Welcome to the Security of Software (SOS) Lab!

Software systems are pervasive in all aspects of society. From online shopping to electronic voting, software has become an intrinsic part of business and our daily lives over the past few decades. However, software systems are not secure and robust. The media is full of reports of the catastrophic impact of software failures. A small collection of well-known software failures is available here.

The principal reason of software insecurity is the presence of software errors (i.e., bugs in computer jargon). For example, simple errors in software can result in buffer overruns or format string attacks that enable attackers to execute arbitrary code in attacked systems.

The SOS lab at Lehigh is a response to the urgent call for methodologies of making software secure. We are investigating the theory and constructing tools that help find and remove software errors, mitigate the effect of errors, and construct error-free software systems. The primary techniques we use are program analysis, program verification, programming languages, and compilers.

Current Projects

Past Projects

Reading Group

The Lab has a reading group every other week. Here's the schedule. It is currently organized by Ben Niu.

News

  • (1/17/12) We are glad to open source RockSalt 1.0, which includes a high-fidelity model of a subset of x86 in Coq. See this page.
  • (1/1/12) Tan received the NSF CAREER award with the project "User-Space Protection Domains for Compositional Information Security".
  • (1/1/12) The SOS lab is looking for talented undergraduate and graduate students to join. Undergrads who are interested in computer security can do a summer internship under the NSF REU program; see this page for more details.
  • (11/13/11) We are glad to release the source code of Robusta 1.0; Please see this page.
  • (7/15/11) Research paper "Combining Control-Flow Integrity and Static Analysis for Efficient and Validated Data Sandboxing" accepted by CCS-2011
  • (6/30/11) Research paper "Detection and Classification of Different Botnet C&C Channels" accepted by ATC-2011
  • (6/13/11) Research paper "JET: Exception checking in the Java Native Interface" accepted by OOPSLA '11
  • (2/3/11) Tan was a UN Panelist on fighting cybercrime (video | Lehigh article)
  • (1/5/11) Research paper "JNI Light: An Operational Model for the Core JNI" published in the NGC journal
  • Older news...

Location

Packard Lab 379. Contact info.

Links

Last modified: July 1st, 2011