Security, Programming Languages, and Theory Lab

The SPLAT Lab has projects in many areas of computer science, including:

Content-Based Access Control (CBAC).

Bloggers and social network users place large amounts of personal information on the web and current services give them almost no control over who can see that information. To address this problem, we are developing new access-control systems that let users specify which users can see which posts in a simple, intuitive way. For example, users can specify policies such as, "Posts about parties are visible to my college friends," and the access-control system will use NLP and machine learning techniques to decide which posts are about "parties" and restrict those posts to readers in the poster's list of "college friends."

Authenticating Reality.

Digital photography is a poor way to authenticate reality because digital photographs are notoriously easy to manipulate and falsify -- doctored images of political figures, scientific and legal evidence, and news and current events are commonplace. We envision a near future in which users can easily verify the authenticity of digital media. Web browsers will indicate whether a given photograph is authentic; listeners will be able to trust that a sound-bite has not been manipulated to change the speaker's intent. We are creating new homomorphic digital signature schemes and image forgery detection techniques to make this vision a reality.

Static Analysis for Security.

Software bugs account for the vast majority of security vulnerabilities, so we are developing new tools to automatically find security bugs in programs at compile time. Our past work in this area has lead to the creation of the world's best format string bug detector. We are currently building an extension to gcc to check for a wide variety of security bugs.

Distributed Worm Defense.

Current software defense mechanisms, such as patches and program transformations for security, react too slowly to new worms or incur too much run-time overhead. We are building new program transformations that will provide a probabilistic defense against new worms, but with much lower overhead, by having nodes on the Internet inform each other whenever they detect a new attack.

Secure System Architectures

As more critical functions, such as commerical applications and physical access controls, move onto consumer devices like cell phones, it becomes more important to protect these services from worms, viruses, and other threats. We are developing a system architecture to enable consumer devices to simultaneously host both critical and non-critical services securely. As an example application, we are developing a mobile commerce system that is hardened against network attacks against cell phones.

Cryptography and Cryptanalysis

SPLAT lab is currently developing new cryptographic primitives and attacks on cryptosystems used in digital rights management systems.