Network Security Lab

Current Projects

MINESTRONE: Identifying and containing software vulnerabilities

MINESTRONE is a novel architecture that integrates static analysis, dynamic confinement, and code diversification techniques to enable the identification, mitigation and containment of a large class of software vulnerabilities. Our techniques will protect new software, as well as already deployed (legacy) software by transparently inserting extensive security instrumentation.

SPARCHS: Symbiotic, Polymorphic, Autotomic, Resilient, Clean-slate, Host Security

The SPARCHS project is considering a new computer systems design methodology that considers security as a first-order design requirement at all levels, starting from hardware, in addition to the usual design requirements such as programmability, usability, speed, and power/energy efficiency.

MEERKATS: Maintaining EnterprisE Resiliency via Kaleidoscopic Adaptation and Transformation of Software Services

MEERKATS is a novel architecture for cloud environments that elevates continuous system evolution, adaptation, and misdirection as first-rate design principles. Our goal is to enable an environment for cloud services that constantly changes along several dimensions, toward creating an unpredictable target for an adversary. This unpredictability will both impede the adversary’s ability to achieve an initial system compromise and, if a compromise occurs, to detect, disrupt, and/or otherwise impede his ability to exploit this success.

BLIND SEER: BLoom INDex SEarch of Encrypted Results

The BLIND SEER project aims for an efficient system for secure encrypted database search supporting complex queries and compliance checking, together with a rigorous security model and proofs of security.

VPSN: Virtual Private Social Networks

The VPSN project aims to investigate, develop, and experimentally evaluate novel techniques for protecting user privacy in the context of third-party websites and applications that have integrated popular social networking platforms for content personalization and social interaction.

Auditing PII in the Cloud with CloudFence

CloudFence is a framework that allows users to independently audit the treatment of their private data by third-party online services, through the intervention of the cloud provider that hosts these services.

Student Projects

SafeButton: Privacy-Preserving Social Plugins

In this research project we propose a novel design for privacy-preserving social plugins that decouples the retrieval of user-specific content from the loading of a social plugin. In contrast to existing solutions, this design preserves the functionality of existing social plugins by delivering the same personalized content, while it protects user privacy by avoiding the transmission of user-identifying information at load time.

SudoWeb: Minimizing Information Disclosure To Third Parties in Social Login Platforms

Over the past few months we are seeing a large and ever increasing number of Web sites encouraging users to log in with their Facebook, Twitter, or Gmail identity, or personalize their browsing experience through a set of plug-ins that interact with the users' social profile. Such interaction exposes an abundance of information from the users' online profile to Web sites for which it is not always clear why they require all that personal data to provide their services. This research project aims at mitigating the problem by designing and developing a framework for minimum information disclosure across third-party sites with social login interactions.

Past Projects