Research OverviewI am an Associate Professor and Canada Research Chair in Secure and Reliable Computer Systems in the Edward S. Rogers Department of Electrical and Computer Engineering and Department of Computer Science at the University of Toronto. I am affiliated with the Computer Group. I received my M.S. and Ph.D from Stanford University and my B.A.Sc from Engineering Science at the University of Toronto.
My research goal is to make computer systems safer and more reliable. With the large degree that computing has permeated our lives, from mobile smartphones to ubiquitous cloud computing, it is crucial that this infrastructure that we rely so heavily on be secure and reliable. I take a variety of approaches to achieving this goal, including techniques using operating systems, computer architecture, formal verification and networking. I like building prototypes with my students to demonstrate our ideas and some projects I am currently working on include:
- Smartphone Security and Reliability: In 2010, there were more Smartphones shipped than desktop PCs and the trend is continuing. For many users, the smart phone will be the main device they use to interact with the Internet. We are in an environment where users will likely own multiple devices that must all interact with each other, including a phone, a tablet, PCs and game consoles. To this end, I am interested in building smart phone operating systems and software that seeks to be secure, reliable and intuitive. We are working on building systems such as Unicorn and Mercury, which leverage the capabilities of smart phones to help protect users against malware and phishing. In addition, I believe smart phones themselves need to be secure, and our position paper argues why we need to develop entirely new classes of tools to help developers pick permissions for their applications. Following on that, we have developed PScout (source code and datasets here), a tool that extracts the permission specification from Android using static analysis. We have used PScout to perform a preliminary analysis of the Android permission system.
- Security in Cloud Computing: Cloud computing offers a new exciting form of service to users in need of compute infrastructure. It provides users a pay-as-you go model, and allows users to outsource costs such as management, power and cooling, procurement and provisioning. Unfortunately, cloud computing poses serious security concerns. Users want to ensure the security of their data and code while executing in the cloud. At the same time cloud providers want to protect their infrastructure from being abused. We elaborate on these issues in our HotOS paper, VEE paper, and our paper on location-based SLAs on cloud providers. We have also been exploring the use of trusted computing to protect user data stored in the cloud using a system called Unicorn. More recently we have been working on Unity, an untrusted cloud storage system, and H-One, and IaaS cloud auditing framework. We have built and studied Caelus, a system that uses a smartphone to monitor a cloud for malicious activity. You can also check out our survey on the State of IaaS Cloud Security.
- System reliability: With the complexity of computer systems today, it is all too easy for them to become misconfigured. One our research goals is reducing the pain of system configuration and make misconfiguration repair easier. To that end, our tool Ocasta, uses unsupervised machine learning to infer which configuration settings might be related and uses an automated configuration search and rollback tool to semi-automate the repair of configuration errors. I am also interested in issues concerning writing fast, reliable software for the next generation of multicore processors. One of the problems is that writing concurrent, threaded applications is hard to get right, and developers often forget to lock critical objects. Our system, Kivati, dynamically detects these bugs at run time and fixes them with less than 20% overhead. Kivati leverages hardware watchpoints and a set of optimizations to keep its detection and prevention overhead to a minimum.
- January, 2015: Thanks UBC for hosting me for a great Distinguished Lecture visit! You can see the talk I gave about the great things my students and I been doing in my group on Smartphone Security.
- October, 2015: Michelle's paper on IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware has been accepted at NDSS 2016! Congratulations Michelle!
- Sept, 2015: Welcome Peter and Diego, new MASc students in our group!
- June, 2015: Our survey on The State of Public Infrastructure-as-a-Service Cloud Security has been published in the Journal of ACM Computing Surveys. Congrats to Wei for putting this together!
- April, 2015: I'm the PC co-chair for the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) this year. Please consider submitting a paper!
- March, 2015: Congratulations to Ben Kim, whose paper on Caelus: Verifying the Consistency
of Cloud Services with Battery-Powered Devices will appear at Oakland Security 2015!
Well done Ben!
- January, 2015: Congratulations to Michelle Wong for succesfully defending her MASc Thesis!
- September, 2014: Welcome Mariana D'Angelo and Dhaval Miyani to our group!
- September, 2014: Zheng's paper LazyTainter: Memory-Efficient Taint Tracking in Managed Runtimes was accepted at SPSM 2014.
- February, 2014: James' paper Ocasta: Clustering Configuration Settings For Error Recovery was accepted at DSN 2014! See the video demo here! Congratulations James!
- September, 2013: Please welcome Sukwon Oh, who just joined our group.
- June, 2013: I gave an invited talk this year at the Trusted Infrastructure Workshop in Penn State about virtualization and trusted computing.
- March 15, 2013: I have been awarded the Canada Research Chair in Secure and Reliable Computer Systems.
- January, 2013: I will have one or two summer undergraduate research positions open through the NSERC USRA program. 2nd and 3rd year students will be given preference. Please send me a copy of your transcript and a resume/CV if interested
- November, 2012: Kathy Au just successfully defended her MASc thesis and will be joining Google next year. Congratulations Kathy!
- September 26, 2012: We've made the PScout source code and permission maps available here. Hope you find them useful!
- August 15, 2012: We have two workshop papers at CCS this year. A paper on Unity, a system that provides secure cloud storage by Ben Kim and Wei Huang at CCSW 2012, and a paper on H-One, a IaaS cloud auditing proposal by Afshar Ganjali.
- July 20, 2012: Kathy's paper on Android permission analysis using PScout was accepted at CCS 2012! You can read about the tool and the analysis here.
- May, 2012: Phillipa Gill will be joining Stony Brook University as an assistant professor in 2013 after a post-doc in the Citizen Lab here at U of T. Congratulations Phillipa!
- March 1, 2012: I'm starting at 2.5 year stint as the Associate Chair of Graduate Studies for ECE at U of T. Wish me luck!
- February 6, 2012: The folks at UT Austin were nice enough to write a news article about Unicorn after my recent visit there.
- August 21, 2011: Our position paper on how and why one should build tools to automatically populate permission lists for smartphone operating systems will appears at SPSM 2011.
- August 12, 2011: We have a cool paper at CCS this year introducing a novel technique, called two-factor attestation, which raises the bar against attacks that use malware or phishing to get at personal data. Read about Unicorn, our prototype system that demonstrates this idea.
- December 20, 2010: Lionel's paper on Patch Auditing in public clouds was accepted at VEE 2011! You can read the paper here.
- December 17,
2010: Mannan's paper on Mercury,
a system for secure
password recovery will appear at FC
In this paper, we describe a cool way to recover your password simply
and easily using a mobile phone.
- June 1, 2010: Phillipa's paper on subverting measurement-based IP geolocation was accepted at USENIX Security 2010! It turns out that they can be subverted, and that surprisingly, the more advanced and precise the technique, the more susceptible it is.
- February 8, 2010: Lee's paper on Kivati was accepted in EuroSys 2010! Kivati describes a system that leverages hardware watchpoints to quickly detect and prevent atomicity violations at run time.
- June 22, 2009: David Lie has been promoted to Associate Professor with tenure.
- March 20, 2009: Our paper on cloud computing security was accepted at HotOS 2009.
- March 19, 2009: I'm the Software Security Theme leader and member of the Scientific Advisor Board for the national ISSNet Strategic Network. See the official announcement for the NSERC Strategic Networks.
- Click here for older news.
- Michelle Wong and David Lie. IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware To appear in the 2016 Network and Distributed System Security Symposium (NDSS), Feb 2016.
- Wei Huang, Afshar Ganjali, Beom Heyn Kim, Sukwon Oh and David Lie. The State of Public Infrastructure-as-a-Service Cloud Security ACM Computing Surveys 47, 4, Article 68 (June 2015), 31 pages.
- Beom Heyn Kim and David Lie. Caelus: Verifying the Consistency of Cloud Services with Battery-Powered Devices.In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland 2015). May 2015.
- Zheng Wei and David Lie. LazyTainter: Memory-Efficient Taint Tracking in Managed Runtimes. The 4th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM). November 2014.
- Zhen Huang and David Lie. Ocasta: Clustering Configuration Settings For Error Recovery. The 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2014). See the video demo here!
- Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang and David Lie. PScout: Analyzing the Android Permission Specification. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012). October 2012.[Download Source Code and Permission Maps]
- Lionel Litty, H. Andrés Lagar-Cavilla and David Lie. Hypervisor Support for Identifying Covertly Executing Binaries. In Proceedings of the 17th USENIX Security Symposium. Pages 243-258. July 2008.
- A complete list of publications can be found here.
- ECE568: Computer Security
- ECE1776: Computer Security, Cryptography and Privacy
- ECE344: Operating Systems
- ECE353: Systems Software (Engineering Science)
- ECE341F: Computer Organization
- ECE352: Computer Organization
- ECE1776: Computer Security, Cryptography and Privacy (2015S)
- ECE1724: Industry Perspectives on Practical Problems in Computer Security, Co-taught with Prof. Reiner (Spring 2009)
Graduate Students: I am looking for motivated students who enjoy building software/hardware systems. If you take the time to read one of my papers and send me suggestions on follow-up work or improvements that you would be interested in pursuing, then you will definitely get a response from me. If you are interested in applying for graduate studies in ECE, please go here for the application procedure. I supervise students from ECE and CS, if you are not sure which department to apply to, please send me an e-mail. You can find information on my current students here.
Undergradaute Students: I'm looking for strong undergraduate students with interests in security, mobile computing and cloud computing who are interested in summer research positions through the USRA program. 2nd and 3rd year students will be given preference. Please send me a copy of your transcript and a resume/CV if interested.
I have a post-doctoral fellowship position open. The main criteria is
a strong publication record, fit with my group and evidence
of the ability to independently conduct research. Prospective
candidates should e-mail me a CV along with a brief description of relevant
Professional ActivitiesI am currently on the program committee for:
- 24th USENIX Security Symposium (2015)
- 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (PC co-chair)
- The 2016 Network and Distributed System Security Symposium (NDSS)
- 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI '16)
- The 36th IEEE Symposium on Security and Privacy (Oakland 2015)
- CCSW 2014: The ACM Cloud Computing Security Workshop
- The 35th IEEE Symposium on Security and Privacy (Oakland 2014)
- The 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2014)
- The 23rd USENIX Security Symposium (2014)
- 7th The ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2014)
- The 23rd International Conference on Parallel Architectures and Compilation Techniques (PACT 2014)
- The Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2014)
- CCSW 2013: The ACM Cloud Computing Security Workshop
- The 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013)
- The 22nd International World Wide Web Conference (WWW 2013)
- The 2012 Symposium on Cloud Computing (SOCC 2012)
- The 45th Annual IEEE/ACM International Symposium on Microarchitecture (Micro 2012) (External Review Committee)
- 21st USENIX Security Symposium (2012)
- 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2012)
- 4th International Conference on Trust and Trustworthy Computing
- ACM SIGMETRICS 2011 International Conference on Measurement and Modeling of Computer Systems
- 16th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2011)
- 19th USENIX Security Symposium (2010)
- The International Conference on Virtual Execution Environments 2010 (VEE'10)
- 15th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2010)
- 4th USENIX Workshop on Hot Topics in Security (HotSec '09)
- 18th USENIX Security Symposium (2009)
- IEEE Symposium on Security and Privacy (Oakland 2009)
- Symposium on Operating Systems Design and Implementation (OSDI 2008)
- 17th USENIX Security Symposium (2008)
- 1st Workshop on Architectural and System Support for Improving Software Dependability (ASID 2006)
- Workshop on Architectural Support for Security and Anti-Virus (WASSA 2004)