SPHERE: Security, privacy & Performance Hardening & Enhancing Research Laboratory

sphere logo tiny darkblueWelcome to the SPHERE Laboratory!

SPHERE's mission is to conduct world-class research in hardening and enhancing security, privacy, and performance of programs through language-based transformations. Of key interest are both, compile-time (e.g., LLVM) and run-time techniques (e.g., just-in-time compilers and interpreters). Our goal is to apply these transformations in a fully automated and transparent way, i.e., without requiring source code annotations or modifications.

 

 

 

 

Research Areas

The SPHERE Laboratory conducts research in the areas of systems and software security and programming languages. Of particular interest is the intersection of both areas, i.e., when and how programming language transformations can either be leveraged to increase security, or advanced optimization techniques provide a speedup that allows for enabling much more expensive security enhancing and hardening transformations.

 

Security

Programming Languages

Our research focus in security is an area called language-based security. The goal is to use language-based transformations, such as compile-time transformations, to modify programs in a fully automatic and transparent fashion. Programs compiled with such transformations offer higher security with respect to a certain class of attacks. As a result, language-based security offers effectively cost-neutral, general protection of a large class of programs against multiple attack vectors.

An area of internationally expertise within SPHERE is research in the area of software diversity. The idea is to address a fundamental shortcoming in today's organization of software systems, viz. the monoculture. Broadly speaking, all computer "ecosystems" are monoculture: desktop computing is dominated by Microsoft operating systems and Intel CPUs, mobile computing by either Apple's or Google's monoculture, and similarly, network equipment follows a monoculture. The crux with this monoculture is that a single vulnerability that can be exploited simultaneously affects all members of the "ecosystem." Since there are hundreds of millions of desktop computers and billions of mobile devices, this monoculture is of tremendous benefit to attackers. Our research in software diversity tackles this very issue by diversifying programs at compile-time, such that, ideally, all resulting programs differ from each other. An attack will, therefore, not affect all devices in exactly the same manner, thus rendering large-scale, widespread attacks less effective.

Our research focus in programming languages is two-fold: (i) a variety of optimization techniques, for compilers, interpreters, and just-in-time compilers, and (ii) drastically increasing the simplicity, and thereby costs, of constructing software. In the area of optimization techniques, we are specifically interested in optimizing high-level programming languages, exemplified by Python. In prior work, we were able to push performance of the native CPython interpreter up to five-fold. Current research will further increase this performance level by what we presently expect to be a final optimization factor of eight fold.

 

In the area of efficient, simple construction of non-trivial large-scale software, we are researching novel techniques in constructing browsers and search engines. Specifically, we seek to use meta-linguistic techniques available in the Racket programming language, paired with advanced compilation and optimization techniques, to address long-standing issues in software construction. We just started this research, which comprises almost all flavors of PL research, including type theory, state-of-the-art verification technology, formal methods, traditional optimization techniques, and---of course---implementation aspects in the form of a variety of domain-specific languages and their interaction.