Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

Research Statement - Microsoft Research

advertisement 
Shuo Chen – Research Statement
Research Statement
Computer Science and Engineering is a fascinating discipline where the research questions
are driven by unleashed imaginations. It is for this reason that the breadth and the depth of the
knowledge base, as well as a strong theoretical foundation, represent the core merits of an
outstanding Ph.D. These are the objectives of my graduate study. I am a research assistant in the
DEPEND group led by Prof. Ravi Iyer. The thrust of the group is the systems research for trusted
computing, with the primary focuses on dependability and security.
My thesis research spans a broad range of security topics, including security vulnerabilities,
security threat modeling/measurement, formal security properties verification, novel attacks, and
ultimately defense techniques at compiler, operating system and processor architecture levels.
The research is unique because of its analysis-centric approach: I dedicated a significant amount
of effort to analyze real-world security vulnerabilities and uncover deficiencies in current
defensive techniques. The obtained in-depth knowledge naturally drives the proposals of better
defensive techniques. The contributions of my research are two-folded: (1) demonstration of
systematic approaches for analyzing and reasoning about system security, (2) design of security
defensive techniques of high effectiveness and practical relevance.
Thesis Research
My thesis consists of the following major phases.
Analysis and Modeling of Security Vulnerabilities. Both hardware transient faults and
software programming errors can result in secuity vulnerabilities. To study the impact of
hardware transient faults on security, I (in collaboration with another student in the group)
conducted fault injection experiments on network server programs and the Linux kernel firewall
facility, and observed a non-negligible probability that attacker break-ins and malicious packet
penetrations result from random memory errors. A stochastic activity network (SAN) model was
built to estimate the frequency of the secuity compromises in an operational system. To study the
common characteristics of programming errors leading to security vulnerabilities, I investigated
Bugtraq and CERT vulnerability databases and corresponding application source code. A finite
state machine model was developed to decompose each vulnerability into a series of primitive
operations, each indicating a simple predicate that should be guaranteed by the application code.
The model offers a representation approach with a higher degree of formalism in reasoning about
security vulnerability. The practical usefulness is shown by the fact that during the process of
modeling an HTTP server, I discovered a remotely exploitable vulnerability, now published in
Bugtraq (Bugtraq #6255).
Analysis of Current Security Defensive Techniques. The fact that a security vulnerability can
be decomposed to primitive operations and that random memory errors can lead to security
compromises suggest that many types of critical data can be the targets of the prevalent memory
corruption attacks, including buffer overflow, format string, double free, and integer overflow
attacks. This leads to the following observation: it may not be valid for many current defensive
techniques to assume that protecting only control data is sufficient in defeating memory
corruption attacks. We construct several real attacks against HTTP, FTP, SSH and Telnet servers
to show the validity of our observation. These attacks corrupt configuration data, user identity
data, user input strings and decision-making flags, rather than control data. They evade the
detections of many current techniques, such as system call based intrusion detection systems and
control data protection techniques. The vulnerabilities in the above server programs constitute a
significant portion of CERT-reported vulnerabilities. Therefore, non-control data attacks
represent a realistic security threat to operational systems even with the current defensive
techniques in place.
Shuo Chen – Research Statement
Novel Static and Dynamic Defensive Techniques. Defeating security attacks requires the
definition of abnormal program behaviors when attacks are undertaken. I introduce the notion of
pointer taintedness as the basis to detect memory corruption attacks. A pointer is said to be
tainted if the pointer value comes directly or indirectly from user input. Pointer taintedness allows
the user to arbitrarily specify the target memory address to read, write or transfer control to,
which is usually a pathological program behavior. On the other hand, the attacker’s ability to taint
a pointer value is a crucial requirement for all types of memory corruption attacks. Based on the
notion of pointer taintedness, I developed a theorem proving technique to identify potential
security vulnerabilities via static source code analysis. In addition, a processor architecture
solution for dynamic pointer taintedness detection is proposed and implemented on SimpleScalar
processor simulator. The proposed algorithm can effectively detect both control data and noncontrol data attacks. Our evaluation shows that it offers better security coverage than existing
methods.
Industrial Research Experiences
Besides the thesis research in Illinois, I cherish the precious opportunities of working in
industrial laboratories and collaborating with different researchers in order to broaden the
knowledge in security areas and possess a stronger capability in systems research. My internship
projects (in Avaya Labs, Lucent Bell Labs and Microsoft Research) address several security
topics including buffer overflow defense, network denial of service attacks, access control
scheme and Kerberos authentication, which are briefly described in the curriculum vitae.
Accomplishments of the projects require in-depth knowledge about the internals of operating
systems and strong development skills. The projects are of significant research and practical
values. For example, my recent internship in Microsoft Research addressed the issue that many
Windows applications unreasonably refuse to execute without administrator’s privileges, which
causes the realistic pressure for many users to always logon to Windows as administrators. I
designed and implemented a tool to effectively solve this problem. The research results in a paper
in a well-recognized security conference, and the strong interests from Microsoft product teams. I
believe the industrial experiences will benefit my future career in academia.
Future Research Plans
A short term research goal is to further develop the pointer taintedness detection algorithm. I
am working on providing a higher degree of automation for the theorem proving technique. A
compiler technique can be developed to automatically insert assertions generated by the theorem
prover into the object code to transparently enhance the security guarantee. Although my thesis
research has shown the effectiveness of pointer taintedness detection on the architecture level, I
plan to achieve the same effectiveness at software level for easy deployment. I will continue the
difficult but fruitful task of data analysis. It is valuable to understand how a security vulnerability
is initially discovered, how the vendor patches the vulnerability and how effective the patch is.
An exciting topic is to investigate the historical trend in our battle against attackers. The results
can benefit the whole security community if they are backed up with a convincing data analysis.
For long-term research, I envision a number of potential topics: (1) to develop a consolidated
validation technique for both security and dependability, based on theorem proving, model
checking, stochastic modeling and automatic fault/attack generation techniques, (2) to build a
realistic operational test-bed for security measurements and attack experiments. I believe that a
network with real vulnerabilities, representative protection measures and typical workloads is an
ideal environment to conduct security measurements, (3) to explore a broader spectrum of
problems, including network denial of service, protocol weakness, trust relations in mobile
computing, accountability in authentication and the incompatibilities between security and system
Shuo Chen – Research Statement
functionality. Most topics are studied in my internship projects, and I would like to explore them
deeper.
I fully understand the importance of collaborative teamwork in systems research and look
forward to collaborating with researchers in compiler, distributed systems, networking, operating
systems, architecture and formal verifications.
Your research lab offers an excellent environment for the growth of a fresh Ph.D graduate. I
am sure that joining your group is a crucial step in my career.
Related documents
Lecture 3
Lecture 3
Syllabus
Syllabus
Syllabus
Syllabus
Abstract
Abstract
Computer Security: Principles and Practice, 1/e
Computer Security: Principles and Practice, 1/e
A graph-based system for network
A graph-based system for network
Digital vulnerabilitz atlas of South Asia [PPT, 2.05
Digital vulnerabilitz atlas of South Asia [PPT, 2.05
Control Data Attack - Microsoft Research
Control Data Attack - Microsoft Research
Strider Security Check Tracing
Strider Security Check Tracing
Defeating Memory Corruption Attacks via Pointer Taintedness Detection Shuo Chen ,
Defeating Memory Corruption Attacks via Pointer Taintedness Detection Shuo Chen ,
Download
advertisement