I am a Eugene McDermott Professor (endowed chair) of Computer Science at UTD, and a Senior Technical Advisor of UTD's Cyber Security Research and Education Institute. My research concerns language-based security, which leverages programming language theory and compiler design to enforce software security. Technical interests include binary software hardening, cyberdeception, malware defense, cloud/web/mobile security, model-checking, automated theorem proving, certifying compilers, and type-safe intermediate languages. I received my M.S. and Ph.D. degrees from Cornell University where my doctoral research concerned Language-Based Security For Malicious Mobile Code, and my B.S. degree from Carnegie Mellon University where I was involved in the Fox Project.
My research is supported by grants from the U.S. Air Force Office of Scientific Research (AFOSR), National Science Foundation (NSF), Office of Naval Research (ONR), Army Research Laboratory, Defense Advanced Research Projects Agency (DARPA), Lockheed Martin, and Intelligent Automation, Inc.
Autonomous Cyber Deception: Reasoning, Adaptive Planning, and Evaluation of HoneyThings Provides comprehensive coverage of adaptive cyber deception in many aspects, including theory and practice, sense-making and decision making, and network and system perspectives
Publisher: Springer, 2019
Binary Control-flow Trimming Many commercial software products are bloated with features average users don't need (or even know about), and that pose unnecessary security risks. Binary trimming automatically removes unwanted bloat without relying on source code.
Title: Binary Control-Flow Trimming
Venue: ACM CCS, 2019 (tier-1)
Confirming Code Flow Security Controls ConFIRM is the first test suite for evaluating compatibility of control-flow integrity defenses with modern software.
Title: ConFIRM: Evaluating Compatibility and Relevance of Control-flow Integrity Protections for Modern Software
Venue: USENIX Security, 2019 (tier-1)
Turning Graphics Cards into Security Guards We invented a method for harnessing GPUs to watch and secure Java programs through n-variant parallel computation.
Title: Better Late Than Never: An n-Variant Framework of Verification for Java Source Code on CPU×GPU Hybrid Platform
Venue: HPDC, 2019 (tier-1)
Crook-Sourcing Gathering large volumes of current, relevant attack data is a bottleneck for training many computer defenses. Rather than laboriously collecting such data manually, we “crook-source” the task by turning attackers into unwitting penetration testers, and using the collected data for perimeter hardening.
Title: Improving Intrusion Detectors by Crook-sourcing
Venue: ACSAC, 2019
SEISMIC Detection of Cryptojacking Attacks Detecting illicit cryptocurrency mining in web browsers is now more reliable thanks to “SEISMIC” (SEcure In-lined Script Monitors for Interrupting Cryptojacks), which monitors web assembly computations to detect the echoes of unauthorized cryptomining activity.
Title: SEISMIC: SEcure In-lined Script Monitors for Interrupting Cryptojacks
Venue: ESORICS, 2018
Object Flow Integrity Our invention of OFI allows binary code consumers to automatically harden large, closed-source, component-driven software products against hijacking attacks, which are among the most prevalent software cybersecurity threats today.
Title: Object Flow Integrity
Venue: ACM CCS, 2017 (tier-1)
Opaque Control-Flow Integrity This new form of control-flow integrity security defeats adversaries who have full read-access to the victim program's code, heap, and stack during the attack.
Honey-Patching This cyberdeception innovation turns security patches into honey-patches—cyber traps that lead attackers astray, feed them disinformation, and fool them into divulging critical threat intel to defenders.
Title: From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation
Venue: ACM CCS, 2014 (tier-1, CSAW Best Applied Security Paper of the Year: 2nd prize)
Cyberdeceptive Software Engineering Our enhancements to the LLVM C-compiler produce software that automatically replaces its data with fakes during cyberattacks, luring criminals into traps.
Title: Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception
Venue: USENIX Security, 2015 (tier-1)
Superset Disassembly Binary programs are like puzzles that must be carefully disassembled and reassembled to modify them. Our inventions of superset disassembly, shingled disassembly, and machine learning-based disassembly solve these difficult puzzles to augment software with stronger security.
Title: Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics
Venue: NDSS, 2018 (tier-1)
REINS: REwriting & IN-lining System Our research was the first to achieve fully automated, machine-verified software fault isolation of source-free commodity code for Linux and Windows.
Title: Securing Untrusted Code via Compiler-Agnostic Binary Rewriting
Venue: ACSAC, 2012 (Best Student Paper Award)
STIR: Self-Transforming Instruction Relocation Binary stirring blocks software hijacks by randomizing the code's internal structure every time it loads, making it so unpredictable that code-reuse attacks fail with astronomically high probability.
Title: Binary Stirring: Self-randomizing Instruction Addresses of Legacy x86 Binary Code
Venue: CCS, 2012 (tier-1, CSAW Best Applied Security Paper of the Year Award: 2nd prize)
Frankenstein In 2012 we warned the world that conventional antivirus protections were perilously vulnerable to a new malware mutation technique that we dubbed Frankenstein.
Title: Frankenstein: Stitching Malware from Benign Binaries
Venue: USENIX WOOT, 2012 (headlines in hundreds of popular news outlets, including The Economist and New Scientist)
Current Ph.D. Students
- Gbadebo Ayoade
- Erick Bauman
- Jun Duan
- Dakota Fisher
- Masoud Ghaffarinia
- Gilmore Lundquist
- Shamila Wickramasuriya
- Xiaoyang Xu
Graduated Ph.D. Students
- Wenhao Wang (graduated May 2019, now at Google)
- Khaled Al-Naami (graduated December 2017, now at Salesforce)
- Frederico Araujo (graduated August 2016, now at IBM T.J. Watson)
- Vishwath Mohan (graduated December 2014, now at Google)
- Meera Sridhar (graduated August 2014, now at U. North Carolina at Charlotte)
- Safwan Khan (graduated December 2013, now at eBay Microsoft Azure)
- Richard Wartell (graduated December 2012, now at Mandiant Facebook)
- Sunitha Ramanujam (graduated December 2011, now at Citigroup)
- Micah Jones (graduated December 2011, now at L-3 Communications Credera)
- CS 6301-002: Language-based Security (Fall 2019)
- CS 6371: Advanced Programming Languages (Spring 2019)
- CS 6301-004: Language-based Security (Fall 2018)
- CS 6371: Advanced Programming Languages (Spring 2018)
- CS 6301-002: Language-based Security (Fall 2017)
- CS 6371: Advanced Programming Languages (Spring 2017)
- CS 6301-002: Language-based Security (Fall 2016)
- CS 6371: Advanced Programming Languages (Spring 2016)
- CS 6301-002: Language-based Security (Fall 2015)
- CS 6371: Advanced Programming Languages (Spring 2015)
- CS 6301-005: Language-based Security (Fall 2014)
- CS 6371: Advanced Programming Languages (Spring 2014)
- CS 6301-006: Language-based Security (Fall 2013)
- CS 6371: Advanced Programming Languages (Spring 2013)
- CS 4384: Automata Theory (Fall 2012)
- CS 6V81-003: Language-based Security (Fall 2012)
- CS 6371: Advanced Programming Languages (Spring 2012)
- CS 4384: Automata Theory (Fall 2011)
- CS 6371: Advanced Programming Languages (Spring 2011)
- CS 7301-002: Language-based Security (Spring 2011)
- CS 4384: Automata Theory (Fall 2010)
- CS 6371: Advanced Programming Languages (Spring 2010)
- CS 4485: Computer Science Project (Fall 2009)
- CS 6371: Advanced Programming Languages (Fall 2009)
- CS 4485: Computer Science Project (Spring 2009)
- CS 6371: Advanced Programming Languages (Spring 2009)
- CS 6371: Advanced Programming Languages (Fall 2008)
- CS 6V81: Language-based Security (Spring 2008)
- CS 6371: Advanced Programming Languages (Fall 2007)
- CS 7301: Seminar on Language-based Security (Spring 2007)