certified, Automated In-lined Reference Monitors (AFOSR Young Investigator, 2008–2011): In-lined Reference Monitors (IRMs) automatically modify untrusted code to make it provably safe, rather than merely examining it to try to decide its safety purely statically. The approach is more powerful than purely static analysis, and more flexible than traditional OS- or VM-level execution monitoring. This project developed IRM and machine-verification systems for ActionScript (Flash) binaries, Java binaries, and x86 native code binaries.
  • Secure, Peer-to-peer Data Management (NSF EAGER, 2009–2011): Cloud computing is an increasingly essential paradigm for supporting management of large databases and distributed computations. This project develops fully decentralized data integrity, confidentiality, and privacy enforcement algorithms for cloud computing based on structured peer-to-peer networking protocols and economic theories of utility optimization and risk.

Recent TV News Coverage of my Research

CBS 11 News (April 14, 2014)

CW33 Nightcap News (April 15, 2014)

Full Story at CW33 NightcapTV


The following is a list of research papers and theses that I've authored, co-authored, or supervised. Each is provided in PDF form.

Conference & Workshop Publications

All of the following conference and workshop publications are peer-reviewed. Acceptance rates are provided whenever they are known (except for invited papers that underwent a separate peer review process that does not pertain to the conference's general acceptance rate).

Journal Articles

The following are peer-reviewed journal papers I've authored or co-authored.

Unrefereed Articles, Technical Reports, and Theses

Supervised Student Dissertations and Theses

The following dissertations and theses were completed under my supervision.