I am looking for talented collaborators for ongoing research. Undergraduate and graduate students alike can participate in research, and Master of Software Engineering students can contribute through their capstone project. My interests span software systems and security.

Master of Software Engineering capstone

Students must submit a coherent, well-written proposal before I will take on the task of advising them. Ultimately, student work must demonstrate both the technical ability to complete a challenging programming project and the application of the software engineering principles. When advising capstone projects, I expect to see hard evidence of both of these things. I suggest you keep The Heilmeier Catechism in mind as you form your plan:

  1. What are you trying to do? (State objectives clearly with no jargon.)
  2. How is this done today? What are the limitations of current practice?
  3. What is new in your approach, and why do you think it will be successful?
  4. Who cares? If you are successful, what difference does it make?
  5. What are the risks?
  6. How much will it cost? (Consider both financial and other costs.)
  7. How long will it take?
  8. What are the mid-term and final “exams” to check for success?

Good design, a robust testing regimen, and an introspective approach to software engineering will set you up for success. Frantically trying to get things to work will not. Regarding design, I like the summary of software architecture research that Roy Fielding provided in the abstract of his dissertaion; I summarize his words and apply them to design as:

  1. Determine how to best partition a system.
  2. Define how components identify and communicate with each other.
  3. Express how information is communicated.
  4. Allow for elements of a system to evolve independently.
  5. Describe all of this using formal and informal notations.

Undergraduate and graduate research and project ideas


The following is a list of tasks that might make a good line of student research. Diamonds (♦) indicate the degree of difficulty.

Aquinas has an extensive list of goals, including
  • perform a privacy and/or security review,
  • write new lessons,
  • add a grading scheme that permits revealing test inputs to students whose submission fails,
  • fix dark mode so that code displays properly
  • support user-specific assignment variations, and
  • study the efficacy of Aquinas.
Modern, repeatable benchmarks for things like Xen, SSH/scp, HTTP, and system calls; a more up-to-date lmbench.
Network benchmarks
IPsec vs. QUIC vs. TLS vs. tcpcrypt vs. MinimaLT: latency, DoS resistence, number of simultaneous connections, etc.
Open-Source Supply-Chain Security
See, e.g., The Linux Foundation's analysis
Little SELinux
SELinux on embedded systems, especially OpenWrt.
Covert channels ♦♦
A covert-channel analysis of the Linux kernel.
Heap protections ♦♦
Memory protections for the Linux heap.
2016-CDX-USMA and 2017-CDX-USMA analysis
Deeply analyze the results from the 2016 and 2017 Cyber Defense Exercises.
Exfiltration countermeasures
Implement automated countermeasures for DNS- and other exfiltration techniques.
Port Go 1.0 to Ethos ♦♦
We have the differences between upstream and our port of Go r60.3. Changes to Go's Goroutine implementation might add to the difficulty of this task.
Programming language for Ethos ♦♦♦
We would like to develop a language which internalizes ETN definitions and provides IPC that is as convenient and type-safe as Go's channels. Modernize the beauty of C+UNIX!
Go OS ♦♦♦
A simple operating system kernel in Go. Would first require thinking through Go's garbage collector. See Biscut, Go unikernel, and gVisor.
Rust OS ♦♦♦
A simple operating system kernel in Rust. Contribute to Redox OS?
Ethos in Qubes
Allow Ethos to easily run within Qubes.
Unikernel work
Play with unikernels. Compare unikernels, which minimize code and thus attack surface, with Ethos, which focuses on OS interfaces that promote robust programming. Port something like Aquinas to unikernels.
Adapt Tor to use MinimaLT ♦
Tor might benefit from the low-latency behavior of MinimaLT.
Ethos access controls ♦♦♦
Writing access controls within the Ethos kernel.
Implement typed command-line arguments in Ethos
This is a small task that can serve as an introduction to Ethos development. I think PowerShell supports types.
Certificate survey
Study what is required to prove your identity in order to purchase certificates from a number of certificate authorities.
Put Capsicum to use.
Put HiStar to use.
seL4 port of Ethos interfaces ♦♦♦
Implement Ethos on top of the seL4 microkernel.
Code auditing tools
Implement a tool which takes as input a program and configuration and produces the lines of code which will run.
Ethos applications
Write Ethos applications and compare their security properties to their POSIX counterparts.
More study of OpenSSL and other APIs
Study the patterns of API use. How many are accidental? How many are inherent to proper use? Does libtlssep cover them all?
Linux kernel MinimaLT implementation
Implement a MinimaLT module for the Linux kernel and figure out a user-space tie in.
TLS service
Using the lessons learned from Fahl, Georgiev, et al., develop a service-based TLS library. (Thank you, Leo St. Amour.)
SimpleFlow ♦♦
Create a simple-flow-based security model for Linux. (Thank you, Jessie Lass and Ryan Johnson.)
More SimpleFlow
Port SimpleFlow to a newer kernel, and couple with a framework to write information-flow-aware applications. Build a more sophisticated flow model.
VisorFlow ♦♦
A hypervisor-based information flow monitor. (Thank you, Matt Shockley, Chris Maixner, Ryan Johnson, and Mitch DeRidder.)

General programming and administration proposals

Add FIDO/WebAuthn/USB support (Red Hat Bugzilla #2247565). Would require extending WebKitGTK (WebKit Bugzilla #205350).
Add Grilo support to Kodi.
  • Pandora plugin
  • iHeartRadio plugin
  • Netflix plugin
Libdmapsharing, etc.
Various tasks, including:
  • fix the DACP (i.e., iOS Remote) support in libdmapsharing,
  • analyze libdmapsharing and dmapd for code quality, and
  • add DPAP support to GNOME Photos.
Awesome window manager
Various tasks, including:
  • support for opening a new terminal using a current working directory which matches an existing terminal,
  • easy command-line emailing with attachments,
  • unified up-arrow histories across all bash instances, and
  • Khal notifications.
Small devices
Improvements to Golem, Siren, and Sprite, including:
  • support for encrypted NFSv4,
  • use of LDAP/Kerberos in Dovecot and Postfix,
  • certificate-based logins,
  • improved use of watchdogs,
  • more multiplatform network shares (e.g., WebDAV and SMB),
  • better DVD support,
  • a user-configurable SPAM filter, and
  • integrated support for console-video-game emulation.
Survey virtualization platforms
  • OpenNebula
  • Eucalyptus
  • OpenStack

Approximate security and systems conference schedule

Event Timeframe
Shmoocon Mid January
USENIX Enigma Late January
USENIX Security Deadline Mid February
NDSS Late February
NSDI Mid March
SOSP Deadline (biennial) Late March
ASPLOS Early April
EuroSys Mid April
Blackhat Deadline Mid April
NSPW Deadline Late April
OSDI Deadline (biennial) Early May
ACM CCS Deadline Mid May
IEEE S&P Late May
ACSAC Deadline Early June
IEEE SecDev Deadline Late June
Blackhat Early August
USENIX Security Mid August
USENIX Enigma Deadline Late August
NSDI Mid September
NSPW Late September
SOSP (biennial) Early October
ACM CCS Mid October
EuroSys Deadline Mid October
IEEE SecDev Early November
OSDI (biennial) Early November
IEEE S&P Deadline Mid November
ASPLOS Deadline Mid November
ACSAC Early December