Research Overview
I am an Associate Professor in the Edward S. Rogers Department of Electrical and Computer Engineering and Department of Computer Science at the University of Toronto where I am affiliated with the Computer Group. I received my M.S. and Ph.D from Stanford University and my B.A.Sc from Engineering Science at the University of Toronto. My research interests span operating systems, computer architecture, formal verification and networking. Recently, my interests have focused on hardware and software support building secure and reliable computer systems. I like building systems and some projects I am currently working on include:- SmartPhone Security and Reliability: In 2010, there were more SmartPhones shipped than desktop PCs and the trend is continuing. For many users, the smart phone will be the main device they use to interact with the Internet. We are in an environment where users will likely own multiple devices that must all interact with each other, including a phone, a tablet, PCs and game consoles. To this end, I am interested in building smart phone operating systems and software that seeks to be secure, reliable and intuitive. We are working on building systems such as Unicorn and Mercury, which leverage the capabilities of smart phones to help protect users against malware and phishing. In addition, I believe smart phones themselves need to be secure, and our position paper argues why we need to develop entirely new classes of tools to help developers pick permissions for their applications.
- Security in Cloud Computing: Cloud computing offers a new exciting form of service to users in need of compute infrastructure. It provides users a pay-as-you go model, and allows users to outsource costs such as management, power and cooling, procurement and provisioning. Unfortunately, cloud computing poses serious security concerns. Users want to ensure the security of their data and code while executing in the cloud. At the same time cloud providers want to protect their infrastructure from being abused. We elaborate on these issues in our HotOS paper and our VEE paper. More recently, we have made an exploration into whether users can use geolocation techniques to enforce location-based SLAs on cloud providers. We have also been exploring the use of trusted computing to protect user data stored in the cloud using a system called Unicorn.
- Multicore Systems: With the increasing number of cores on modern processors, software developers will be forced to write concurrent programs to take advantage of the hardware and increase performance. I am interested in various issues concerning writing fast, reliable software for the next generation of multicore processors. One of the problems is that writing concurrent, threaded applications is hard to get write, and developers often forget to lock critical objects. Our system, Kivati, dynamically detects these bugs at run time and fixes them with less than 20% overhead. Kivati leverages hardware watchpoints and a set of optimizations to keep its detection and prevention overhead to a minimum. I'm also interested in improving security with multicores. Replicant explores the use of multicore processors to detect and mitigate attacks on vulnerable software.
Recent News
- February 6, 2012: The folks at UT Austin were nice enough to write a news article about Unicorn after my recent visit there.
- January 20, 2012: I am looking for both graduate and undergradaute summer students. Please see below for more information.
- November 30, 2011: Phillipa Gill is on the job market!
- August 21, 2011: Our position paper on how and why one should build tools to automatically populate permission lists for smartphone operating systems will appears at SPSM 2011.
- August 12, 2011: We have a cool paper at CCS this year introducing a novel technique, called two-factor attestation, which raises the bar against attacks that use malware or phishing to get at personal data. Read about Unicorn, our prototype system that demonstrates this idea.
- July 1, 2011: Mannan has moved to Montreal to start as an Assistant Professor at Concordia. We wish Mannan the best of luck!
Selected Publications
- Mohammad Mannan, Beom Heyn Kim, Afshar Ganjali and David Lie. Unicorn: Two-Factor Attestation for Data Security. In Proccee18th ACM Conference on Computer and Communications Security (CCS 2011). October 2011. Lionel Litty and David Lie. Patch Auditing in Infrastructure as a Service Clouds. In Proceedings of the 2011 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE 2011). Pages 145-156. March 2011.
- Mohammed Mannan, David Barrera, Carson Brown, David Lie, Paul van Oorschot. Mercury: Recovering Forgotten Passwords Using Personal Devices. In Proceedings of Financial Cryptography and Data Security 2011 (FC'11). February 2011.
- Phillipa Gill, Yashar Ganjali, Bernard Wong and David Lie. Dude, Where's That IP? Circumventing Measurement-based IP Geolocation. In Proceedings of the 19th USENIX Security Symposium. August 2010.
- Lee Chew and David Lie. Kivati: Fast Detection and Prevention of Atomicity Violations. In Proceedings of the 2010 EuroSys Conference (EuroSys 2010), Pages 307-320. April 2010.
- Lionel Litty, H. Andrés Lagar-Cavilla and David Lie. Hypervisor Support for Identifying Covertly Executing Binaries. In Proceedings of the 17th USENIX Security Symposium. Pages 243-258. July 2008.
- Richard Ta-Min, Lionel Litty and David Lie. Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2006). Pages 279-292. November 2006.
- A complete list of publications can be found here.
Teaching
Current:Fall: Spring:
- ECE353: Systems Software (Engineering Science)
- ECE341F: Computer Organization
- ECE568: Computer Security
- ECE352: Computer Organization
- ECE1776: Computer Security, Cryptography and Privacy
- ECE1724: Industry Perspectives on Practical Problems in Computer Security, Co-taught with Prof. Reiner (Spring 2009)
Students
Graduate Students: I am looking for motivated students who enjoy building software/hardware systems. If you take the time to read one of my papers and send me suggestions on follow-up work or improvements that you would be interested in pursuing, then you will definitely get a response from me. If you are interested in applying for graduate studies, please go here and look under "Graduate Studies" for the application procedure. You can find information on my current students here.
Summer Undergraduates: I am also looking for motivated summer students to support for an NSERC USRA. Potential projects include security of the Google Android mobile OS, Cloud computing security and writing and debugging parallel programs. Students should be in their 2nd or 3rd year. Those with an 80%+ average are preferred. Please contact me via e-mail if interested.Professional Activities
I am currently on the program committee for:- 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2012)
- 21st USENIX Security Symposium (2012)
- 4th International Conference on Trust and Trustworthy Computing
- ACM SIGMETRICS 2011 International Conference on Measurement and Modeling of Computer Systems
- 16th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XVI)
- 19th USENIX Security Symposium (2010)
- The International Conference on Virtual Execution Environments 2010 (VEE'10)
- 15th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2010)
- 4th USENIX Workshop on Hot Topics in Security (HotSec '09)
- 18th USENIX Security Symposium (2009)
- IEEE Symposium on Security and Privacy (Oakland 2009)
- Symposium on Operating Systems Design and Implementation (OSDI 2008)
- 17th USENIX Security Symposium (2008)
- 1st Workshop on Architectural and System Support for Improving Software Dependability (ASID 2006)
- Workshop on Architectural Support for Security and Anti-Virus (WASSA 2004)
