Manuel Egele
Collaborative Research: SaTC: CORE: Medium: App-driven Web Browsing: Novel Risks, Vulnerabilities, and Defenses
The modern web ecosystem is comprised of a multitude of non-browser applications that, while having the same ability to process and render web content, are developed with different technologies and exhibit different capabilities. In this new browsing paradigm, app developers are responsible for configuring and implementing security features that are already standardized in traditional browsers. […]
Collaborative Research: CNS Core: Medium: FROOT: Future-Proof, Trustworthy Telemetry on Heterogeneous Networks
With the growth of the Internet and its importance in supporting the US economy, business, health, education and other services, it is critical to ensure both high performance and high availability of the networks underlying it. Increasingly, such networks include a heterogeneous set of network switches and other devices which must be monitored and controlled […]
Automated Analytics for Improving Efficiency, Safety, and Security of HPC Systems
Performance variations are becoming more prominent with new generations of large-scale High Performance Computing (HPC) systems. Understanding these variations and developing resilience to anomalous performance behavior are critical challenges for reaching extreme-scale computing. To help address these emerging performance variation challenges, there is increasing interest in designing data analytics methods to make sense out of the […]
AI-based Scalable Analytics for Improving Performance, Resilience, and Security of HPC Systems
Next generation large-scale High Performance Computing (HPC) systems face important cost and scalability challenges due to anomalous system and application behavior resulting in wasted compute cycles and the ever-growing difficulty of system management. There is an increasing interest in the HPC community in using AI-based frameworks to tackle analytics and management problems in HPC so […]
Tools and Techniques to Improve the Granularity and Usability of Web Application Debloating
Modern web applications are the cornerstone of much of our online life. Unfortunately, web applications are a complex mix of different technology stacks (e.g., HTML, JavaScript, and PHP), and this complexity breeds security vulnerabilities that allow an adversary to launch successful attacks. Thus, we require new approaches and techniques to tame the complexity that seems […]
CAREER: Toward Securing Emerging Computing Platforms via Large-Scale Dynamic Analysis
The Internet of Things (IoT) is poised to permeate all aspects of our daily lives, from already existing smart home assistants, over increasingly popular industrial applications, to yet to be developed personal health devices. Clearly, these technologies offer exciting and new opportunities, yet the software and devices that comprise the IoT encompass serious security threats. […]
SaTC: CORE: Medium: Collaborative: Taming Memory Corruption with Security Monitors
Modern computing systems are under constant attack by organized crime syndicates, nation-state adversaries, and regular cyber-criminals alike. Among the most damaging attacks are those that exploit so-called memory corruption vulnerabilities which often confer the attacker with access to sensitive information or allow the attacker to execute arbitrary code on the victim’s machine. To counter the […]
In-Situ Malware Containment and Deception through Dynamic In- Process Virtualization
The malware landscape has evolved from the domain of attention-seeking miscreants, into a diverse spectrum ranging from best-effort mass-market malware to highly sophisticated state sponsored attacks using implants, remote access Trojans, and advanced evasion techniques. While existing research mainly focuses on detection, classification, and prevention of various malware threats, this project turns the table on […]