Research Overview
I am an Associate Professor in the Edward S. Rogers Department of Electrical and Computer Engineering and Department of Computer Science at the University of Toronto. I am affiliated with the Computer Group and the Computer Systems Lab. I received my M.S. and Ph.D from Stanford University and my B.A.Sc from Engineering Science at the University of Toronto. My research interests span operating systems, computer architecture, formal verification and networking. Recently, my interests have focused on hardware and software support building secure and reliable computer systems. I like building systems and some projects I am currently working on include:- Using Hypervisors to Secure Commodity Operating Systems: The hypervisor (otherwise known as a virtual machine monitor) is a privileged layer of software below the operating system kernel. Implementing security at this layer allows us to enhance a standard operating system without needing to modify or even have access to its source code. In addition, its high privilege level enables security mechanisms to tolerate a complete compromise of the operating system. So far, we have built several systems using hypervisors to enhance OS security. Proxos uses a hypervisor to allow applications to protect themselves in the event of an OS compromise. Both Manitou and Patagonix use a hypervisor to detect unwanted code on a computer system. Finally, our Sensors work leveraged a hypervisor to monitor honeypots, a type of computer used to study Internet attacks.
- Security in Cloud Computing: Cloud computing offers a new exciting form of service to users in need of compute infrastructure. It provides users a pay-as-you go model, and allows users to outsource costs such as management, power and cooling, procurement and provisioning. Unfortunately, cloud computing poses serious security concerns. Users want to ensure the security of their data and code while executing in the cloud. At the same time cloud providers want to protect their infrastructure from being abused. We elaborate on these issues in our HotOS paper.
- Multicore Systems: With the increasing number of cores on modern processors, software developers will be forced to write concurrent programs to take advantage of the hardware and increase performance. I am interested in various issues concerning writing fast, reliable software for the next generation of multicore processors. One of the problems is that writing concurrent, threaded applications is hard to get write, and developers often forget to lock critical objects. Our system, Kivati, dynamically detects these bugs at run time and fixes them with less than 20% overhead. Kivati leverages hardware watchpoints and a set of optimizations to keep its detection and prevention overhead to a minimum. I'm also interested in improving security with multicores. Replicant explores the use of multicore processors to detect and mitigate attacks on vulnerable software.
Recent News
- February 8, 2010: Lee's paper on Kivati was accepted in EuroSys 2010! Kivati describes a system that leverages hardware watchpoints to quickly detect and prevent atomicity violations at run time.
- June 22, 2009: David Lie has been promoted to Associate Professor with tenure.
- March 20, 2009: Our paper on cloud computing securitiy was accepted at HotOS 2009.
- March 19, 2009: I'm the Software Security Theme leader and member of the Scientific Advisor Board for the national ISSNet Strategic Network. See the official announcement for the NSERC Strategic Networks.
Selected Publications
- Lee Chew and David Lie. Kivati: Fast Detection and Prevention of Atomicity Violations. To appear in the Proceedings of the 2010 EuroSys Conference (EuroSys 2010), April 2010.
- Lionel Litty, H. Andrés Lagar-Cavilla and David Lie.Computer Meteorology: Monitoring Compute Clouds. In Proceedings of the 12th Workshop on Hot Topics in Operating Systems (HotOS 2009). May 2009.
- Lionel Litty, H. Andrés Lagar-Cavilla and David Lie. Hypervisor Support for Identifying Covertly Executing Binaries. In Proceedings of the 17th USENIX Security Symposium. Pages 243-258. July 2008.
- Richard Ta-Min, Lionel Litty and David Lie. Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2006). Pages 279-292. November 2006.
- David Lie, Chandramohan Thekkath and Mark Horowitz. Implementing an Untrusted Operating System on Trusted Hardware. In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003). October 2003. Best Paper Award!
- A complete list of publications can be found here.
Teaching
Current:- None: On sabbatical until September 2010.
- ECE341F: Computer Organization
- ECE568: Computer Security
- ECE352: Computer Organization
- ECE1776: Computer Security, Cryptography and Privacy
- ECE1724: Industry Perspectives on Practical Problems in Computer Security, Co-taught with Prof. Reiner (Spring 2009)
Students
I am looking for motivated students who enjoy building software/hardware systems. If you take the time to read one of my papers and send me suggestions on follow-up work or improvements that you would be interested in pursuing, then you will definitely get a response from me. If you are interested in applying for graduate studies, please go here and look under "Graduate Studies" for the application procedure. You can find information on my current students here.
Professional Activities
I am currently on the program committee for:- The International Conference on Virtual Execution Environments 2010 (VEE'10)
- 15th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XV)
- 19th USENIX Security Symposium (2010)
- 4th USENIX Workshop on Hot Topics in Security (HotSec '09)
- 18th USENIX Security Symposium (2009)
- IEEE Symposium on Security and Privacy (Oakland 2009)
- Symposium on Operating Systems Design and Implementation (OSDI 2008)
- 17th USENIX Security Symposium (2008)
- 1st Workshop on Architectural and System Support for Improving Software Dependability (ASID 2006)
- Workshop on Architectural Support for Security and Anti-Virus (WASSA 2004)
