Projects

Though all of SSL’s research initiatives—past and present—revolve around ensuring secure operation of computer systems, the specific areas addressed by the team vary greatly. Initiatives are grouped into the following categories:

    The Update Framework (TUF)

    Adopted
    Many people are using this. Join them!
    Software Updates and Security

    Software must be updated frequently to not only ensure improved operation, but also to patch security flaws. Unfortunately, the act of performing an update can itself be a way to attack a computer, if a malicious update is installed. TUF is a comprehensive, flexible framework to secure software updates even in situations where the software repository is compromised. Developers can integrate TUF into any software update system, or native programming language due to its concise, self-contained architecture and specification. It offers both developers and users protection from a host of potential attacks.

    Uptane

    Adopted
    Many people are using this. Join them!
    Software Updates, Security, and Internet of Things

    Cars today use a truly enormous amount of software, and, like any software, it contains bugs. Unfortunately, there is no secure way to update software in cars. Our Uptane project provides a mechanism to securely distribute updates to cars. Uptane can counter a comprehensive array of security attacks, and is resilient to partial compromises, while addressing automotive specific vulnerabilities and limitations. We invite all security researchers and academics to perform a security review of Uptane by going to our web site.

    Seattle

    Adopted
    Many people are using this. Join them!
    Security, Networking, and Testbeds

    Cloud computing can provide tremendous benefits due to its ability to offload computation on demand. However, cloud resources are often located far from users. The Seattle project enables users to securely share (and acquire) computing resources from their desktop, laptop, or smartphone in the same manner as with cloud computing. Seattle is used for education, software development, and research by thousands of people around the world.

    Sensibility Testbed

    Sprouting
    We're ready for use. Early adopters wanted!
    Testbeds, Privacy, Networking, and Internet of Things

    Given the close proximity of smartphones to users, researchers would benefit from accessing smartphone sensors. By giving the user control over what amount and type of data is gathered from these sensors, Sensibility ensures the privacy of user information. Sensibility also has additional security protections that ensure the safety of the device, while giving researchers access to unique information.

    PolyPasswordHasher (PPH)

    Sprouting
    We're ready for use. Early adopters wanted!
    Cryptography and Security

    A password database disclosure can be devastating, costing companies billions of dollars in damages. PolyPasswordHasher offers a new approach to prevent attackers from finding out which passwords are being used. By interrelating stored password data, potential hackers are forced to crack passwords in sets. This increases the attackers’ level of difficulty, making a PolyPasswordHasher-enabled database very hard to breach, even for an adversary with millions of computers.

    in-toto

    Sprouting
    We're ready for use. Early adopters wanted!
    Software Updates and Security

    Do you know who has handled your software prior to its installation on your machine? Even if developers are careful to secure each step in their products' supply chain, there is little assurance about what happens in-between these steps. The in-toto system holistically enforces the integrity of a software supply chain by gathering and signing information about each step in the process. As such, in-toto provides accountability about how software is written, packaged and distributed...and by who.

    Atoms of Confusion

    Sprouting
    We're ready for use. Early adopters wanted!
    Software Engineering

    Within every confusing piece of software code are small patterns that can lead developers to outputs that radically differ from what was intended. In studying these “atoms of confusion” we look to build a firm empirical foundation for reducing code confusion in software development and, thus, also reduce the frequency of buggy and malfunctioning programs.

    CacheCash

    Stealth Mode
    Shhhh. We're still figuring things out internally.
    Security, Cryptography, Systems, and Networking

    Delivery of large chunks of content, such as video, accounts for a substantial percentage of all Internet traffic. This content is usually served by provider networks that contract with Internet Service Providers. CacheCash provides a similar content delivery service by having interested users run caches of content. These users are incentivized to participate by receiving a crypto-currency (Cachecoin) in exchange for serving content to users. Both cryptographic and economic techniques demonstrate that, in CacheCash, these users are either forced or economically incentivized to honestly serve content. Our analysis shows that CacheCash scales to meet the workload of even the most popular services used today. By building CacheCash, we intend to disrupt CDNs by more readily and pervasively including end user served content.

    Lind

    Stealth Mode
    Shhhh. We're still figuring things out internally.
    Security and Systems

    Despite the best efforts of developers most operating system kernels contain flaws, and strategies to defend against triggering them have fallen short. Lind is a new virtual machine design that defends against these bugs by locking all system calls into popular access paths. The design is based on the idea that popular paths—ones used every day to access basic system requests—are much less likely to contain vulnerabilities. This limited kernel access reduces the possibility of interaction with flawed code.

    CrashSimulator

    Stealth Mode
    Shhhh. We're still figuring things out internally.
    Software Engineering, Testing Tools, and Systems

    CrashSimulator is a tool that replicates “real-world” testing for new and upgraded software without the complications of “real-world” deployment. The program enables software developers to identify vulnerabilities in product designs long before they are packaged and released.

    API Blindspots

    Stealth Mode
    Shhhh. We're still figuring things out internally.
    Software Engineering

    This project seeks to identify situations where security issues are created by the misunderstanding of APIs by developers. In particular, we are looking for security-related blind spots in popular Java and Python APIs as a way to more holistically find and address bugs.

    Upccinate

    Stealth Mode
    Shhhh. We're still figuring things out internally.
    Software Updates, Security, and Internet of Things

    Computerized medical devices are an efficient and essential part of health care around the world today. However, these devices are often riddled with security issues and outdated software. Upccinate focuses on secure and usable mechanisms to distribute software updates to medical devices. Much like the TUF and Uptane projects, Upccinate is focused on providing compromise resilience, while addressing security issues that are domain specific. More information will be forthcoming as this project progresses.

    NetCheck

    Retired
    We learned what we can and are not actively developing anymore.
    Software Engineering and Testing Tools

    NetCheck is a tool that can determine the cause of a failure in a networked application, without any application or network-specific knowledge, and without any modification to the application or its infrastructure. By treating an application as a blackbox, a diagnosis can be made using just a set of system call (syscall) invocation traces from the relevant end-hosts. By simulating the syscalls against a network model, syscalls that deviate from expected network semantics can be identified. In return, these deviations can be mapped to a diagnosis by using a set of heuristics.

    • Products: NetCheck identified a wide array of networking bugs in different projects, including in Python. The code for NetCheck is available, however it is worth reading our blog first to learn about our experiences.
    • People: Yanyan Zhuang, Eleni Gessiou, Steven Portzer, Fraida Fund, Monzur Muhammad, Ivan Beschastnikh (UBC), and Justin Cappos

    upPIR

    Retired
    We learned what we can and are not actively developing anymore.
    Security, Cryptography, and Networking

    upPIR is a secure protocol that allows users to mask their information requests by privately retrieving information from a set of mirrors. By packaging the required information with other data that potentially could be requested, the user's preferences—and any assumptions that could be deduced from those preferences—remain hidden.

    Virtual Secure Network (VSN)

    Retired
    We learned what we can and are not actively developing anymore.
    Security, Networking, and Privacy

    Virtual Secure Network (VSN) is a network service that provides remote users the security benefits of a managed (corporate/cloud) network, without sacrificing the faster Internet performance more typical of an insecure direct connection. A VSN is analogous to a Virtual Private Network (VPN) in that it offers security protections, such as firewalls, multiple Antivirus scanners, IDSs, and IPSs. However, VSN can guarantee lower costs for management, and better performance for its end users.