I am a Louis A. Beecherl, Jr. Distinguished Professor (endowed chair) of Computer Science at UTD, and the Executive Director of UTD's Cyber Security Research and Education Institute. My research concerns language-based security, which leverages programming language theory and compiler design to enforce software security. Technical interests include binary software hardening, cyberdeception, malware defense, cloud/web/mobile security, model-checking, automated theorem proving, certifying compilers, and type-safe intermediate languages. I received my M.S. and Ph.D. degrees from Cornell University where my doctoral research concerned Language-Based Security For Malicious Mobile Code, and my B.S. degree from Carnegie Mellon University where I was involved in the Fox Project.
My research is supported by grants from the U.S. Air Force Office of Scientific Research (AFOSR), National Science Foundation (NSF), Office of Naval Research (ONR), Army Research Laboratory, Defense Advanced Research Projects Agency (DARPA), National Security Agency (NSA), Lockheed Martin, Intelligent Automation Inc., Siege Technologies, RAM Laboratories Inc., and Trusted Science & Technology.
Selected News Stories
University Fools Hackers into Sharing Tactics Researchers at the University of Texas have found a way to bamboozle malicious hackers into giving away their secrets. ...
Author: Sarah Coble
AI-powered Honeypots: Machine Learning May Help Improve Intrusion Detection Forget crowdsourcing, here's crooksourcing. Computer scientists in the US are working to apply machine learning techniques in order to develop more effective honeypot-style cyber defenses. ...
Author: John Leyden
Computer Scientists' New Tool Fools Hackers into Sharing Keys for Better Cybersecurity Instead of blocking hackers, a new cybersecurity defense approach developed by University of Texas at Dallas computer scientists actually welcomes them. ...
Author: Kim Horner
Book
Autonomous Cyber Deception: Reasoning, Adaptive Planning, and Evaluation of HoneyThings Provides comprehensive coverage of adaptive cyber deception in many aspects, including theory and practice, sense-making and decision making, and network and system perspectives
Publisher: Springer, 2019
Featured Publications
Binary Control-flow Trimming Many commercial software products are bloated with features average users don't need (or even know about), and that pose unnecessary security risks. Binary trimming automatically removes unwanted bloat without relying on source code.
Title: Binary Control-Flow Trimming
Venue: ACM CCS, 2019 (tier-1)
Confirming Code Flow Security Controls ConFIRM is the first test suite for evaluating compatibility of control-flow integrity defenses with modern software.
Title: ConFIRM: Evaluating Compatibility and Relevance of Control-flow Integrity Protections for Modern Software
Venue: USENIX Security, 2019 (tier-1)
Turning Graphics Cards into Security Guards We invented a method for harnessing GPUs to watch and secure Java programs through n-variant parallel computation.
Title: Better Late Than Never: An n-Variant Framework of Verification for Java Source Code on CPU×GPU Hybrid Platform
Venue: HPDC, 2019 (tier-1)
Crook-Sourcing Gathering large volumes of current, relevant attack data is a bottleneck for training many computer defenses. Rather than laboriously collecting such data manually, we “crook-source” the task by turning attackers into unwitting penetration testers, and using the collected data for perimeter hardening.
Title: Improving Intrusion Detectors by Crook-sourcing
Venue: ACSAC, 2019
SEISMIC Detection of Cryptojacking Attacks Detecting illicit cryptocurrency mining in web browsers is now more reliable thanks to “SEISMIC” (SEcure In-lined Script Monitors for Interrupting Cryptojacks), which monitors web assembly computations to detect the echoes of unauthorized cryptomining activity.
Title: SEISMIC: SEcure In-lined Script Monitors for Interrupting Cryptojacks
Venue: ESORICS, 2018
Object Flow Integrity Our invention of OFI allows binary code consumers to automatically harden large, closed-source, component-driven software products against hijacking attacks, which are among the most prevalent software cybersecurity threats today.
Title: Object Flow Integrity
Venue: ACM CCS, 2017 (tier-1)
Opaque Control-Flow Integrity This new form of control-flow integrity security defeats adversaries who have full read-access to the victim program's code, heap, and stack during the attack.
Title: Opaque Control-Flow Integrity
Venue: NDSS, 2015 (tier-1, NSF IUCRC Technology Breakthrough Award)
Honey-Patching This cyberdeception innovation turns security patches into honey-patches—cyber traps that lead attackers astray, feed them disinformation, and fool them into divulging critical threat intel to defenders.
Title: From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation
Venue: ACM CCS, 2014 (tier-1, CSAW Best Applied Security Paper of the Year: 2nd prize)
Cyberdeceptive Software Engineering Our enhancements to the LLVM C-compiler produce software that automatically replaces its data with fakes during cyberattacks, luring criminals into traps.
Title: Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception
Venue: USENIX Security, 2015 (tier-1)
Superset Disassembly Binary programs are like puzzles that must be carefully disassembled and reassembled to modify them. Our inventions of superset disassembly, shingled disassembly, and machine learning-based disassembly solve these difficult puzzles to augment software with stronger security.
Title: Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics
Venue: NDSS, 2018 (tier-1)
REINS: REwriting & IN-lining System Our research was the first to achieve fully automated, machine-verified software fault isolation of source-free commodity code for Linux and Windows.
Title: Securing Untrusted Code via Compiler-Agnostic Binary Rewriting
Venue: ACSAC, 2012 (Best Student Paper Award)
STIR: Self-Transforming Instruction Relocation Binary stirring blocks software hijacks by randomizing the code's internal structure every time it loads, making it so unpredictable that code-reuse attacks fail with astronomically high probability.
Title: Binary Stirring: Self-randomizing Instruction Addresses of Legacy x86 Binary Code
Venue: CCS, 2012 (tier-1, CSAW Best Applied Security Paper of the Year Award: 2nd prize)
Frankenstein In 2012 we warned the world that conventional antivirus protections were perilously vulnerable to a new malware mutation technique that we dubbed Frankenstein.
Title: Frankenstein: Stitching Malware from Benign Binaries
Venue: USENIX WOOT, 2012 (headlines in hundreds of popular news outlets, including The Economist and New Scientist)
Current Ph.D. and Post-doctoral Students
- Charles Averill
- Ilan Buzzeti
- Saquib Irtiza
Graduated Ph.D. Students
- Gilmore Lundquist
- Mahmoud Zamani
- Shamila Wickramasuriya (now at JP Morgan Chase & Co)
- Jun Duan (graduated May 2021)
- Masoud Ghaffarinia (graduated May 2020, now at Google)
- Xiaoyang Xu (graduated May 2020, now at Google)
- Eric Bauman (graduated May 2019)
- Gbadebo Ayoade (graduated December 2019, now at Google)
- Wenhao Wang (graduated May 2019, now at Google)
- Khaled Al-Naami (graduated December 2017, now at Salesforce)
- Frederico Araujo (graduated August 2016, now at IBM T.J. Watson)
- Vishwath Mohan (graduated December 2014, now at Google)
- Meera Sridhar (graduated August 2014, now at U. North Carolina at Charlotte)
- Safwan Khan (graduated December 2013, now at eBay Microsoft Azure)
- Richard Wartell (graduated December 2012, now at Mandiant Facebook)
- Sunitha Ramanujam (graduated December 2011, now at Citigroup)
- Micah Jones (graduated December 2011, now at L-3 Communications Credera)