Systems Software

ECE researchers have developed a technique to automatically verify security properties of legacy software binaries when no source code is available. Using machine-checked mathematical proofs, they verified the Linux Foundation’s Xen Hypervisor production software system (400,000 instructions) in 18 hours.

Working with the NSA’s Ghidra decompiler, an ECE team has developed a method to describe the precise meaning of the tool’s internal representation to prevent security analysis errors. Ghidra decompiles binaries into P-code before outputting the final C code, and allows users to analyze the P-code directly. Our researchers have developed formal P-code semantics to help interpret this intermediate step and prevent analysis errors.

The Popcorn Linux project explores operating system design for multicore architectures and how to automatically handle heterogeneous hardware. Some current efforts include support for C/POSIX/glibc, secure containers, and advanced security mechanisms, among other topics.

The Hyflow project explores concurrency challenges for multicore architectures, cluster systems, and geographically distributed systems.

As we work more and more in the cloud instead of locally on personal computers, security issues are becoming increasingly obvious and dangerous. Deploying an entire desktop environment to the cloud is cost-effective, but can be risky. To mitigate those risks, we are isolating the applications into separate virtual machines, putting each application behind its own firewall while allowing them to share systems such as the filesystem for a seamless user environment.

In the Popcorn Linux project, we are building a software stack—operating system, compiler, and run-time—that improves the programmability of heterogeneous computer architectures. The project is exploring an architecture design point that has multiple hardware cache-coherency domains, with each domain hosting cores of a different instruction-set-architecture, such as x86 or ARM.

Tomorrow’s computer systems rely on tomorrow’s computer programmers, and our researchers are working on that front as well. In a project called Game Changineer, our researchers are working on a new programming experience using natural language understanding. This method of programming still requires programmers to think logically, but allows the programming to flow like written paragraphs. Currently, the program is being piloted in K-12 classes at various schools, but the technology will ultimately be able to help programmers with anything from video games to autonomous vehicles—decreasing the opportunities for bugs and increasing their efficiency.

Borrowing technologies from networking researchers, we are exploring distributed operating system design that leverages fast fabric networks. Fast fabric networks are a network topology that spreads traffic across a mesh of tightly-woven nodes, and can open up opportunities to efficiently and tightly integrate multiple nodes into a single system.

In a project called Hyflow, we are working to understand what concurrency control abstractions can improve the programmability of multicore and distributed systems, without sacrificing performance, scalability, and dependability. A particular focus is the Byzantine failure model, which is an increasingly important security scenario for cloud infrastructures.

When working with multiple architectures on a single processor, there are challenges at every level. One of these is a bottleneck from multiple systems trying to access key data structures concurrently, which in turn decreases the efficiency of coordinating hardware resources and applications. Our researchers are working on a new framework that will overcome this bottleneck.

Although making computers faster is an important research focus, we also make sure they are secure enough for critical applications. An offshoot of the Popcorn Linux project, Secure Popcorn Linux, combines a Linux kernel, application binary interface, and compiler technology to enable a running process to move between different binary architectures like x86, ARM, and MIPS. Using this combination, we can substantially mitigate or eliminate code reuse and hardware based side channel attacks. It also migrates the effects of information leak vulnerabilities.