My research focuses on
improving security on three different levels in the development cycle
of applications, even in the presence of vulnerabilities. The first
level protects existing binary-only
applications and assumes that we
cannot use source code. The second
level is an extension for C/C++
compilers that protects applications
from any control flow hijack attack.
On this level, we use detailed information at the compiler level to
enforce stronger security guarantees and lower the performance
overhead. On the third level, we add
new language features or change
the programming language.
A: Update as frequently as possible.
If you keep your systems updated you
are limiting the window of opportunity for attackers.
A: Oh, yeah. It’s a nice analogy for
current security practices. In the
last five or six years, more defense
mechanisms were added to current systems, and attacks have
become harder. Also, security has
become a hot research area.
Unfortunately, it is still possible
for attackers to circumvent every
defense mechanism. So instead
of having no defense, we have
some partial layers of protection.
Now you need more sophisticated
attackers, just like the Death Star
scenario. You need an attacker
that finds a hole and evades all
the attacking space ships while
exploding the core.
DEPARTMENT OF MATHEMATICS
Previous: postdoctoral fellow,
University of Texas
A: Purdue is a very nice university.
The research environment is very
good and has a very strong applied
and computational math group.
During my interview, I talked to
faculty members and I have a lot of
common research interests with
A: I want to start a Capture The Flag
(CTF) team for both undergraduate
and graduate students at Purdue.
CTF is a game hackers play where
teams split into attackers and
defenders. Teams are given a virtual
machine, which contains a bunch of
services. In order to earn points, the
defenders analyze the services and
defend them against other teams
while the attackers learn the vulnerabilities and attack the services of
other. In the end, whoever has the
most points wins. It’s very fun and
challenging and provides security
expertise that can lead to job opportunities. I’m looking forward to
hacking with students.