SHF

Modern multicore and manycore architectures have a number of new security threats. For example, shared microarchitecture components such as caches, core inter-connection networks, and memory controllers can be exploited for side-channel attacks or denial of service attacks. The evolution of workloads to exploit explicit parallelism will also likely lead to additional new threats. New forms of active viruses and trojans that reside on some cores and attempt to attack other applications are likely to arise.

The project develops automated methods for the tool-aided design and analysis of multi-agent systems with incentives. These systems are natural models for real-world situations in which collections of actors interact with one another in an autonomous and self-interested manner. For example, such a system can model a set of software agents that participate in an internet-based protocol, such as an advertisement auction or crypto currency; a collection of robots that share physical or digital infrastructure; or a set of cells that participate in an evolutionary process.

Web applications play a crucial role in every aspect of our lives, including banking, commerce, education and healthcare and travel. Despite their importance and ubiquity, they remain notoriously hard to design, develop and deploy as they span several tiers and languages: an HTML/JavaScript client that runs on users' browsers, a central server that implements the application's logic in the "cloud" and a database that stores persistent user data. The goal of this research is to build upon recent advances in SMT-based software verification to develop reliable and secure web frameworks.

Pluggable types allow programmers to extend a language's type system to enhance program correctness and program security. Unfortunately, pluggable types require annotations in the program, and therefore, place a burden on programmers. This annotation burden is one reason why pluggable types have not been widely adopted in practice. This project will develop techniques that will allow programmers to realize the benefits of pluggable types without incurring the annotation burden. One concrete application (and thrust of the project) tackles security and privacy of Android apps.