Vulnerability Elimination

Today’s computer systems are large and complex. Œere have been tremendous research e‚orts to fully defend these systems, but it is still an elusive goal. Introducing radical design changes for security is not practical, or adding a small security enhancing component easily breaks the critical functionality of a system. Even if these issues are resolved, aŠackers are ever evolving, and they always €nd a vulnerability from tiny liŠle corner cases. My research focuses on building secure systems. In particular, my approach can be characterized by a practical prospect with a strong understanding on both aŠacks and computer systems. With the deep knowledge on aŠacks, my research comprehensively identi€ed the root cause of underlying vulnerabilities, and built security solutions completely eliminating causes [1, 2]. Further, my research analyzed emerging security issues that are newly introduced in modern system’s design and implementation [6, 9, 12], which enlightened to formulate the principle of secure system designs. I have also proposed aŠack countermeasures [3, 7, 8], which protects the system from being compromised. In addition, with the thorough understanding of computer systems, many of these techniques are carefully designed to scale to large and complex systems including Chrome, Firefox, the Linux kernel, and the Android OS, and already demonstrated its e‚ectiveness. My research results are recognized for their highly practical impacts, as noted by the Internet Defense Prize (awarded by Facebook and USENIX) and the best applied research paper (awarded by CSAW). Moreover, my research so‰ware has been deployed as part of the security infrastructure in Google and Mozilla, and widely covered in popular medias including ZDNet, Science 2.0, Phys.org, etc. In addition, my research results discovered and accordingly €xed more than 100 highly critical security vulnerabilities in various so‰ware, such as the Linux kernel, Chrome, Firefox, Safari, and etc., and received several vulnerability discovery gi‰s and awards in recognition of helping to secure their products. Further, undertaking these security problems brought pleasant interdisciplinary collaboration experiences beyond the security research domain: compilers [1, 2]; systems [3, 9]; programming languages [8]; networks [11]; and data mining [4].