PAC Security Research

The Program Analysis and Compilation group at MIT/CSAIL in Cambridge MA has active research programs in the area of computer security. We are currently working on automatically securing existing programs against a wide variety of security vulnerabilities such as memory corruption, SQL/command injection, resource drains, etc. This work is part of the StoneSoup IARPA program. The StoneSoup BAA contains a good overview of the goals of the program.

We are targeting both Java programs and Windows binaries (without source or debug information). In both cases we are combining static analysis (provided by Kestrel Technology's Codehawk) with runtime analysis. Code that can not be shown to be safe statically can be instrumented at runtime. We are developing a variety of instrumentation ranging from binary program shepherding to taint analysis. We have wide range of openings in both Java analysis and binary analysis. These include UROPS (immediately and in the summer and fall), MEng students, graduate students, postdocs, and staff.

All of the research requires proficiency in either C or Java. Experience and/or interest in the one or more of the following areas is very helpful as well:

Windows system programming
Binary instrumentation (using tools such as DynamoRio or PIN)
Java instrumentation (using tools such as ASM or BCEL)
Computer security

If you are interested, please contact Jeff Perkins <jhp@csail.mit.edu>