Franz

Professor Franz’s Research

Prof. Franz’s current research emphases lie in the areas of Systems Software, particularly focusing on compilers and virtual machines, in Trustworthy Computing, with a focus on biologically-inspired defenses such as automated code diversity and on information-flow, and in Software Engineering, with an emphasis on software architecture for secure systems and on reducing the trusted code base. His emphasis also lies on software security and virtual machine technology. He is the Director of the Security Systems and Languages Laboratory at the University of California, Irvine, one of the top research teams on dynamic compilation, virtual machines and language-based computer security.

Research

​His current research emphases lie in the areas of Systems Software, particularly focusing on compilers and virtual machines, in Trustworthy Computing, with a focus on biologically-inspired defenses such as automated code diversity and on information-flow, and in Software Engineering, with an emphasis on software architecture for secure systems and on reducing the trust code base.

Selected Project
Defending Mobile Apps Through Automated Software Diversity

The problem of exploitable software vulnerabilities has been less pronounced in the mobile device space until now. This is most probably simply a result of the fact that, until recently, mobile devices had very small memories and ran only very small programs. The incidence of software errors tends to be proportional to overall code size. However, software for mobile devices is currently undergoing a rapid expansion. A modern smartphone with a 1.2 GHz dual-core processor (such as the Galaxy Nexus from Samsung) is more capable than a desktop computer was just a decade ago. Modern smartphone and tablet operating systems are now frequently based directly on desktop operating systems (such as Linux or MacOS), and the applications (or “Apps”) running on top of them are starting to be of substantial size. Hence, it is quite likely that it will be just a matter of time until mobile devices are plagued by the same vulnerabilities as their larger desktop counterparts.

The risks resulting from such exploitable vulnerabilities are particularly severe in the context of Mobile Apps for frequent travellers as well as troops overseas. First, an adversary knowing about such a vulnerability may be able to mount a targeted attack at a critical moment to steal trade secrets or influence the outcome of a battle. Second, the various Apps come from different providers and are assembled on-device in an ad-hoc fashion via an App Store, so that there is neither a consistent configuration nor a consistent level of quality across the software base. Third, businessmen and warfighters deployed overseas may spend long periods without high-bandwidth connectivity. As a result, they may not have access to the latest versions of device operating systems and App software.

This third point is crucial. Apps for mobile devices tend to evolve much more quickly than traditional desktop software. For many Apps in the Android Market and Appstore for Android, for instance, release cycles are expressed in days rather than months. While some releases are related to feature updates, a significant number of application upgrades are simply bug fixes. Such a bug fix (in the form of either a patch or a replacement App) gives a potential adversary information that can be used to precisely identify the vulnerability being fixed in the new version. A significant proportion of software exploits today are generated from reverse engineering of bug patches.

The average time lag between patch availability and patch installation is a good predictor for overall vulnerability. Unfortunately, this time lag is orders of magnitude greater for warfighters deployed in remote locations with limited network connectivity, making them exceptionally more vulnerable than ordinary users of Apps on mobile devices. The research we are proposing is directed at eliminating this vulnerability.

Unique Approach: Our project focuses on basic scientific research with the aim of harnessing compiler-generated software diversity for defense purposes. In our approach, the App Store contains a diversification engine (a “multicompiler”) that automatically generates a unique, but functionally identical version of each Mobile App each time that a downloader requests it. All the different versions of the same App behave in exactly the same way from the perspective of the end-user, but they implement their functionality in subtly different ways. As a result, any specific attack will succeed only on a small fraction of targets. An attacker would require a large number of different attacks and would have no way of knowing a priori which specific attack will succeed on which specific target. Hence, the cost to the attacker is raised dramatically.

Equally importantly, our approach makes it much more difficult for an attacker to generate attack vectors by way of reverse engineering of security patches. An attacker requires two pieces of information to extract a vulnerability from a bug fix: the version of the App that is vulnerable and the specific patch that fixes the vulnerability. In an environment in which software is diversified and every instance of every App is unique, we can set things up so that the attacker never obtains a matching pair of vulnerable App and its corresponding bug fix that could be used to identify the vulnerability.

For more information, please visit Professor Franz’s website.