Trails: Efficient Data-Flow Tracking Through HW-assisted Parallelization

Adapting Static and Dynamic Program Analysis to Effectively Harden Debloated Software

This project aims to harden debloated software by leveraging static and dynamic analysis. The aim is to increase the effort required to compromise software through techniques applied dynamically on binaries, as well as the late stages of compilation, where some source-code information may not be available. It is currently supported by the Office of Naval Research (ONR) through grant N00014-16-1-2261.

Software self-healing

Improve software reliability by helping software survive fatal errors.

Authentication Using Glass Wearable Devices

We are working on a new project that will assist users, specially users with difficulties using their hands, to authenticate with terminals without the use of their hands.

Cloud-assisted Browsing

The Cloud can assist browsers and mobile apps serving Web content to operate faster and more secure. We are working on it.

Cyber-physical Authentication

Authentication for and from the Internet of Things.

Older projects


MINESTRONE is a novel architecture that integrates static analysis, dynamic confinement, and code diversification techniques to enable the identification, mitigation and containment of a large class of software vulnerabilities. Our techniques will protect new software, as well as already deployed (legacy) software by transparently inserting extensive security instrumentation. They will also leverage concurrent program analysis (potentially aided by runtime data gleaned from profiling software) to gradually reduce the performance cost of the instrumentation by allowing selective removal or refinement.

MINESTRONE will also use diversification techniques for confinement and fault-tolerance purposes. To minimize performance impact, our project will also leverage multi-core hardware or (when unavailable) remote servers to enable the quick identification of potential compromises.

The developed techniques will require no specific hardware or operating system features, although they will take advantage of such features where available, to improve both runtime performance and vulnerability coverage.

Funded by the AFRL.

Go to site.


MEERKATS is a novel architecture for cloud environments that elevates continuous system evolution, adaptation, and misdirection as first-rate design principles. Our goal is to enable an environment for cloud services that constantly changes along several dimensions, toward creating an unpredictable target for an adversary. This unpredictability will both impede the adversary’s ability to achieve an initial system compromise and, if a compromise occurs, to detect, disrupt, and/or otherwise impede his ability to exploit this success. Thus, we envision an environment where cloud services and data are constantly in flux, using adaptive (both proactive and reactive) protection mechanisms and distributed monitoring at various levels of abstraction. MEERKATS will effectively exploit “economies of scale” (in resources available) to provide higher flexibility and effectiveness in the deployment and use of protection mechanisms as and where needed, focusing on current and anticipated mission needs instead of an inefficient, “blanket” approach to protecting “everything, all the time” at the same level of intensity.

Funded by DARPA.

Go to site.


The WOMBAT (Worldwide Observatory of Malicious Behaviors and Attack Threats) project aims to develop malware collectors, analysis techniques and a repository for Internet threat analysis.
Funded by the EU FP7.


The DeWorm project combines flow-based approaches to intrusion detection with payload scanning to detect and stop flash worms.
Funded by STW Sentinels.


The Noah project aims to design a Pan-European Network of Affine Honeypots that cooperate to detect intrusion attempts.
Funded by the EU FP6.


The Scampi project aimed to develop a scalable monitoring platform for the Internet.
Funded by the EU IST.