Stony Brook University Logo Department of Computer Science Stony Brook Search Button
Secure Systems Lab

OS, Virtualization and Transparent Runtime Techniques

One of the principal challenges in security is that of securing the large base of existing software. This necessitates the development of transparent runtime techniques that can enhance the security of third-party applications without requiring source-code changes or even a recompilation. The principal mechanisms for realizing such security enhancements include:

  • System-call interception. Since every security-relevant action needs to be ultimately effected via a system call, security of benign applications can be enhanced by monitoring system calls, and detecting anomalies that may be indicative of exploits. System-call monitoring could also be used to sandbox untrusted applications. We have developed a number of intrusion detection and and policy enforcement techniques based on system-call interposition, and developed efficient and portable techniques for this task.

  • Library and/or network interposition. Another way to transparently monitor and/or alter COTS behavior is to intercept (and possibly alter) the library calls made by (or the network traffic from) the COTS application. Several of our techniques exploit library (rather than system-call) interposition where appropriate (i.e., it is secure, and provides a more convenient interface.)

  • OS enhancements and virtualization techniques. An alternative to library or system-call interposition is that of implementing security enhancements in the operating system. For instance, our safe-execution environments isolate untrusted programs by using file system virtualization, whereas our VNetLab research relies on datalink layer virtualization for providing strong isolation between networks used for security experiments, while still enabling these networks to be accessed remotely.

Related Publications

[1]  eAudit: A Fast, Scalable and Deployable Audit Data Collection System
R. Sekar, Hanke Kimm and Rohit Aich
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2024. (Software release).
[2]  A New Tag-Based Approach for Real-Time Detection of Advanced Cyber Attacks
Md Nahid Hossain
PhD Dissertation (Stony Brook University) January, 2022.
[3]  Efficient Audit Data Collection for Linux
Rohit Aich
Master's Thesis (Stony Brook University) August, 2021.
[4]  Securing Web Applications
Riccardo Pelizzi
PhD Dissertation (Stony Brook University) May, 2016.
[5]  Hardening OpenStack Cloud Platforms against Compute Node Compromises
Wai-Kit Sze, Abhinav Srivastava and R. Sekar
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2016.
[6]  Enhancing Multi-user OS with Network Provenance for Systematic Malware Defense
Wai-Kit Sze
PhD Dissertation (Stony Brook University) May, 2016.
[7]  JaTE: Transparent and Efficient JavaScript Confinement
Tung Tran, Riccardo Pelizzi and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2015.
[8]  Provenance-based Integrity Protection for Windows
Wai-Kit Sze and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2015.
[9]  Harbormaster: Policy Enforcement for Containers
Mingwei Zhang, Daniel Marino and Petros Efstathopoulos
IEEE CloudCom (CloudCom) November, 2015.
[10]  Towards More Usable Information Flow Policies for Contemporary Operating Systems
Wai-Kit Sze, Bhuvan Mital and R. Sekar
ACM Symposium on Access Control Models and Technologies (SACMAT) June, 2014.
Honorable mention for Best paper.
[11]  Comprehensive Integrity Protection for Desktop Linux (Demo)
Wai-Kit Sze and R. Sekar
ACM Symposium on Access Control Models and Technologies (SACMAT) June, 2014.
[12]  A Platform for Secure Static Binary Instrumentation
Mingwei Zhang, Rui Qiao, Niranjan Hasabnis and R. Sekar
Virtual Execution Environments (VEE) March, 2014.
[13]  A Portable User-Level Approach for System-wide Integrity Protection
Wai-Kit Sze and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2013.
[14]  Control Flow Integrity for COTS Binaries
Mingwei Zhang and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2013.
Best paper award!.
[15]  Protection, Usability and Improvements in Reflected XSS Filters
Riccardo Pelizzi and R. Sekar
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2012.
[16]  A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications
Riccardo Pelizzi and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2011.
[17]  Online Signature Generation for Windows Systems
Lixin Li, Jim Just and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2009.
[18]  Practical Techniques for Regeneration and Immunization of COTS Applications
Lixin Li, Mark R. Cornwell, E. Hultman, Jim Just and R. Sekar
Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS) June, 2009.
[19]  An Efficient Black-box Technique for Defeating Web Application Attacks
R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2009.
[20]  Alcatraz: An Isolated Environment for Experimenting with Untrusted Software
Zhenkai Liang, Weiqing Sun, V.N. Venkatakrishnan and R. Sekar
ACM Transactions on Information and System Security (TISSEC) January, 2009.
[21]  Expanding Malware Defense by Securing Software Installations
Weiqing Sun, R. Sekar, Zhenkai Liang and V.N. Venkatakrishnan
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.
[22]  V-NetLab: An Approach for Realizing Logically Isolated Networks for Security Experiments
Weiqing Sun, Varun Katta, Kumar Krishna and R. Sekar
Workshop on Cyber Security Experimentation and Test (in conjunction with USENIX Security) (CSET) July, 2008.
[23]  Practical Proactive Integrity Preservation: A Basis for Malware Defense
Weiqing Sun, R. Sekar, Gaurav Poothia and Tejas Karandikar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2008.
[24]  Address-Space Randomization for Windows Systems
Lixin Li, Jim Just and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2006.
[25]  Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models
Zhenkai Liang and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2005. (Supercedes Technical Report SECLAB-05-01 An Immune System Inspired Approach for Protection from Repetitive Attacks, March 2005.).
[26]  Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers
Zhenkai Liang and R. Sekar
ACM Conference on Computer and Communications Security (CCS) November, 2005. (Supercedes Technical Report SECLAB-05-02 Automated, Sub-second Attack Signature Generation: A Basis for Building Self-Protecting Servers, May 2005.).
[27]  V-NetLab: A Cost-Effective Platform to Support Course Projects in Computer Security
Kumar Krishna, Weiqing Sun, Pratik Rana, Tianning Li and R. Sekar
Annual Colloquium for Information Systems Security Education (CISSE) June, 2005.
[28]  Automatic Synthesis of Filters to Discard Buffer Overflow Attacks: A Step Towards Realizing Self-Healing Systems (Short Paper)
Zhenkai Liang, R. Sekar and Daniel DuVarney
USENIX Annual Technical Conference (USENIX) April, 2005.
[29]  One-way Isolation: An Effective Approach for Realizing Safe Execution Environments
Weiqing Sun, Zhenkai Liang, V.N. Venkatakrishnan and R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2005. (Revised version of conference paper).
[30]  Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs
Zhenkai Liang, V.N. Venkatakrishnan and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2003. Best paper award.
[31]  Model-Carrying Code: A Practical Approach for Safe Execution of Untrusted Applications
R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar and Daniel DuVarney
ACM Symposium on Operating Systems Principles (SOSP) October, 2003.
[32]  Experiences with Specification Based Intrusion Detection System
Prem Uppuluri and R. Sekar
Recent Advances in Intrusion Detection (RAID) October, 2001.
[33]  Model-Carrying Code (MCC): A New Paradigm for Mobile-Code Security
R. Sekar, C.R. Ramakrishnan, I.V. Ramakrishnan and Scott Smolka
New Security Paradigms Workshop (NSPW) September, 2001.
[34]  A Fast Automaton-Based~Method for Detecting Anomalous Program Behaviors
R. Sekar, Mugdha Bendre, Pradeep Bollineni and Dinakar Dhurjati
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2001.
[35]  Building Survivable Systems: An Integrated Approach based on Intrusion Detection and Damage Containment
Thomas Bowen, Dana Chee, Mark Segal, R. Sekar, Tushar Shanbhag and Prem Uppuluri
DISCEX (DISCEX) February, 2000.
[36]  User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement
Kapil Jain and R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2000.
Overview

Research Areas

Source-code analysis/transformation
Binary analysis/rewriting
Policy/Specification Languages
OS and Virtualization Techniques
Algorithms
Learning/anomaly detection
Formal methods/Foundations


Research Problems

Randomization/Memory Errors
Information flow analysis
Automated Exploit Defenses
Virtual Network Lab
Safe execution/attack recovery
Automated signature generation
Malware/Untrusted code defense
Intrusion/Anomaly detection
Fast packet matching
Policy generation tools


Local Search



Home Contact NSI Computer Science Stony Brook University

Copyright © 1999-2013 Secure Systems Laboratory, Stony Brook University. All rights reserved.