Let's Encrypt

One of the worst problems with HTTPS is that it isn't adopted widely enough. Let's Encrypt should change this, by offering free certificates with installation, from an automated, trusted, CA. These past few weeks have been very busy for me, and I have not had a chance to write about the interesting problems I have been working on in the project over the past 2.5 years. Luckily, both my advisor, Alex Halderman, and my colleagues at the EFF have written nice blog posts regarding the project in the interim. Freedom To Tinker EFF Blog Post

OpenSSL Certificate Parsing

Although OpenSSL is one of the standard libraries for TLS and is used on millions of servers, its documentation leaves much to be desired. The library is so unwieldy that projects in the past have chosen to parse the output of the OpenSSL binary rather than use the underlying API. As part of Zmap, Zakir Durumeric and I demystified the certificate parsing with the OpenSSL API which has enabled our daily scans of the HTTPS certificate ecosystem and, in turn, much of my research. Code

Dynamic Taint Analysis

Instrumented dynamic taint analysis to code within the LLVM compiler. Adding the instrumentation within LLVM IR has a few key benefits. It allows the augmentation to be performed on both original source code in any of the languages supported by LLVM, as well as on binaries that are disassembled to the LLVM intermediate representation. The instrumented LLVM IR is also easily optimized by LLVM's existing passes. Presentation

Rogue Wireless Access Point

My midsemester attack project for EECS 588. We modified a Linksys WRT54G router to conduct a man-in-the-middle attack against users who connected through it. The router inserts Trojan horses into all executables downloaded over HTTP. Presentation

Browser Security Modes

Browsers use a one-size-fits-all security model that is applied to content of every type rather than tailoring their security to the requirements of the particular website. We built a Firefox extension to implement "e-commerce" and "banking" modes that adapt Firefox's security policies based on the user's browsing activity. Short Presentation

Web of Trust for Android Applications

A mechanism designed to allow the privacy and security information of third-party applications to flow from the advanced, knowledgeable users to the novices. Presentation

hTag: A Label-Based Extension for File Systems

Implementation of a labeling system for files on a traditional hierarchical file system. The labels can be applied through filters (similar to Gmail's) or manually through a GUI interface. The labels allow for quick search and retrieval of related files. Poster