We are always looking for talented collaborators for ongoing research. The following is a list of planned tasks. Diamonds (♦) indicate the degree of difficulty for a task.
- Modern, repeatable benchmarks for things like Xen, SSH/scp, HTTP, and system calls.
- VisorFlow ♦♦
A hypervisor-based information flow monitor.(Thank you, Matt Shockley, Chris Maixner, Ryan Johnson, and Mitch DeRidder.)
- Covert channels ♦♦
- A covert-channel analysis of the Linux kernel.
- Kernel benchmarks ♦
- A more modern lmbench.
- Network benchmarks
- IPsec vs. QUIC vs. TLS vs. tcpcrypt vs. MinimaLT: latency, DoS resistence, number of simultaneous connections, etc.
- Heap protections ♦♦
- Memory protections for the Linux heap.
- 2016-CDX-USMA and 2017-CDX-USMA analysis
- Deeply analyze the results from the 2016 and 2017 Cyber Defense Exercises.
- Exfiltration countermeasures
- Implement automated countermeasures for DNS- and other exfiltration techniques.
- Port Go 1.0 to Ethos ♦♦
- We have the differences between upstream and our port of Go r60.3. Changes to Go's Goroutine implementation might add to the difficulty of this task.
- Programming language for Ethos ♦♦♦
- We would like to develop a language which internalizes ETN definitions and provides IPC that is as convenient and type-safe as Go's channels. Modernize the beauty of C+UNIX!
- Go OS ♦♦♦
- A simple operating system kernel in Go. Would first require thinking through Go's garbage collector.
- Ethos in Qubes
- Allow Ethos to easily run within Qubes.
- Unikernel work
- Play with unikernels. Compare unikernels, which minimize code and thus attack surface, with Ethos, which focuses on OS interfaces that promote robust programming.
- Adapt Tor to use MinimaLT ♦
- Tor might benefit from the low-latency behavior of MinimaLT.
- Ethos access controls ♦♦♦
- Writing access controls within the Ethos kernel.
- Implement typed command-line arguments in Ethos
- This is a small task that can serve as an introduction to Ethos development.
- Certificate survey
- Study what is required to prove your identity in order to purchase certificates from a number of certificate authorities.
- Put Capsicum to use.
- Put HiStar to use.
- seL4 port of Ethos interfaces ♦♦♦
- Implement Ethos on top of the seL4 microkernel.
- Code auditing tools
- Implement a tool which takes as input a program and configuration and produces the lines of code which will run.
- Ethos applications
- Write Ethos applications and compare their security properties to their POSIX counterparts.
TLS service Using the lessons learned from Fahl, Georgiev, et al., develop a service-based TLS library.(Thank you, Leo St. Amour.)
- More study of OpenSSL and other APIs
- Study the patterns of API use. How many are accidental? How many are inherent to proper use? Does libtlssep cover them all?
- Linux kernel MinimaLT implementation
- Implement a MinimaLT module for the Linux kernel and figure out a user-space tie in.
SimpleFlow♦♦ Create a simple-flow-based security model for Linux.(Thank you, Jessie Lass and Ryan Johnson.)
General programming and administration proposals
- Add Grilo support to Kodi.
- Contribute to the great Yorba applications such as Geary, Shotwell, and California.
- Contribute to TikzEdt.
- Libdmapsharing, etc.
- Various tasks, including:
- fixing the DACP (i.e., iOS Remote) support in libdmapsharing,
- auditing libdmapsharing and dmapd, and
- adding DPAP support to GNOME Photos.
- Awesome window manager
- Various tasks, including:
- support for opening a new terminal using a current working directory which matches an existing terminal,
- easy command-line emailing with attachments,
- unified up-arrow histories across all bash instances, and
- Khal notifications.
- Small devices
- Improvements to Golem, Siren, and Sprite, including:
- support for encrypted NFSv4,
- use of LDAP/Kerberos in Dovecot and Postfix,
- certificate-based logins,
- improved use of watchdogs,
- more multiplatform network shares (e.g., WebDAV and SMB),
- better DVD support,
- a user-configurable SPAM filter, and
- integrated support for console-video-game emulation.
- Survey virtualization platforms
Approximate security and systems conference schedule
|USENIX Enigma||Late January|
|USENIX Security Deadline||Mid February|
|SOSP Deadline (biennial)||Late March|
|Blackhat Deadline||Mid April|
|NSPW Deadline||Late April|
|OSDI Deadline (biennial)||Early May|
|ACM CCS Deadline||Mid May|
|IEEE S&P||Late May|
|ACSAC Deadline||Early June|
|IEEE SecDev Deadline||Late June|
|USENIX Security||Mid August|
|USENIX Enigma Deadline||Late August|
|SOSP (biennial)||Early October|
|ACM CCS||Mid October|
|EuroSys Deadline||Mid October|
|IEEE SecDev||Early November|
|OSDI (biennial)||Early November|
|IEEE S&P Deadline||Mid November|
|ASPLOS Deadline||Mid November|