Projects

Here is a list of projects conducted for courses I take at UC Davis.

 

Dynamic Detection of Windows Rootkits

This is a course project conducted for Programming Language class (ECS 240).

Abstract: Stealth rootkits hiding themselves on the victim systems are becoming a major threat to computer systems. They are usually evasive as they use sophisticated stealth techniques to conceal files, processes, and other activities, making it extremely challenging to detect their presence in the system. Due to the popularity among enterprise and consumers, the Microsoft Windows operating systems have become an attractive target of rootkit authors. However, current detection techniques are mostly system-specific, and ineffective for unknown rootkits. In this paper, we present an effective technique to detect rootkits by identifying hidden objects. We propose a cross-view based approach, which dynamically maintains a separate process running in the system. Our approach does not rely on any system-specific data structures, and thus can work in different system versions. Besides, it does not focus on dealing with any specific hiding technique, therefore, it is able to detect unknown rootkits. We have developed a prototype, XView, and conducted experiments using some rootkit samples. The evaluation result shows that XView is able to identify the process hiding behaviors of all samples, and provide additional information for hidden processes.

 

A Security Architecture for Protecting Sensitive Information in Memory

This is a course project conducted with Fangqi Sun for Computer Architecture class (ECS 201A).

Abstract: Information security has become increasingly important in the information age. Among all the security issues is the leakage of sensitive information that poses a great threat to Internet security. This paper presents a security architecture to protect sensitive information in memory against possible attacks by preventing the misuse of information and ensuring the integrity of program control flow. Based on previous work, our approach takes the advantage of software fault isolation technique, and is therefore sound against runtime attacks. Evaluation using several popular network applications on a full system emulator demonstrates that the security architecture has little performance impact and incurs low runtime overhead.

 

Static Analysis for Detecting Cross-Site Scripting in Java Servlets

This is a course project conducted with Fangqi Sun for Computer Security class (ECS 235B).

Abstract: Cross-Site Scripting (XSS) is one of the most prevalent website vulnerabilities accompanied by the evolution of Javascript malware. In this paper, we present an approach to statically analyze Java servlets to find XSS vulnerabilities caused by weak or lack of input validation. We statically analyzed string values to distinguish trusted substring values from untrusted substring values. The results of our analysis can be used to prevent untrusted scripts from being executed in generated web pages.

 

Click here for a list of my previous projects done quite a while ago.