Computer Science @ UC Davis
In the press
- We invented a new security architecture for web browsers, which became the blueprint for Google Chrome's security architecture. Elements of this research can be found in all major browsers. In the press here and here.
- We built the first known hardware-based rootkit, which for the first time showed how one could attack a computer system using a malicious processor. In the press here and here (full article here).
- We invented the concept of a virtual-machine-based rootkit and built the first prototype. In the press here.
- We wrote a blog post that talks about ways that we changed the Lyft product to help fight against fraudsters.
- This link shows a video of me giving a lecture on some of our work on hardware security.
Secure web browsers
OP web browser (pdf). This paper was the first browser paper from my group, we were the first to rethink modern web browser architectures to improve security. We also used formal methods to help vet our system, and proposed new mechanisms and policies for coping with compromised browser plugins.
Gazelle (pdf). Extended the basic OP architecture and had some new ideas on dealing with display security.
Alhambra (pdf). Applied deterministic replay to web browsers to enable browser developers to test new security policies.
Vex (pdf). Tested browser extensions for potential security vulnerabilities. Key insight: many vulnerabilities could be expressed as information flows. We found several previously unknown and subtle vulnerabilities.
IBOS (pdf). Built a new browser and a new OS specifically for more secure browsers. Our specialized OS reduced the trusted computing base for our browser by 2-3 orders of magnitude when compared to other modern systems.
ExpressOS (pdf). Built a new OS that included strong formal verification, with support for the Android system call interface and libraries. Although not strictly a browser, this work builds on top of our previous work on secure web browsers directly.
Cocktail (pdf). Uses three commodity browsers in concert to add security and reliability.
IMP (pdf). Designed and implemented the first processor with hardware backdoors. We learned a lot about the threat from this experience.
BlueChip (pdf). Developed a hardware / software system for removing suspicious circuits from hardware designs. Surprising result: we removed legitimate hardware from a hardware design and used software to make forward progress safely.
Defeating UCI (pdf). Performed a detailed security analysis of the UCI algorithm. We found some subtle and clever circuits that showed how to evade our UCI algorithm.
SPECS (pdf). Hardware support for enforcing security invariants in a modern processor. Includes a study of modern processor errata to classify them into security and non-security critical bugs.
Machine learning for systems and security
Laika (pdf). Built a system for extracting data structures out of process heaps and stacks without using symbols. We found that data structures were fairly good at identifying processes, even for code-polymorphic malware.
Macho (pdf). Built a system for programming using natural language, examples, and a large database of source code. This is still early research, but we already generated a few simple coreutils applications.
Building secure robots (pdf). Worked on general OS abstractions for apps running on general purpose robots, with a strong emphasis on security. It turns out that computer security is very different when your computer is a robot.