Electrical & Computer Engineering
Computer Science
University of Toronto
Contact Information
Public Calendar
Directions
OpenPGP
|
|
Assistant Professor Electrical & Computer Engineering Computer Science University of Toronto Contact Information Public Calendar Directions OpenPGP |
| Home | Research | Publications | Students | Biography |
I am currently pursuing research in the areas of security and mobile computing. Some of my current projects in these areas are listed below.
My research group is exploring the design of operating systems with the goal of improving host security. Our current projects include analysis and recovery of compromised systems, application-level virtualization and web browser security. We discuss research papers in security in our weekly security reading group.
When systems are compromised, current forensic techniques provide limited support for quickly and accurately analyzing the activities that have occurred in the past, making this operation both time-consuming and expensive. The goal of this project is to simplify and reduce the time needed to analyze intrusions. We have constructed an intrusion analysis system called Forensix that allows system administrators and security experts to quickly and easily track down sources of security incidents after they have happened. The key idea behind Forensix is to audit all system activities on a vulnerable system and store this data on a separate, highly secured system. Auditing all activities allows replaying and reconstructing any security incident, immaterial of the type of attack (e.g., attacks that are not known today but become known in the future!). Storing the audit data on a separate system reduces the possibility of tampering with the audit data. Forensix uses the audit data to provide several analysis tools.
Besides the ability to analyze exploits, Forensix provides a building block for recovering from an intrusion. Currently, recovering from an exploit may require the installation of a new system image that includes the operating system and all applications, installation of software patches that fix known vulnerabilities and retrieval of uncorrupted user data. Each of these steps is time-intensive and error prone. We have been working on a system called Taser that uses Forensix to reduce the time needed to recover from intrusions. Currently, a simple recovery method is to use a snapshot taken before an attack to revert the effects of all system activities since the intrusion. This method gets rid of all corrupted data, but it also gets rid of all data unrelated to the attack that was generated after the attack. All this data must then be retrieved and recovered separately. Taser helps automatically revert intrusion activity without affecting data that is unrelated to intrusions. It uses a taint analysis method on the Forensix audit log to determine suspicious sessions and activities that are related to the intrusion. It uses this analysis to selectively undo the effects of only these suspicious activities.
The Forensix project was originally started as part of the 4N6 project at OGI@OHSU in Portland, Oregon. Our Portland collaborators are Wu-chang Feng, David Maier, Jonathan Walpole and Wu-chi Feng. We have released Forensix and Taser (available as part of Forensix) under a GPL licence. The latest release of the code is available via svn at the Forensix Sourceforge web site.
While modern computer systems provide rich functionality by hosting a diverse set of software applications, this design may lead to a single vulnerable application being used to exploit the entire system. This problem occurs because applications can access resources that are shared across programs such as program libraries and configuration data. In particular, the file system provides a single shared namespace that when compromised can have cascading effects on the entire system. The changes made by the attacker can be closely intertwined with the changes made by regular users, making it difficult to determine the precise extent of the damage caused by the attack.
In this project, we are working on a transparent, application-level virtualization environment called Solitude for running untrusted network applications. The basic approach consists of using a restricted privilege, copy-on-write isolation file system that isolates the persistent data of each untrusted application. Since file sharing across applications is relatively uncommon, we use an explicit sharing method that is designed to limit the propagation of attacks without compromising existing application functionality.
Modern web browsers are commonly used for accessing and storing private information and running sophisticated applications such as online word processors, calendar, email, etc., that blur the distinction between the local desktop and the Internet. Yet, browser vulnerabilities are all too common today, and browsers have become the most common doorstep for malicious code aiming to subvert the user's system. Securing the rich browser-based client environment with traditional methods such as virus scanners and network firewalls is becoming ineffective, and simply disabling modern browser functionality (such as execution of third-party scripts and application extensions) is unacceptable to users because most well-known Internet sites depend on this functionality.
In this browser security project, we are exploring methods for isolating scripts and web browser extensions to limit the impact of vulnerabilities in the browser, and monitoring these components at run-time to enforce security policies. We are also investigating methods that can provide strong isolation between the user's interactions with different web services so that sensitive information is not leaked to malicious sites.
Mobile devices have enjoyed tremendous growth in recent years and this trend is expected to continue. Many of these mobile devices have some form of wireless communication ability, whether long range, such as cellular, or short range such as WiFi or Bluetooth, or both. My projects in this area have focused on using these communication devices to provide functionality not available in desktop environments. I have been pursuing this work in collaboration with Prof. Eyal de Lara.
In this project, we explored the idea of building a network based only on pair-wise contact between users. By using user mobility as a network transport mechanism, communication capability can be provided where there is no established network infrastructure, or it can be used to extend the reach of established infrastructure.
To collect user mobility data, we ran two user studies by giving instrumented PDA devices to groups of students to carry for several weeks. Our empirical data suggested that it is possible to make reasonable routing decisions based only on pair-wise contact, without previous knowledge of the mobility model or location information.
Consider two individuals sitting at a conference where there is no wireless access. If the two individuals wanted to share an email, they would not be able to do so because existing email applications are hard-coded to communicate with mail servers via the Internet.
In this project, we investigated a new networking framework called Haggle that enables applications to seamlessly operate in infrastructure as well as ad hoc modes. Haggle allows incorporating several protocols in routing, redirection, and naming, and it provides users the ability to take resource limitations such as power and cost into consideration. Haggle was a joint project with Intel Research, Cambridge, UK.
Mobile devices are increasingly being used to access the Internet, and to generate user-driven content such as digital photographs, blogs, etc. As the amount of such content continues to grow, users will need effective methods for sharing, finding and filtering "useful" content, especially in mobile and social settings. This problem is challenging because the user interfaces on mobile devices are typically small and difficult to use which makes it cumbersome to utilize standard sharing and searching modalities that work well on desktop systems.
In this project, we are working on a system called Stargate that allows using the multiple radios on a mobile device to establish a sense of environmental context (e.g., location, time, etc.) to enable sharing and filtering of user-generated content.
In this project, I explored various operating systems techniques needed to support time-sensitive applications that require low-latency response from the kernel and from other system-level services. These techniques are implemented in our Time-Sensitive Linux (TSL) system.
TCPivo is a tool that provides high-speed packet replay from a trace file using standard PC hardware and freely available open-source software. It uses Time-Sensitive Linux for precision timing. Latest release.
I have designed and developed a feedback-based CPU scheduler for adaptive multimedia as well as soft real-time applications. This scheduler in implemented in the Linux kernel over a proportion-period scheduler. The scheduler supports automatic assignment of allocations to processes based on application-specific progress information such as fill levels of buffers in a pipelined application.
As part of the Quasar project, I helped develop a prototype adaptive media streaming system. The streaming system supports dynamic mapping of user-level quality adaptation policies to priority assignments on data and adaptive real-time streaming over best-effort networks. This work is continuing as part of the Qstream and the Extreme Video projects.
I have developed a software oscilloscope tool for visualization of time-sensitive applications. It is used extensively at OGI for applications such as real-rate scheduler, Quasar video pipeline, Mxtraf network traffic generator. This tool is released as open source. Latest release.
| Last update on Dec 14 2007 | validate | Ashvin Goel |