The Systems and Software Security (S3) Lab at The University of Texas at Dallas focuses on building new systems and automated techniques to secure our computer systems including OS kernels and the running software. We cover a wide spectrum of technology including those from hardware, architecture, virtualization, operating system, and compilers. Our emphasis is the underlying program (including source code and binary code) analysis techniques as computer systems essentially run programs, and our particularly interested applications include the protection of hypervisor and operating system kernel, the inference of binary code for vulnerability discovery and malicious behavior analysis as well as the binary code rewriting and reuse, the investigation of the cyber attacks such as intrusion detection and digital forensics, and the digital data recovery.
Since the establishment of the S3 Lab, our research has been sponsored in part by AFOSR, DARPA, NSF, Raytheon, and VMware. Their support is greatly appreciated.
- Software security (or binary code analysis) We always have a strong interest of playing with the native binary code especially the x86 binary, because it is everywhere and it is the final representation of the software implementation. In the past, we have investigated the reverse engineering of binary code for discovering the network protocol format as well as more generally input data format. We also have devised techniques for automatic vulnerability discovery, and automatic data structure reverse engineering. These days, we are investigating how to automatically identify critical components in software binary and reuse it in different security context. [FSE'15, VEE'15, ESORICS'14, USENIX-Security'14b,NDSS'14b, ACSAC'13, CCS'13, ICDCS'13, ACSAC'12, CCS'12, DFRWS'12, NDSS'10, DSN'10, NDSS'09, FSE'08, DSN'08, NDSS'08].
- Systems security We also have a strong interest in OS kernel and hypervisior program analysis. In fact, sometimes kernel programs are a bit easier to analyze than user level programs. Our particular interest is through instrumenting virtual machine monitor (much like the way we instrument the normal user-level binary programs) to understand the OS behavior such as OS kernel control flow and the OS data structures, and propose protection techniques for OS control and data integrity. [FSE'15,VEE'15, ACSAC'14, USENIX-Security'14a, NDSS'14a, ACSAC'13, ISCA'13, DSN'13, VEE'13, SOCC'12, S&P'12, NDSS'11]
- Cloud computing (Virtualization, Introspection, Cloud VM Management) With the rapid movement towards cloud computing, the cloud security and the virtual machine (VM) management has gradually become a big concern. Our expertise is in memory data analysis, and it actually becomes a virtual machine introspection (VMI) problem in an IaaS cloud as both applications need to analyze memory data. Our main focus is to develop automatic introspection techniques for both VMI and forensics. [FSE'15,USENIX-ATC'14, NDSS'14a, ACSAC'13, ISCA'13, VEE'13, SOCC'12, S&P'12, NDSS'11]
- Digital Forensics Our emphasis is mainly on memory data analysis. Essentially, digital forensics aims to recover digital evidence which is usually data and has to be interpreted based on the data structures. As we have developed data structure reverse engineering techniques, we aim to apply the data structure knowledge for better digital forensics. In the past, we have focused on both live memory and dead memory data instances identification. Recently, we focused on how to carve binary files in disk image. [FSE'15,ACSAC'14, ESORICS'14, NDSS'14a, ACSAC'13, ISCA'13, DSN'13, SOCC'12, DFRWS'12, NDSS'12, NDSS'11, NDSS'10]
- Randomization for Security Mono-culture is the root-cause of why our cyber infrastructure is vulnerable to the large scale, automated attacks. Our another research efforts focus on breaking the mono-culture of the existing computing environment and introduce the randomizations (un-predications) to the system and software. In the past, we did data structure layout randomization, and our on-going efforts focus on many other aspects of randomizations. [ESORICS'15,DSN'15, DATE'14, CCS'12, DIMVA'09]
- Smartphone Security We also have shifted our focus a bit to smartphone program analysis. One of our goals is to automatically find vulnerabilities in the apps in a large scale manner. The others include exploring the possible new attack vectors, and defending the new emerging threats. [USENIX-Security'15, NDSS'14b, SECURECOMM'14]
- Erick Bauman
- Swarup Chandra (co-advised with Dr. Latifur khan)
- Yangchun Fu
- Yufei Gu
- Raul Quinonez
- Huibo Wang
- Wubing Wang
- Garrett Greenwood
- Devin Wiley
- Junyuan Zeng (PhD 2015, first employment Staff Software Engineer at FireEye)
- Joshua Hammond (MS 2014, first employment Idaho National Laboratory)
- Kenneth Miller (MS 2014, first employment DoD)
- Daniel Waymel (MS 2014, first employment State Farm)
- Alireza Saberi (Academic visitor during spring 2013, first employment Microsoft)
- David B Sounthiraraj (MS 2013, first employment Cisco)
- Scott Hand (MS 2013, first employment DoD)
- Mathew Stephen (MS 2012, first employment Center for Internet Security)
- Kevin Hulin (MS 2012, first employment Sandia National Lab)
- Camron Quituga (MS 2012, first employment DoD)
- Mitchell Adair (MS 2012, first employment Raytheon)
- Our Lab will always hire good PhD students. If you are fascinated with Operating System/Virtualization, and/or Binary Code, and/or Compiler, and are highly motivated, we should talk.