Welcome! I am a Security Research Engineer in the Samsung KNOX security team at Samsung Research America, Mountain View, CA.
My broad research interests are in computer systems and security. I am particularly interested in the security of the lower layers of the software stack such as the OS kernel, hypervisors, and ARM TrustZone, and system-level software emulation (QEMU). I am also interested in software testing for security using techniques such as fuzz testing.
I previously obtained a PhD in Computer Science and Engineering at Penn State. My PhD dissertation looked at programs' interaction with the operating system they are deployed in, and how mismatches between programmer expectations of OS access control and the actual OS access control policies can affect security. My PhD advisor was Dr. Trent Jaeger.
In the past, I have worked on infrastructures for providing transparent verification of the cloud, ARM TrustZone-based kernel runtime monitoring, and analyzing security policies at multiple layers for mediation and consistency properties.
For more details, please see my publications or contact me .
*** LATEST ***
-
ARM TrustZone Emulation. ARM’s TrustZone technology is the basis for security of billions of devices worldwide, including Android smartphones and IoT devices. However, because only signed software can run in TrustZone, this means advances in dynamic analysis such as feedback-driven fuzz testing cannot be effectively applied to TrustZone software on real-world devices. To address this issue, we have created an emulator that runs the most widely used real-world TrustZone operating systems and the Trusted Applications that run on them. Using the emulator, we performed a large-scale dynamic analysis on over 190 real-world Trusted Applications, finding previously unknown vulnerabilities in roughly a quarter of them. This work will appear at the USENIX Security Symposium, 2020. A pre-print is available here.
Old news:
-
Our USENIX 2014 paper JIGSAW: Protecting Resource Access by Inferring
Programmer Expectations proposes a principled way to generate Process
Firewall rules to block resource access vulnerabilities. The intuition behind
rule generation is to infer programmer intentions using special \emph{filters}
they place in code to handle untrusted input and matching this intent with the
system configuration. A video of my presentation can be found
here.
-
Our Eurosys 2013 paper Process Firewalls: Protecting Processes During
Resource Access (PDF) proposes a
defense against attacks caused due to programs fetching improper resources from
the OS. Resources are managed by the OS, but current system call APIs do not
allow programs to sufficiently express their constraints during resource
access. In addition, current system call APIs for resource access are
complicated and inefficient. The Process Firewall is an extensible framework
(motivated by the network firewall) that uses rules to protect processes during
resource access. We show how the Process Firewall defends attacks without
requiring program code changes, and how it is more efficient than program
defenses.
-
Our USENIX Security 2012 paper STING: Finding Name Resolution
Vulnerabilities in Programs (PDF) proposes a novel
system-based black-box testing approach to find name resolution
vulnerabilities in programs by simulating adversarial actions on the
namespace, based on the insight that the system is the vector for such
vulnerabilities. A video of my presentation can be found
here.
-
Our ASIACCS 2012 paper Integrity Walls: Finding Attack Surfaces from
Mandatory Access Control Policies (PDF) shows how accurate location
of attack surfaces of programs requires program entry points to be considered
in relation to system access control policies.
- Our EC2ND 2011 paper A Rose by Any Other Name or an Insane Root? Adventures in Name Resolution (PDF) categorises attacks possible due to adversarial control of system namespaces that are not expected by programs.