Proposed Research

We are always looking for talented collaborators for ongoing research. The following is a list of planned tasks. Diamonds (♦) indicate the degree of difficulty for a task.

Modern, repeatable benchmarks for things like Xen, SSH/scp, HTTP, and system calls.
VisorFlow ♦♦
Create a simple-flow-based security model for Linux. (Thank you, Jessie Lass and Ryan Johnson.)
A hypervisor-based information flow monitor. (Thank you, Matt Shockley, Chris Maixner, Ryan Johnson, and Mitch DeRidder.)
Covert channels ♦♦
A covert-channel analysis of the Linux kernel.
Kernel benchmarks ♦
A more modern lmbench.
Network benchmarks
IPsec vs. QUIC vs. TLS vs. tcpcrypt vs. MinimaLT: latency, DoS resistence, number of simultaneous connections, etc.
Heap protections ♦♦
Memory protections for the Linux heap.
2016-CDX-USMA and 2017-CDX-USMA analysis
Deeply analyze the results from the 2016 and 2017 Cyber Defense Exercises.
Exfiltration countermeasures
Implement automated countermeasures for DNS- and other exfiltration techniques.
Port Go 1.0 to Ethos ♦♦
We have the differences between upstream and our port of Go r60.3. Changes to Go's Goroutine implementation might add to the difficulty of this task.
Programming language for Ethos ♦♦♦
We would like to develop a language which internalizes ETN definitions and provides IPC that is as convenient and type-safe as Go's channels. Modernize the beauty of C+UNIX!
Go OS ♦♦♦
A simple operating system kernel in Go. Would first require thinking through Go's garbage collector.
Ethos in Qubes
Allow Ethos to easily run within Qubes.
Unikernel work
Play with unikernels. Compare unikernels, which minimize code and thus attack surface, with Ethos, which focuses on OS interfaces that promote robust programming.
Adapt Tor to use MinimaLT ♦
Tor might benefit from the low-latency behavior of MinimaLT.
Ethos access controls ♦♦♦
Writing access controls within the Ethos kernel.
Implement typed command-line arguments in Ethos
This is a small task that can serve as an introduction to Ethos development.
Certificate survey
Study what is required to prove your identity in order to purchase certificates from a number of certificate authorities.
Put Capsicum to use.
Put HiStar to use.
seL4 port of Ethos interfaces ♦♦♦
Implement Ethos on top of the seL4 microkernel.
Code auditing tools
Implement a tool which takes as input a program and configuration and produces the lines of code which will run.
Ethos applications
Write Ethos applications and compare their security properties to their POSIX counterparts.
TLS service
Using the lessons learned from Fahl, Georgiev, et al., develop a service-based TLS library. (Thank you, Leo St. Amour.)
More study of OpenSSL and other APIs
Study the patterns of API use. How many are accidental? How many are inherent to proper use? Does libtlssep cover them all?
Linux kernel MinimaLT implementation
Implement a MinimaLT module for the Linux kernel and figure out a user-space tie in.
SimpleFlow ♦♦
Create a simple-flow-based security model for Linux. (Thank you, Jessie Lass and Ryan Johnson.)

General programming and administration proposals

Add Grilo support to Kodi.
Contribute to the great Yorba applications such as Geary, Shotwell, and California.
Contribute to TikzEdt.
Libdmapsharing, etc.
Various tasks, including:
  • fixing the DACP (i.e., iOS Remote) support in libdmapsharing,
  • auditing libdmapsharing and dmapd, and
  • adding DPAP support to GNOME Photos.
Awesome window manager
Various tasks, including:
  • support for opening a new terminal using a current working directory which matches an existing terminal,
  • easy command-line emailing with attachments,
  • unified up-arrow histories across all bash instances, and
  • Khal notifications.
Small devices
Improvements to Golem, Siren, and Sprite, including:
  • support for encrypted NFSv4,
  • use of LDAP/Kerberos in Dovecot and Postfix,
  • certificate-based logins,
  • improved use of watchdogs,
  • more multiplatform network shares (e.g., WebDAV and SMB),
  • better DVD support,
  • a user-configurable SPAM filter, and
  • integrated support for console-video-game emulation.
Survey virtualization platforms
  • OpenNebula

Approximate security and systems conference schedule

ShmooconMid January
USENIX EnigmaLate January
USENIX Security DeadlineMid February
NDSSLate February
NSDIMid March
SOSP Deadline (biennial)Late March
ASPLOSEarly April
EuroSysMid April
Blackhat DeadlineMid April
NSPW DeadlineLate April
OSDI Deadline (biennial)Early May
ACM CCS DeadlineMid May
IEEE S&PLate May
ACSAC DeadlineEarly June
IEEE SecDev DeadlineLate June
BlackhatEarly August
USENIX SecurityMid August
USENIX Enigma DeadlineLate August
NSDIMid September
NSPWLate September
SOSP (biennial)Early October
ACM CCSMid October
EuroSys DeadlineMid October
IEEE SecDevEarly November
OSDI (biennial)Early November
IEEE S&P DeadlineMid November
ASPLOS DeadlineMid November
ACSACEarly December