Research Overview

I am an Assistant Professor in the Edward S. Rogers Department of Electrical and Computer Engineering and Department of Computer Science at the University of Toronto. I am affiliated with the Computer Group and the Computer Systems Lab. I received my Ph.D from Stanford University in 2004. My research interests span operating systems, computer architecture, formal verification and networking. Recently, my interests have focused on hardware and software support building secure and reliable computer systems. I like building systems and some projects I am currently working on include:

• Using Hypervisors to Secure Commodity Operating Systems: The hypervisor (otherwise known as a virtual machine monitor) is a privileged layer of software below the operating system kernel. Implementing security at this layer allows us to enhance a standard operating system without needing to modify or even have access to its source code. In addition, its high privilege level enables security mechanisms to tolerate a complete compromise of the operating system. So far, we have built several systems using hypervisors to enhance OS security. Proxos uses a hypervisor to allow applications to protect themselves in the event of an OS compromise. Both Manitou and Patagonix use a hypervisor to detect unwanted code on a computer system. Finally, our Sensors work leveraged a hypervisor to monitor honeypots, a type of computer used to study Internet attacks.
• Hardware Support for Security: With the cost of managing and security our computer systems rapidly outstripping the cost of purchasing computer hardware, it makes sense to dedicate some hardware to making computer systems more secure. Replicant explores the use of multi-core processors to detect and mitigate attacks on vulnerable software. Together the XOM architecture and the XOMOS propose a system where applications run on top of a untrusted operating system and place their trust in the processor hardware.
• Verifying and Measuring Security: I am interested in applying formal methods to both remove serious flaws from applications as well as attempt to quantify the relative security of an application. Two recent papers (HotSec'07 HotSec'08) propose methods to quantify software security: the first takes a contest-based approach while the second leverages formal verification technology. We have created the Verisec Security Benchmark suite and a buffer overflow detection tool called PtYasm. I have also performed a formal verification of the XOM architecture.

Selected Publications

• Lionel Litty, H. Andrés Lagar-Cavilla and David Lie. Hypervisor Support for Identifying Covertly Executing Binaries. In Proceedings of the 17th USENIX Security Symposium. Pages 243-258. July, 2008.
• Thomas E. Hart, Marsha Chechik, and David Lie. Security Benchmarking using Partial Verification. In Proceedings of the 3rd Workshop on Hot Topics in Security (HotSec 2008). July, 2008
• Jesse Pool, Ian Sin and David Lie. Relaxed Determinism: Making Redundant Execution on Multiprocessors Practical. In Proceedings of the 11th Workshop on Hot Topics in Operating Systems (HotOS 2007).
• Richard Ta-Min, Lionel Litty and David Lie. Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2006). Pages 279-292. November, 2006.
• David Lie, Chandramohan Thekkath and Mark Horowitz. Implementing an Untrusted Operating System on Trusted Hardware. In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003). October, 2003. Best Paper Award!
• A complete list of publications can be found here.

Teaching

Current:

• ECE352F: Computer Organization (Fall 2008)
• ECE1724: Industry Perspectives on Practical Problems in Computer Security, Co-taught with Dr. Reiner (Spring 2009).

Past:

• ECE341F: Computer Organization
• ECE568: Computer Security
• ECE352: Computer Organization
• ECE1776: Computer Security, Cryptography and Privacy

Students

I am looking for motivated students who enjoy building software/hardware systems. If you are an admitted ECE or CS graduate student, please e-mail me for a meeting. If you are interested in applying for graduate studies, please go here and look under "Graduate Studies" for the application procedure. You can find information on my current students here.

Professional Activities

I am currently on the program committee for:

• 18th USENIX Security Symposium (2009)
• IEEE Symposium on Security and Privacy (Oakland 2009)
• Symposium on Operating Systems Design and Implementation (OSDI 2008)

In the past, I have served on the program committee for:

• 17th USENIX Security Symposium (2008)
• 1st Workshop on Architectural and System Support for Improving Software Dependability (ASID 2006)
• Workshop on Architectural Support for Security and Anti-Virus (WASSA 2004)