Overview and Current Interests
My cybersecurity research group has discovered a number of new classes of attacks and introduced novel defenses for systems, networks, and software. This work draws on a diverse set of techniques, including static and dynamic code analysis, machine learning, and applied cryptography.
Read on for more about my current research interests.
A major focus of my group's current work and collaborations is on the security of large language models (LLMs) and agentic AI. Agentic AI is a particularly significant example of LLM-equipped systems. Agents use an LLM to autonomously execute an iterative thought-action-observation loop, orchestrating a rich environment of tools and other resources to satisfy high-level user commands.
The integration of LLMs into systems without sufficient regard for security introduces unforeseen attack surfaces and invalidates existing security models. For example, in collaboration with Profs. Nita-Rotaru and Oprea, we have demonstrated indirect prompt injection attacks against LLM-based execution planning despite the adoption of a security architecture to isolate the LLM from sources of untrusted data. We have also introduced a new LLM security architecture called ACE, for abstract-concrete-execute, that provides strong security guarantees for LLM-based system planning and execution.
Preemptively finding and removing vulnerabilities in software before they can be exploited by attackers remains a challenging problem. My group's recent work has focused both on analysis platforms for hard targets as well as novel testing techniques.
Penguin is a firmware analysis platform that uses information about the target to dynamically generate rehosting environments. These environments are iteratively optimized with respect to a execution fitness function, resulting in a significantly improved success rate for automatically rehosting embedded systems versus existing platforms.
HotFuzz is a fuzzing technique for automatically discovering temporal and spatial denial-of-service vulnerabilities in Java programs. HotFuzz uses micro-fuzzing, a genetic algorithm that generates program environments as test cases for method-level fuzz testing on a JVM instrumented to collect space and time measurements during execution. Environments that trigger potential vulnerabilities are then synthesized as concrete test cases and replicated to confirm the vulnerability.
Neural networks have become a popular basis for state-of-the-art binary function similarity detection techniques. Binary function similarity has important applications in software supply chain analyses, malware analysis, and software hardening when source code is unavailable. However, while neural networks excel at learning to recognize syntactic patterns, they struggle when tasked with classifying semantic features not evident at the syntactic level. We built upon this insight to develop a black-box technique to scalably generate snippets of binary code that reliably produce false positives and false negatives in state-of-the-art binary similarity approaches. Using this technique, an attacker could subvert any downstream application of a compromised binary similarity detector given the ability to make small (e.g., 8 byte per snippet) modifications to the input binaries.
Intra-process memory isolation has become an increasingly popular objective for hardening software against exploitation. Achieving secure isolation in a multi-threaded process is notoriously difficult, however. To close this gap, we created ThreadLock, a defense that transparently isolates threads within existing programs using Intel memory protection keys. Our evaluation shows that thread isolation can be achieved for web servers and other real programs with zero modifications and little performance overhead (+1.06% in the worst case in our experiments).