Research Overview
I am an Associate Professor in the Edward S. Rogers Department of Electrical and Computer Engineering and Department of Computer Science at the University of Toronto where I am affiliated with the Computer Group. I received my M.S. and Ph.D from Stanford University and my B.A.Sc from Engineering Science at the University of Toronto.My research goal is to make computer systems safer and more reliable. With the large degree that computing has permeated our lives, from mobile smartphones to ubiquitous cloud computing, it is crucial that this infrastructure that we rely so heavily on be secure and reliable. I take a variety of approaches to achieving this goal, including techniques using operating systems, computer architecture, formal verification and networking. I like building prototypes with my students to demonstrate our ideas and some projects I am currently working on include:
- Smartphone Security and Reliability: In 2010, there were more Smartphones shipped than desktop PCs and the trend is continuing. For many users, the smart phone will be the main device they use to interact with the Internet. We are in an environment where users will likely own multiple devices that must all interact with each other, including a phone, a tablet, PCs and game consoles. To this end, I am interested in building smart phone operating systems and software that seeks to be secure, reliable and intuitive. We are working on building systems such as Unicorn and Mercury, which leverage the capabilities of smart phones to help protect users against malware and phishing. In addition, I believe smart phones themselves need to be secure, and our position paper argues why we need to develop entirely new classes of tools to help developers pick permissions for their applications. Following on that, we have developed PScout (source code and datasets here), a tool that extracts the permission specification from Android using static analysis. We have used PScout to perform a preliminary analysis of the Android permission system.
- Security in Cloud Computing: Cloud computing offers a new exciting form of service to users in need of compute infrastructure. It provides users a pay-as-you go model, and allows users to outsource costs such as management, power and cooling, procurement and provisioning. Unfortunately, cloud computing poses serious security concerns. Users want to ensure the security of their data and code while executing in the cloud. At the same time cloud providers want to protect their infrastructure from being abused. We elaborate on these issues in our HotOS paper, VEE paper, and our paper on location-based SLAs on cloud providers. We have also been exploring the use of trusted computing to protect user data stored in the cloud using a system called Unicorn. More recently we have been working on Unity, an untrusted cloud storage system, and H-One, and IaaS cloud auditing framework.
- Multicore Systems: With the increasing number of cores on modern processors, software developers will be forced to write concurrent programs to take advantage of the hardware and increase performance. I am interested in various issues concerning writing fast, reliable software for the next generation of multicore processors. One of the problems is that writing concurrent, threaded applications is hard to get write, and developers often forget to lock critical objects. Our system, Kivati, dynamically detects these bugs at run time and fixes them with less than 20% overhead. Kivati leverages hardware watchpoints and a set of optimizations to keep its detection and prevention overhead to a minimum. I'm also interested in improving security with multicores. Replicant explores the use of multicore processors to detect and mitigate attacks on vulnerable software.
Recent News
- January, 2013: I will have one or two summer undergraduate research positions open through the NSERC USRA program. 2nd and 3rd year students will be given preference. Please send me a copy of your transcript and a resume/CV if interested
- November, 2012: Kathy Au just successfully defended her MASc thesis and will be joining Google next year. Congratulations Kathy!
- September 26, 2012: We've made the PScout source code and permission maps available here. Hope you find them useful!
- August 15, 2012: We have two workshop papers at CCS this year. A paper on Unity, a system that provides secure cloud storage by Ben Kim and Wei Huang at CCSW 2012, and a paper on H-One, a IaaS cloud auditing proposal by Afshar Ganjali.
- July 20, 2012: Kathy's paper on Android permission analysis using PScout was accepted at CCS 2012! You can read about the tool and the analysis here.
- May, 2012: Phillipa Gill will be joining Stony Brook University as an assistant professor in 2013 after a post-doc in the Citizen Lab here at U of T. Congratulations Phillipa!
- March 1, 2012: I'm starting at 2.5 year stint as the Associate Chair of Graduate Studies for ECE at U of T. Wish me luck!
- February 6, 2012: The folks at UT Austin were nice enough to write a news article about Unicorn after my recent visit there.
- Click here for older news.
- August 21, 2011: Our position paper on how and why one should build tools to automatically populate permission lists for smartphone operating systems will appears at SPSM 2011.
- August 12, 2011: We have a cool paper at CCS this year introducing a novel technique, called two-factor attestation, which raises the bar against attacks that use malware or phishing to get at personal data. Read about Unicorn, our prototype system that demonstrates this idea.
- December 20, 2010: Lionel's paper on Patch Auditing in public clouds was accepted at VEE 2011! You can read the paper here.
- December 17, 2010: Mannan's paper on Mercury,
a system for secure
password recovery will appear at FC 2011.
In this paper, we describe a cool way to recover your password simply
and easily using a mobile phone.
- June 1, 2010: Phillipa's paper on subverting measurement-based IP geolocation was accepted at USENIX Security 2010! It turns out that they can be subverted, and that surprisingly, the more advanced and precise the technique, the more susceptible it is.
- February 8, 2010: Lee's paper on Kivati was accepted in EuroSys 2010! Kivati describes a system that leverages hardware watchpoints to quickly detect and prevent atomicity violations at run time.
- June 22, 2009: David Lie has been promoted to Associate Professor with tenure.
- March 20, 2009: Our paper on cloud computing security was accepted at HotOS 2009.
- March 19, 2009: I'm the Software Security Theme leader and member of the Scientific Advisor Board for the national ISSNet Strategic Network. See the official announcement for the NSERC Strategic Networks.
Selected Publications
- Ben Kim, Wei Huang and David Lie. Unity: Secure and Durable Personal Cloud Storage. In Proceedings of the ACM Cloud Computing Security Workshop (CCSW 2012). October 2012.
- Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang and David Lie. PScout: Analyzing the Android Permission Specification. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012). October 2012. [Download Source Code and Permission Maps]
- Afshar Ganjali and David Lie. Auditing Cloud Administrators Using Information Flow Tracking .In Proceedings of the Seventh ACM Workshop on Scalable Trusted Computing (STC 2012). October 2012.
- Mohammad Mannan, Beom Heyn Kim, Afshar Ganjali and David Lie. Unicorn: Two-Factor Attestation for Data Security. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011). October 2011.
- Mohammed Mannan, David Barrera, Carson Brown, David Lie, Paul van Oorschot. Mercury: Recovering Forgotten Passwords Using Personal Devices. In Proceedings of Financial Cryptography and Data Security 2011 (FC'11). February 2011.
- Lee Chew and David Lie. Kivati: Fast Detection and Prevention of Atomicity Violations. In Proceedings of the 2010 EuroSys Conference (EuroSys 2010), Pages 307-320. April 2010.
- Lionel Litty, H. Andrés Lagar-Cavilla and David Lie. Hypervisor Support for Identifying Covertly Executing Binaries. In Proceedings of the 17th USENIX Security Symposium. Pages 243-258. July 2008.
- Richard Ta-Min, Lionel Litty and David Lie. Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2006). Pages 279-292. November 2006.
- A complete list of publications can be found here.
Teaching
Current:Fall:
- ECE344: Operating Systems
- ECE353: Systems Software (Engineering Science)
- ECE341F: Computer Organization
- ECE568: Computer Security
- ECE352: Computer Organization
- ECE1776: Computer Security, Cryptography and Privacy
- ECE1724: Industry Perspectives on Practical Problems in Computer Security, Co-taught with Prof. Reiner (Spring 2009)
Students
Graduate Students: I am looking for motivated students who enjoy building software/hardware systems. If you take the time to read one of my papers and send me suggestions on follow-up work or improvements that you would be interested in pursuing, then you will definitely get a response from me. If you are interested in applying for graduate studies in ECE, please go here for the application procedure. I supervise students from ECE and CS, if you are not sure which department to apply to, please send me an e-mail. You can find information on my current students here.
Undergradaute Students: I'm looking for strong undergraduate students with interests in security, mobile computing and cloud computing who are interested in summer research positions through the USRA program. 2nd and 3rd year students will be given preference. Please send me a copy of your transcript and a resume/CV if interested.
Post-Doctoral Fellows:
I
occasionally take post-doctoral fellows. The main criteria is
a strong publication record, fit with my group and evidence of the
ability to independently conduct research. Prospective candidates
should e-mail me a CV along with a brief description of relevant
experience.
Professional Activities
I am currently on the program committee for:- 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013)
- 22nd International World Wide Web Conference (WWW 2013)
- The 2012 Symposium on Cloud Computing (SOCC 2012)
- The 45th Annual IEEE/ACM International Symposium on Microarchitecture (Micro 2012) (External Review Committee)
- 21st USENIX Security Symposium (2012)
- 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2012)
- 4th International Conference on Trust and Trustworthy Computing
- ACM SIGMETRICS 2011 International Conference on Measurement and Modeling of Computer Systems
- 16th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2011)
- 19th USENIX Security Symposium (2010)
- The International Conference on Virtual Execution Environments 2010 (VEE'10)
- 15th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2010)
- 4th USENIX Workshop on Hot Topics in Security (HotSec '09)
- 18th USENIX Security Symposium (2009)
- IEEE Symposium on Security and Privacy (Oakland 2009)
- Symposium on Operating Systems Design and Implementation (OSDI 2008)
- 17th USENIX Security Symposium (2008)
- 1st Workshop on Architectural and System Support for Improving Software Dependability (ASID 2006)
- Workshop on Architectural Support for Security and Anti-Virus (WASSA 2004)