- Attack Signature Generation for Vulnerable Web Services - Generates a signature for an attack when the exploit
and the vulnerable application are both made available. It first generates an instruction trace of the vulnerable
program and then works with the program source to generate a signature program to capture the attack context and payloads.
It reduces the signature size by analyzing server responses. It also extends the infrastructure to generate signatures
for attacks that target distributed applications such as web services. Currently, it supports signature generation
For buffer overflow and web application attacks.
- WASC: Intrusion Prevention and Repair in a Three-tier Web Service Architecture - It tracks information flow
across the three-tier web architecture, the open source LAMP -- Linux, Apache, MySQL, PHP/Perl -- in this case, and
hardens the system to prevent such web application attacks as (1) SQL injection attacks, (2) Cross-site scripting attacks,
(3) HTTP header injection attacks, and (4) Directory traversal attacks, even when arbitrary encodings are used by the
attacker. In addition, it supports post-intrusion repair of the back-end persistent storage with minimal colateral
damage should it be required.
- GIFT: A General dynamic Information Flow Tracking framework for Distributed Applications - A compiler-based framework
to support automatic information flow tracking at the run time for C language-based programs and interpreters. In addition,
it also supports information tracking through implicit flows and across process and/or machine boundaries. By
providing support for user-defined tags and their propagation rules, it becomes an important building-block for
ditributed systems security and management.
- SMM-Based Microvisor and Services - Studies system- and security-related services that a hypervisor can offer.
It builds an ultra-thin hypervisor, or simply a microvisor, using the system management mode (SMM) feature of
x86 processors as an infrastructure to support services. As a service, it provides a physical presence verification
system built using the microvisor, which can be deployed in a server environment to restrict malicious kernel
module loading by requiring an administrator to be physically
present in front of a console and approve it. The system guarantees to work even when the guest system has been
compromised through arbitrary kernel- and user-level rootkits.
- VDRS: A Virtualization-based Disaster Recovery Solution - A low-cost wide area disaster recovery solution that
is built on XEN virtual machine monitor (VMM) using a paravirtualized Linux kernel. It reduces cost by making use of
commodity software as much as possible and increases reliability by efficiently mirroring critical data over WAN. While
most typical disaster recovery solutions envisage local machine failure and try to backup their data within the LAN,
VDRS envisages a WAN failure and uses an asynchronous WAN mirroring combined with a local standby to deal with it.
- Featherweight Virtual Machine - A lightweight virtualization approach implemented at
the operating system layer to support multiple independent, isolated, easy-to-manipulate,
full-featured virtual machines. Such an architecture finds key applications in instrusion- and
fault-tolerant systems by enabling them to "try out" untrusted applications in a realistic
environment.
- FOOD: Foreign-code Detection - Builds a defence mechanism to guard against code-injection attacks
on Windows/X86 platform.
Unlike traditional methods, it does not use any code-obfuscation/encryption techniques to prevent
execution of foreign-code on behalf of a host process; rather it uses a fast interpretation
and instrumentation technique to accomplish the task. In addition, it adds a defense mechanism to
prevent return-to-libc attacks.
- BIRD: Binary Interpretation using Runtime Disassembly -
Architects a binary analysis and instrumentation infrastructure for Windows/x86 systems. It is
a very useful tool for securing systems by eliminating security vulnerabilities that occur due
to software bugs. In addition, it provides a generic infrastructure to build many other
security-related and debugging applications on top of it.
- Virtualization Technologies Survey - Studies and analyzes virtualization techniques in all its
connotations and offshoots. Further, it proposes a taxonomy for such technologies to help understand
them better and put them in perspective. It can be very useful in understanding future
innovations that fall in this umbrella of technologies.
- Low-power Computing - Attempts
to come up with an architecture for computing on mobile devices that are typically short on power.
It proposes a thin-client computation system using a modified version of traditional VNC protocol
to save power in a mobile device. It employs novel techniques to balance power consumption among
various devices to minimize the overall usage.
- Multi-user VNC - Designs and implements a multi-user version of the Windows VNC. Using a
frame-buffer virtualization technique, it aims to support multiple single-window clients (just like
a X window on UNIX) on multiple machines. It can have useful applications in areas like, terminal
services and low-power computing.
- Viking - Proposes a novel Ethernet
architecture for metropolitan area networks and cluster networks that uses a thin software layer on
commodity switches. Fast recovery from link failures and efficient link utilization are among the
features that enable Ethernet to scale beyond a traditional local area network.
- Linux Based Terminal Server - Proposes a design for a terminal server that is hosted on
Linux servers and is capable of providing access to both Windows and Linux applications. It
exploits a combination of technologies like WINE and VNC to accomplish the task. Extending it
to server clusters to address scalability issues are on the cards.
|
