Stony Brook University Logo Department of Computer Science Stony Brook Search Button
Secure Systems Lab

Design/implementation of Policy and Specification Languages

Language-based techniques have formed the basis of much of our research in security. Of particular interest have been

  • Policy languages for expressing security policies at different levels
  • Domain-specific languages for specification based and anomaly-based intrusion detection,
  • Sound and efficient implementation of these languages.

Our research has developed policy languages and efficient enforcement techniques in the context of untrusted (and potentially malicious) code containment  [9, 10, 17, 20], as well as in the context of detecting attacks on benign software  [7, 14]. We have also developed new behavior specification languages and efficient runtime monitoring techniques for host-based and network intrusion detection  [19, 21, 25, 26, 24].

An important focus of our security policy research is that of coming up with policy languages and/or security policies that are easy to specify, and can compactly represent the relevant security concerns. Closely related to this effort is our research on synthesizing or inferring security policies  [10, 11] by observing system behavior, and/or by utilizing other sources of information.

Related Publications

[1]  A New Tag-Based Approach for Real-Time Detection of Advanced Cyber Attacks
Md Nahid Hossain
PhD Dissertation (Stony Brook University) January, 2022.
[2]  On the Effectiveness of Cyber-Attack Campaign Investigation with Reduced Audit Logs
Maggie Zhou
Undergraduate (Honors) Thesis (Stony Brook University) January, 2021.
[3]  Combating Dependence Explosion in Forensic Analysis Using Alternative Tag Propagation Semantics
Md Nahid Hossain, Sanaz Sheikhi and R. Sekar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2020.
(A 2-minute demo and the conference presentation are also available.).
[4]  HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows
Sadegh Milajerdi, Rigel Gjomemo, Birhanu Eshete, R. Sekar and V.N. Venkatakrishnan
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2019.
[5]  SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data
Md Nahid Hossain, Sadegh Milajerdi, Junao Wang, Birhanu Eshete, Rigel Gjomemo, R. Sekar, Scott D. Stoller and V.N. Venkatakrishnan
USENIX Security Symposium (USENIX Security) August, 2017. (Talk).
[6]  WebSheets: Web Applications for Non-Programmers
Riccardo Pelizzi and R. Sekar
New Security Paradigms Workshop (NSPW) September, 2015.
[7]  An Efficient Black-box Technique for Defeating Web Application Attacks
R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2009.
[8]  Fast Packet Classification for Snort
Alok Tongaonkar, Sreenaath Vasudevan and R. Sekar
USENIX Large Installation System Administration Conference (LISA) November, 2008.
[9]  Expanding Malware Defense by Securing Software Installations
Weiqing Sun, R. Sekar, Zhenkai Liang and V.N. Venkatakrishnan
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.
[10]  Practical Proactive Integrity Preservation: A Basis for Malware Defense
Weiqing Sun, R. Sekar, Gaurav Poothia and Tejas Karandikar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2008.
[11]  Inferring Higher Level Policies from Firewall Rules
Alok Tongaonkar, Niranjan Inamdar and R. Sekar
USENIX Large Installation System Administration Conference (LISA) November, 2007.
[12]  A Framework for Building Privacy-Conscious Composite Web Services
Wei Xu, V.N. Venkatakrishnan, R. Sekar and I.V. Ramakrishnan
IEEE International Conference on Web Services (ICWS) September, 2006. (Application Services and Industry Track).
[13]  On Supporting Active User Feedback in P3P
V.N. Venkatakrishnan, Wei Xu and Rishi Kant Sharda
Secure Knowledge Management Workshop (SKM) September, 2006.
[14]  Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks
Wei Xu, Sandeep Bhatkar and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2006. (An earlier version appeared as Technical Report SECLAB-05-06, November 2005. Also supercedes Technical Report SECLAB-05-05 A Unified Approach for Preventing Attacks Exploiting a Range of Software Vulnerabilities, August 2005, and Technical Report SECLAB-05-04 Practical dynamic taint analysis for countering input validation attacks on web applications, May 2005, [PDF]).
[15]  An Approach for Realizing Privacy-Preserving Web-Based Services (Poster)
Wei Xu, R. Sekar, I.V. Ramakrishnan and V.N. Venkatakrishnan
14th International World Wide Web Conference (WWW) May, 2005.
[16]  A Secure Composition Framework for Trustworthy Personal Information Assistants
V.N. Venkatakrishnan, Wei Xu, I.V. Ramakrishnan and R. Sekar
IEEE International Conference on Integration of Knowledge Intensive Multi-Agent Systems (KIMAS) April, 2005.
[17]  Model-Carrying Code: A Practical Approach for Safe Execution of Untrusted Applications
R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar and Daniel DuVarney
ACM Symposium on Operating Systems Principles (SOSP) October, 2003.
[18]  An approach for Secure Software Installation
V.N. Venkatakrishnan, R. Sekar, Sofia Tsipa, Tapan Kamat and Zhenkai Liang
USENIX Large Installation System Administration Conference (LISA) November, 2002.
[19]  Specification-based anomaly detection: a new approach for detecting network intrusions
R. Sekar, Ajay Gupta, James Frullo, Tushar Shanbhag, Abhishek Tiwari, Henglin Yang and Sheng Zhou
ACM Conference on Computer and Communications Security (CCS) October, 2002.
[20]  Empowering mobile code using expressive security policies
V.N. Venkatakrishnan, Ram Peri and R. Sekar
New Security Paradigms Workshop (NSPW) September, 2002.
[21]  Experiences with Specification Based Intrusion Detection System
Prem Uppuluri and R. Sekar
Recent Advances in Intrusion Detection (RAID) October, 2001.
[22]  Model-Carrying Code (MCC): A New Paradigm for Mobile-Code Security
R. Sekar, C.R. Ramakrishnan, I.V. Ramakrishnan and Scott Smolka
New Security Paradigms Workshop (NSPW) September, 2001.
[23]  Model-Based Analysis of Configuration Vulnerabilities
C.R. Ramakrishnan and R. Sekar
ACM CCS Workshop on Intrusion Detection Systems (WIDS) October, 2000.
[24]  Building Survivable Systems: An Integrated Approach based on Intrusion Detection and Damage Containment
Thomas Bowen, Dana Chee, Mark Segal, R. Sekar, Tushar Shanbhag and Prem Uppuluri
DISCEX (DISCEX) February, 2000.
[25]  A High-Performance Network Intrusion Detection System
R. Sekar, Guang Yang, Shobhit Verma and Tushar Shanbhag
ACM Conference on Computer and Communications Security (CCS) November, 1999.
[26]  Synthesizing Fast Intrusion Detection/Prevention Systems from High-Level Specifications
R. Sekar and Prem Uppuluri
USENIX Security Symposium (USENIX Security) August, 1999.
[27]  On Preventing Intrusions by Process Behavior Monitoring
R. Sekar, Thomas Bowen and Mark Segal
USENIX Intrusion Detection Workshop () April, 1999.
Overview

Research Areas

Source-code analysis/transformation
Binary analysis/rewriting
Policy/Specification Languages
OS and Virtualization Techniques
Algorithms
Learning/anomaly detection
Formal methods/Foundations


Research Problems

Randomization/Memory Errors
Information flow analysis
Automated Exploit Defenses
Virtual Network Lab
Safe execution/attack recovery
Automated signature generation
Malware/Untrusted code defense
Intrusion/Anomaly detection
Fast packet matching
Policy generation tools


Local Search



Home Contact NSI Computer Science Stony Brook University

Copyright © 1999-2013 Secure Systems Laboratory, Stony Brook University. All rights reserved.