Welcome to the Security of Software (SOS) Lab!
Software systems are pervasive in all aspects of society. From online shopping to electronic voting, software has become an intrinsic part of business and our daily lives over the past few decades. However, software systems are not secure and robust. The media is full of reports of the catastrophic impact of software failures. A small collection of well-known software failures is available here.
The principal reason of software insecurity is the presence of software errors (i.e., bugs in computer jargon). For example, simple errors in software can result in buffer overruns or format string attacks that enable attackers to execute arbitrary code in attacked systems.
The SOS lab at Lehigh is a response to the urgent call for methodologies of making software secure. We are investigating the theory and constructing tools that help find and remove software errors, mitigate the effect of errors, and construct error-free software systems. The primary techniques we use are program analysis, program verification, programming languages, and compilers.
- Modular Control-Flow Integrity
- Interface Safety in Multilingual Software
- User-space privilege separation