imchris.org

Last fall I moved to Berkeley and started as a postdoc in the EECS department for Vern Paxson. I’ve been there now for about 4 months working on a number of different security topics ranging from web security to bot nets.

On the web front we just found out that we have a paper in WWW 2010 on a system named Alhambra, that was the third (and final) part of my dissertation.

On bots, I’ve taken some responsibility on the farming of bots, including testing new malware binaries, attempting to identify malware, and keeping bots running in an environment where we can monitor them.

Another interesting project has involved Twitter (with Steve and Kurt), and I’ve been doing a lot of infrastructure work to get our code running on the scale we need. Python, Amazon’s EC2, and the multiprocessing library seem to be the key so far to making things work the scale we are aiming for.

Finally, climbing – There’s been a lot of weekend trips since I moved here: Yosemite, Kings Canyon, Pinnacles national monument, Mount Diablo, Bishop, Owns River gorge, Castle Rock state park, and probably others. Climbing a lot at Berkeley Ironworks too.

The Gazelle web browser, which was my summer project in 2008 at MSR, has been getting a lot of press lately and even has a wikipedia page now. It’s interesting to read and see what different writers say and how people have been reacting.

• A less technical article on CNET – Microsoft browser takes radical path
• More technical at OS news – Gazelle: Applying OS concepts to the browser
• From The Guardian – Google Chrome OS: is it copying Microsoft’s Gazelle or is it more like Splashtop?
• Good one from Arstechnica – Inside Gazelle, Microsoft Research’s “browser OS”
• MSR summary and description – When is a browser not a browser?

There’s two official docs from MSR on Gazelle, a tech report and the USENIX Security 2009 publication. The publication is an improved version of the TR, so I’d stick with that. If there are more, let me know (grier@imchris.org). I’ve given a couple talks on Gazelle, one at Stanford for EE 380 that is online somewhere, and anyone can email me for my slides.

The project that I designed and developed at MSR last summer is going to be at USENIX security (and was previously a tech report). It’s available as a PDF here.

Simply put, Gazelle is a browser with an OS architecture that provides greater strength against different types of attacks than other browsers. By adopting OS principles the browser is able to provide isolation for different-origin content, with additional control over display and user generated events. There’s a lot more to it and the full details are described in the paper.

Back to UIUC, we have adapted a couple of the ideas from the Gazelle paper into the OP web browser, such as the isolation of frames and the display security (and delegate-once policy), though it is a much different implementation than Gazelle.

Gazelle has been slashdotted a few times (first and second), and there’s a pretty good Arstechnica article on it.

Two more publications: The Gazelle paper is going to be at USENIX Security and a short paper at Web 2.0 Security and Privacy on plugin security. See my research page for more information! PDFs should be online as soon as I’ve finished the camera ready versions.

Also, I did a talk at Stanford for the Electrical Engineering Computer Systems Colloquium (EE 380), the video should be online here. There were some technical difficulties with the projector, but for the online version that might not be visible.

SigMIL participated in this year’s Engineering Open House with a project called unFriendly. The goal was originally to see if we could infer, with some degree of success, information about people on Facebook based on their friends’ profiles (we can).

After we had that, the goals changed some to a tool that creates profiles with different sources of information. We had Facebook data (from crawling), campus phone book data (also has a LDAP version), voter records (for Champaign County) and we put it all together in nice google-knockoff web site that lets people search and see what data we can gather and infer about someone. Right now our dataset is limited to people at UIUC, but it wouldn’t be difficult to extend it to larger groups.

Fall 08 started a quick and is already half over. I’ve been continuing my project from Microsoft Research, working with a security group there lead by Helen Wang and working on a couple other security projects at school. I’m almost done with the first part of the MSR project and we will be writing a paper soon. Until that’s written other projects are on hold.

It’s looking like I will be graduating sometime in the spring/summer of 2009 but nothing is final yet. I also want to get a little more research published before I get out of Urbana.

The Illinois Malicious Processor (IMP) project I worked on was written up by InfoWorld! Its a great read: Read it here – That is in addition to it being published at LEET and being awarded a Best Paper Award! The title is “Designing and Implementing Malicious Hardware” and its available online in HTML and PDF formats.

Sam, Shuo and I have had our paper accepted at the 2008 Symposium on Security and Privacy (Oakland) conference this spring. Here’s the PDF.

It was also written up in the news! “Secure web browsing with the OP web browser”, was featured in an article on eWeek in an article titled “Is There Room for a Security Browser?” By Ryan Naraine and the. The eWeek article was also Slashdotted (slashdot).

I’m going to Microsoft Research for the summer after I present at the IEEE Symposium on Security and Privacy. I’ll be out in Redmond, WA at the end of May through August. I’m going to be doing some pretty interesting research this summer (and some implementation). Once my slides are done for Oakland they will be up here.

This fall is a little bit different than most semesters – no class. I decided that I could fill my time easily enough with research that I didn’t need any busy work from courses. I’m currently working on web related security research, including client security, finding web exploits, and figuring out what to do with all of the amazing malware online. Once we have finished some of the work we are doing I’ll have links to source and papers online.

I’ve also been forced to participate in TCIP. I won’t put up here what I think of that project, but lets just say that I’m not all that happy about it.