Research Overview

I am an Associate Professor in the Edward S. Rogers Department of Electrical and Computer Engineering and Department of Computer Science at the University of Toronto. I am affiliated with the Computer Group and the Computer Systems Lab. I received my M.S. and Ph.D from Stanford University and my B.A.Sc from Engineering Science at the University of Toronto. My research interests span operating systems, computer architecture, formal verification and networking. Recently, my interests have focused on hardware and software support building secure and reliable computer systems. I like building systems and some projects I am currently working on include:

• Using Hypervisors to Secure Commodity Operating Systems: The hypervisor (otherwise known as a virtual machine monitor) is a privileged layer of software below the operating system kernel. Implementing security at this layer allows us to enhance a standard operating system without needing to modify or even have access to its source code. In addition, its high privilege level enables security mechanisms to tolerate a complete compromise of the operating system. So far, we have built several systems using hypervisors to enhance OS security. Proxos uses a hypervisor to allow applications to protect themselves in the event of an OS compromise. Both Manitou and Patagonix use a hypervisor to detect unwanted code on a computer system. Finally, our Sensors work leveraged a hypervisor to monitor honeypots, a type of computer used to study Internet attacks.
• Hardware Support for Security: With the cost of managing and security our computer systems rapidly outstripping the cost of purchasing computer hardware, it makes sense to dedicate some hardware to making computer systems more secure. Replicant explores the use of multi-core processors to detect and mitigate attacks on vulnerable software. Together the XOM architecture and the XOMOS propose a system where applications run on top of a untrusted operating system and place their trust in the processor hardware.
• Security in Cloud Computing: Cloud computing offers a new exciting form of service to users in need of compute infrastructure. It provides users a pay-as-you go model, and allows users to outsource costs such as management, power and cooling, procurement and provisioning. Unfortunately, cloud computing poses serious security concerns. Users want to ensure the security of their data and code while executing in the cloud. At the same time cloud providers want to protect their infrastructure from being abused. We elaborate on these issues in our HotOS paper.
• Verifying and Measuring Security: I am interested in applying formal methods to both remove serious flaws from applications as well as attempt to quantify the relative security of an application. Two recent papers (HotSec'07 HotSec'08) propose methods to quantify software security: the first takes a contest-based approach while the second leverages formal verification technology. We have created the Verisec Security Benchmark suite and a buffer overflow detection tool called PtYasm. I have also performed a formal verification of the XOM architecture.

Recent News

• June 22, 2009: David Lie has been promoted to Associate Professor with tenure.
• March 20, 2009: Our paper on cloud computing securitiy was accepted at HotOS 2009.
• March 19, 2009: I'm the Software Security Theme leader and member of the Scientific Advisor Board for the national ISSNet Strategic Network. See the official announcement for the NSERC Strategic Networks.

Selected Publications

• Lionel Litty, H. Andrés Lagar-Cavilla and David Lie.Computer Meteorology: Monitoring Compute Clouds. In Proceedings of the 12th Workshop on Hot Topics in Operating Systems (HotOS 2009). May 2009.
• Lionel Litty, H. Andrés Lagar-Cavilla and David Lie. Hypervisor Support for Identifying Covertly Executing Binaries. In Proceedings of the 17th USENIX Security Symposium. Pages 243-258. July 2008.
• Jesse Pool, Ian Sin and David Lie. Relaxed Determinism: Making Redundant Execution on Multiprocessors Practical. In Proceedings of the 11th Workshop on Hot Topics in Operating Systems (HotOS 2007).
• Richard Ta-Min, Lionel Litty and David Lie. Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2006). Pages 279-292. November 2006.
• David Lie, Chandramohan Thekkath and Mark Horowitz. Implementing an Untrusted Operating System on Trusted Hardware. In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003). October 2003. Best Paper Award!
• A complete list of publications can be found here.

Teaching

Current:

• None: On sabbatical until September 2010.

Past:

• ECE341F: Computer Organization
• ECE568: Computer Security
• ECE352: Computer Organization
• ECE1776: Computer Security, Cryptography and Privacy
• ECE1724: Industry Perspectives on Practical Problems in Computer Security, Co-taught with Prof. Reiner (Spring 2009)

Students

I am looking for motivated students who enjoy building software/hardware systems. If you take the time to read one of my papers and send me suggestions on follow-up work or improvements that you would be interested in pursuing, then you will definitely get a response from me. If you are interested in applying for graduate studies, please go here and look under "Graduate Studies" for the application procedure. You can find information on my current students here.

Professional Activities

I am currently on the program committee for:

• The International Conference on Virtual Execution Environments 2010 (VEE'10)
• 15th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XV)
• 19th USENIX Security Symposium (2010)

In the past, I have served on the program committee for:

• 4th USENIX Workshop on Hot Topics in Security (HotSec '09)
• 18th USENIX Security Symposium (2009)
• IEEE Symposium on Security and Privacy (Oakland 2009)
• Symposium on Operating Systems Design and Implementation (OSDI 2008)
• 17th USENIX Security Symposium (2008)
• 1st Workshop on Architectural and System Support for Improving Software Dependability (ASID 2006)
• Workshop on Architectural Support for Security and Anti-Virus (WASSA 2004)