David Lee/Ernst Weber Professor
Director, NYU WIRELESS
Prof. of Electrical and Computer Eng
Prof. of Computer Science
Prof. of Radiology
Seattle provides a secure facility for the execution of code (geared primarily toward networking and distributed systems). We have built a testbed that as of December 2012 has about 3-6 thousand available systems at a time (out of a pool of about 20 thousand nodes). Seattle has seen significant use both ineducational and research communities.
If you're interested in educational materials for networking, cloud, or computer security classes, I recommend looking at Seattle's reusable educational modules. Seattle has been used in more than 40 classes across more than a dozen universities.
Seattle's educational materials are the top ranked resource on the ACM SIGCOMM Educational Resources website. Assignments using Seattle are being included in the next versionof the most popular networking textbook.
One of the important building blocks of the Seattle testbed is our code code execution sandbox. Our sandbox is designed to resist implementation flaws and is easily extensible with new policies. This means that users can feel confident that Seattle does not pose a major security risk. For more details on the security properties of our sandbox, please see our CCS paper.
For more information, please visit our website.
The TUF project focuses on fixing security issues in software updaters in a holistic manner. Unfortunately, many software updaters cannot be easily modified because they are either closed source or poorly maintained. However, as our previous work has shown, many existing software update systems are vulnerable to man-in-the-middle attackers. To secure these software updaters, we will intercept the client's software updater traffic using a proxy on the local machine. The client-side proxy will retrieve security metadata from a repository we control to protect even those clients that use insecure updaters.
We recently examined how to construct a software update system that is resilient to key compromise. This design is being used inside of TUF.
For more information, please visit https://www.updateframework.com/.
Stork (and the follow on project Raven) provide intelligent package management for real world systems. In particular, we focus on problems with current package managers related to security, virtualization, and scale.
We've also examined the security of different package managers. We looked at ten popular package managers and found they are vulnerable to a variety of attacks. Furthermore, launching these attacks is trivial because we demonstrate it is simple to obtain an official mirror for a distribution.
Ryan Globbi at the CERT was kind enough to contact the developers to responsibly disclose the vulnerabilities and also published a blog entry on the subject. There was also a spirited discussion about this research on slashdot and other popular forums.
Rhizoma is a constraint-based runtime system for distributed applications which is self-hosting. The application manages itself to the extent of acquiring and releasing resources (in particular, virtual machines) in response to failures, offered load, or changing policy. Operators developing and deploying application using Rhizoma specify desired application deployment using a form of constrained logic programming, and the Rhizoma runtime uses this to drive resource requests continuously during the lifetime of the application.
San Fermín is a system for aggregating large amounts of data from the nodes of large-scale distributed systems. Each San Fermín node individually computes the aggregated result by swapping data with other nodes to dynamically create its own binomial tree. Nodes that fall behind abort their trees, thereby reducing overhead. Having each node create its own binomial tree makes San Fermín highly resilient to failures and ensures that the internal nodes of the tree have high capacity, thereby reducing completion time.