I am looking for talented collaborators for ongoing research. Undergraduate and graduate students alike can participate in research, and Master of Software Engineering students can contribute through their capstone project. My interests span software systems and security.
Master of Software Engineering capstone
Students must submit a coherent, well-written proposal before I will take on the task of advising them. Ultimately, student work must demonstrate both the technical ability to complete a challenging programming project and the application of the software engineering principles. When advising capstone projects, I expect to see hard evidence of both of these things. I suggest you keep The Heilmeier Catechism in mind as you form your plan:
- What are you trying to do? (State objectives clearly with no jargon.)
- How is this done today? What are the limitations of current practice?
- What is new in your approach, and why do you think it will be successful?
- Who cares? If you are successful, what difference does it make?
- What are the risks?
- How much will it cost? (Consider both financial and other costs.)
- How long will it take?
- What are the mid-term and final “exams” to check for success?
Good design, a robust testing regimen, and an introspective approach to software engineering will set you up for success. Frantically trying to get things to work will not. Regarding design, I like the summary of software architecture research that Roy Fielding provided in the abstract of his dissertaion; I summarize his words and apply them to design as:
- Determine how to best partition a system.
- Define how components identify and communicate with each other.
- Express how information is communicated.
- Allow for elements of a system to evolve independently.
- Describe all of this using formal and informal notations.
Undergraduate and graduate research and project ideas
The following is a list of tasks that might make a good line of student research. Diamonds (♦) indicate the degree of difficulty.
Aquinas has an extensive list of goals, including
- perform a privacy and/or security review,
- write new lessons,
- add a grading scheme that permits revealing test inputs to students whose submission fails,
- fix dark mode so that code displays properly
- support user-specific assignment variations, and
- study the efficacy of Aquinas.
- Modern, repeatable benchmarks for things like Xen, SSH/scp, HTTP, and system calls; a more up-to-date lmbench.
- Network benchmarks
- IPsec vs. QUIC vs. TLS vs. tcpcrypt vs. MinimaLT: latency, DoS resistence, number of simultaneous connections, etc.
- Open-Source Supply-Chain Security
- See, e.g., The Linux Foundation's analysis
- Little SELinux
- SELinux on embedded systems, especially OpenWrt.
- Covert channels ♦♦
- A covert-channel analysis of the Linux kernel.
- Heap protections ♦♦
- Memory protections for the Linux heap.
- 2016-CDX-USMA and 2017-CDX-USMA analysis
- Deeply analyze the results from the 2016 and 2017 Cyber Defense Exercises.
- Exfiltration countermeasures
- Implement automated countermeasures for DNS- and other exfiltration techniques.
- Port Go 1.0 to Ethos ♦♦
- We have the differences between upstream and our port of Go r60.3. Changes to Go's Goroutine implementation might add to the difficulty of this task.
- Programming language for Ethos ♦♦♦
- We would like to develop a language which internalizes ETN definitions and provides IPC that is as convenient and type-safe as Go's channels. Modernize the beauty of C+UNIX!
- Go OS ♦♦♦
- A simple operating system kernel in Go. Would first require thinking through Go's garbage collector. See Biscut, Go unikernel, and gVisor.
- Rust OS ♦♦♦
- A simple operating system kernel in Rust. Contribute to Redox OS?
- Ethos in Qubes
- Allow Ethos to easily run within Qubes.
- Unikernel work
- Play with unikernels. Compare unikernels, which minimize code and thus attack surface, with Ethos, which focuses on OS interfaces that promote robust programming. Port something like Aquinas to unikernels.
- Adapt Tor to use MinimaLT ♦
- Tor might benefit from the low-latency behavior of MinimaLT.
- Ethos access controls ♦♦♦
- Writing access controls within the Ethos kernel.
- Implement typed command-line arguments in Ethos
- This is a small task that can serve as an introduction to Ethos development. I think PowerShell supports types.
- Certificate survey
- Study what is required to prove your identity in order to purchase certificates from a number of certificate authorities.
- Put Capsicum to use.
- Put HiStar to use.
- seL4 port of Ethos interfaces ♦♦♦
- Implement Ethos on top of the seL4 microkernel.
- Code auditing tools
- Implement a tool which takes as input a program and configuration and produces the lines of code which will run.
- Ethos applications
- Write Ethos applications and compare their security properties to their POSIX counterparts.
- More study of OpenSSL and other APIs
- Study the patterns of API use. How many are accidental? How many are inherent to proper use? Does libtlssep cover them all?
- Linux kernel MinimaLT implementation
- Implement a MinimaLT module for the Linux kernel and figure out a user-space tie in.
Using the lessons learned from Fahl, Georgiev, et al., develop a service-based TLS library.(Thank you, Leo St. Amour.)
Create a simple-flow-based security model for Linux.(Thank you, Jessie Lass and Ryan Johnson.)
- More SimpleFlow
- Port SimpleFlow to a newer kernel, and couple with a framework to write information-flow-aware applications. Build a more sophisticated flow model.
A hypervisor-based information flow monitor.(Thank you, Matt Shockley, Chris Maixner, Ryan Johnson, and Mitch DeRidder.)
General programming and administration proposals
- Add FIDO/WebAuthn/USB support (Red Hat Bugzilla #2247565). Would require extending WebKitGTK (WebKit Bugzilla #205350).
- Add Grilo support to Kodi.
- Pandora plugin
- iHeartRadio plugin
- Netflix plugin
- Libdmapsharing, etc.
Various tasks, including:
- fix the DACP (i.e., iOS Remote) support in libdmapsharing,
- analyze libdmapsharing and dmapd for code quality, and
- add DPAP support to GNOME Photos.
- Awesome window manager
Various tasks, including:
- support for opening a new terminal using a current working directory which matches an existing terminal,
- easy command-line emailing with attachments,
- unified up-arrow histories across all bash instances, and
- Khal notifications.
- Small devices
Improvements to Golem, Siren, and Sprite, including:
- support for encrypted NFSv4,
- use of LDAP/Kerberos in Dovecot and Postfix,
- certificate-based logins,
- improved use of watchdogs,
- more multiplatform network shares (e.g., WebDAV and SMB),
- better DVD support,
- a user-configurable SPAM filter, and
- integrated support for console-video-game emulation.
- Survey virtualization platforms
Approximate security and systems conference schedule
|USENIX Enigma||Late January|
|USENIX Security Deadline||Mid February|
|SOSP Deadline (biennial)||Late March|
|Blackhat Deadline||Mid April|
|NSPW Deadline||Late April|
|OSDI Deadline (biennial)||Early May|
|ACM CCS Deadline||Mid May|
|IEEE S&P||Late May|
|ACSAC Deadline||Early June|
|IEEE SecDev Deadline||Late June|
|USENIX Security||Mid August|
|USENIX Enigma Deadline||Late August|
|SOSP (biennial)||Early October|
|ACM CCS||Mid October|
|EuroSys Deadline||Mid October|
|IEEE SecDev||Early November|
|OSDI (biennial)||Early November|
|IEEE S&P Deadline||Mid November|
|ASPLOS Deadline||Mid November|