imchris.org

The project that I designed and developed at MSR last summer is going to be at USENIX security (and was previously a tech report). It’s available as a PDF here.

Simply put, Gazelle is a browser with an OS architecture that provides greater strength against different types of attacks than other browsers. By adopting OS principles the browser is able to provide isolation for different-origin content, with additional control over display and user generated events. There’s a lot more to it and the full details are described in the paper.

Back to UIUC, we have adapted a couple of the ideas from the Gazelle paper into the OP web browser, such as the isolation of frames and the display security (and delegate-once policy), though it is a much different implementation than Gazelle.

Gazelle has been slashdotted a few times (first and second), and there’s a pretty good Arstechnica article on it.

Fall 08 started a quick and is already half over. I’ve been continuing my project from Microsoft Research, working with a security group there lead by Helen Wang and working on a couple other security projects at school. I’m almost done with the first part of the MSR project and we will be writing a paper soon. Until that’s written other projects are on hold.

It’s looking like I will be graduating sometime in the spring/summer of 2009 but nothing is final yet. I also want to get a little more research published before I get out of Urbana.

The Illinois Malicious Processor (IMP) project I worked on was written up by InfoWorld! Its a great read: Read it here – That is in addition to it being published at LEET and being awarded a Best Paper Award! The title is “Designing and Implementing Malicious Hardware” and its available online in HTML and PDF formats.

Sam, Shuo and I have had our paper accepted at the 2008 Symposium on Security and Privacy (Oakland) conference this spring. Here’s the PDF.

It was also written up in the news! “Secure web browsing with the OP web browser”, was featured in an article on eWeek in an article titled “Is There Room for a Security Browser?” By Ryan Naraine and the. The eWeek article was also Slashdotted (slashdot).

I’m going to Microsoft Research for the summer after I present at the IEEE Symposium on Security and Privacy. I’ll be out in Redmond, WA at the end of May through August. I’m going to be doing some pretty interesting research this summer (and some implementation). Once my slides are done for Oakland they will be up here.

This fall is a little bit different than most semesters – no class. I decided that I could fill my time easily enough with research that I didn’t need any busy work from courses. I’m currently working on web related security research, including client security, finding web exploits, and figuring out what to do with all of the amazing malware online. Once we have finished some of the work we are doing I’ll have links to source and papers online.

I’ve also been forced to participate in TCIP. I won’t put up here what I think of that project, but lets just say that I’m not all that happy about it.

This semester produced a couple interesting things. First, a project which tries to detect malware (particularly rootkits) and runs outside the OS, in a virtual machine. Second, another paper written by me, this time on botnets and command and control networks which use peer-to-peer protocols (open source and custom). I’m also finally done with all my course work at school.

Summer plans include a little bit of vacation time, DEFCON, and research here at school.

Summer 2006 was a good summer, definitely a good time, good job, and fun place. I worked in Berkeley, CA and lived right down the street from ICIR where I worked. Berkeley pretty much had everything I wanted and if its wasn’t downtown Berkeley, then its just a short subway (BART) ride to get there. There was a lot of things going on, and lots of crazy people wandering around (like me) at all times of the day.

As for my job, I worked with Vern Paxson on creating anonymization policy for application layer protocols. In my first couple weeks, I ported anonymizers for DNS and HTTP. After I did that I was familiar with the Bro IDS code and BINPAC, and was able to implement a parser for the SMB/CIFS protocol (as well as Netbios, MS Browse, and some RPC/named pipe functionality). The end result is a detailed parser for CIFS that can also rewrite packets in an anonymized form. This is the protocol that does most of the things in Network Neighborhood and allows users to mount network drives and do network file system operations. Its a complicated protocol, with many things going on that make it hard to parse (an anonymize).