Stelios Sidiroglou-Douskos

Stelios Sidiroglou-Douskos

Research Scientist
MIT, Computer Science and Artificial Intelligence Laboratory

Ph.D. 2008, Columbia University
M.Phil. 2006, Columbia University
M.Sc. 2003, Columbia University
The Stata Center, Building 32-G728
32 Vassar St, Cambridge, MA 02139
stelios at csail dot mit dot edu

 

About

Stelios is a research scientist in the Computer Science and Artificial Intelligence Laboratory at MIT in Cambridge, MA. He is also a member of the Center for Reliable Software CRS. His technical interests are in systems security, software reliability, software engineering and "unsound" computation.
He is also a co-founder of Locu, Inc.

Link to Google Scholar page.

News

Press on our Secure Cloud Computing Systems work:

Some press on our software self-healing work:

Some press on our Code Perforation work:

 

Research

My research interests span the areas of systems, security and programming languages. In particular, I investigate ways in which software can be pushed to operate beyond its prescribed use to provide innovative solutions such as self-healing software, collaborative application communities and energy-conscious computing. The motivation for this research is that today’s software systems are exploding in size and complexity, resulting in security vulnerabilities and pathological performance characteristics. Fortunately, complexity has a significant fringe benefit that can be used to combat these problems: software elasticity or the ability of a program to operate outside its intended use. Software elasticity is founded on the observation that as software grows in complexity so does its ability to tolerate unexpected events such as induced errors or reduced accuracy. In previous work, I used the concept of software elasticity to develop systems that can automatically heal themselves from a variety of faults. Recently, I have used software elasticity to create systems that can dynamically trade off accuracy for reliability, performance and power. In the future, the focus of my research will be on solving traditionally hard problems by challenging conventional assumptions.

Secure Cloud Computing Systems

Modern cloud computing systems offer unprecedented computational resources and flexibility in allocating those resources to a variety of users and tasks. But cloud computing systems also provide attackers with new opportunities and can amplify the ability of the attacker to compromise the computing infrastructure.

The Cloud Intrusion Detection and Repair project is developing a system that observes normal interactions during the secure operation of the cloud to derive properties that characterize this secure operation. If any part of the cloud subsequently attempts to violate these properties, the system intervenes and changes the interaction (by, for example, adding or removing operations or changing the parameters that appear in operations) to ensure that the cloud executes securely and survives the attack while continuing to provide uninterrupted service to legitimate users.

This project is currently funded under the DARPA Mission-Oriented Resilient Clouds (MRC) program. MIT is the sole performer.

Input Rectification

Applications are typically able to process the vast majority of inputs securely. Attacks usually succeed because they contain an atypical feature that the application does not process correctly. Our input rectification research observes inputs that the application processes correctly to derive a model (in the form of constraints over input fields) of the "comfort zone" of the application (the set of inputs that the application can process successfully). When it encounters an input that is outside the comfort zone, the rectifier uses the model to change the input to move the input into the comfort zone of the application. Our results show that this technique eliminates security vulnerabilities in a range of applications, leaves the overwhelming majority of safe inputs unchanged, and preserves much of the useful information in modified atypical inputs.

Code Perforation

Many modern computations (such as video and audio encoders, Monte Carlo simulations, and machine learning algorithms) are designed to trade off accuracy in return for increased performance. To date, such computations typically use ad-hoc, domain-specific techniques developed specifically for the computation at hand. Our research explores a new general technique, Code Perforation, for automatically augmenting existing computations with the capability of trading off accuracy in return for performance. In contrast to existing approaches, which typically require the manual development of new algorithms, our implemented SpeedPress compiler can automatically apply code perforation to existing computations with no developer intervention whatsoever. The result is a transformed computation that can respond almost immediately to a range of increased performance demands while keeping any resulting output distortion within acceptable user-defined bounds.

 

Papers

    2013

  1. [USPTO] "Systems, methods, and media protecting a digital data processing device from attack"
    Stelios Sidiroglou , Angelos D. Keromytis, and Salvatore J. Stolfo U.S. Patent Number 8,407,785. Issued on March 26th, 2013.

    2. 2012

  2. [RACES'12] "Dancing with Uncertainty
    Sasa Misailovic, Stelios Sidiroglou and Martin Rinard
    In the Proceedings of the SPLASH 2012 Workshop on Relaxing Synchronization for Multicore and Manycore Scalability
    June 2012, Zurich, Switzerland.
  3. [ICSE'12] "Automatic Input Rectification"
    Fan Long, Vijay Ganesh, Michael Carbin, Stelios Sidiroglou and Martin Rinard
    In the Proceedings of the 34th International Conference on Software Engineering.
    June 2012, Zurich, Switzerland.
  4. [USPTO] "Automatic Correction of Program Logic"
    Jeff Perkins, Stelios Sidiroglou , Martin Rinard, et al. . U.S. Patent Number 20120144227. Issued on June 7th, 2012.
  5. [USPTO] "Methods, media and systems for detecting anomalous program executions"
    Salvatore J. Stolfo, Angelos D. Keromytis and Stelios Sidiroglou , . U.S. Patent Number 8,074,115. Issued on January 7th, 2012.

    6. 2011

  6. [FSE'11] "Managing Performance vs. Accuracy Trade-offs With Loop Perforation"
    Stelios Sidiroglou, Sasa Misailovic, Henry Hoffman, Martin Rinard
    In the ACM SIGSOFT Symposium on the Foundations of Software Engineering.
    September 2011, Szeged, Hungary.

  7. [ASPLOS'11] "Dynamic Knobs for Power-Aware Computing"
    Stelios Sidiroglou, Henry Hoffman, Stelios Sidiroglou, Michael Carbin, Sasa Misailovic, Anant Agarwal and Martin Rinard
    In the Proceedings of the 15th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).
    March 2011, Newport beach, CA, USA
  8. [USPTO] "Methods, systems and media for software self-healing"
    Michael E. Locasto, Angelos D. Keromytis, Salvatore J. Stolfo, Angelos Stavrou, Gabriela Cretu, Stelios Sidiroglou, Jason Nieh, and Oren Laadan. U.S. Patent Number 7,962,798. Issued on June 14th, 2011.
  9. [USPTO] "Systems and methods for detecting and inhibiting attacks using honeypots"
    Stelios Sidiroglou , Angelos D. Keromytis, and Kostas G. Anagnostakis. U.S. Patent Number 7,904,959. Issued on March 8th, 2011.

    10. 2010

  10. [ICISC'10] "An Adversarial Evaluation of Network Signaling and Control Mechanisms"
    Kangkook Jee, Stelios Sidiroglou, Angelos Stavrou, Angelos D. Keromytis
    In the Proceedings of the 13th International Conference on Information Security and Cryptology (ICISC).
    December 2010, Seoul,Korea
  11. [ONWARD'10] Patterns and Statistical Analysis for Understanding Reduced Resource Computing
    Martin Rinard, Sasa Misailovic, Hank Hoffman and Stelios Sidiroglou,
    In the Proceedings of the Onward! 2010 Conference
    October 2010, Reno-Tahoe, Nevada, USA.
  12. [RAID '10] "BotSwindler: Tamper Resistant Injection of Believable Decoys in VM-Based Hosts for Crimeware Detection"
    Brian M. Bower, Pratap Prabhu, Vasileios P. Kemerlis, Stelios Sidiroglou, Angelos D. Keromytis and Salvatore J. Stolfo
    In the Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection.
    September 2010. Ottawa, Canada
  13. [ICSE '10] "Quality of Service Profiling"
    Sasa Misailovic, Stelios Sidiroglou, Hank Hoffman and Martin Rinard
    In the Proceedings of the 32nd International Conference on Software Engineering.
    May 2010, Cape Town, South Africa.
  14. [IJCNS '10] "Shadow Honeypots"
    Michalis Polychronakis, Periklis Akritidis, Stelios Sidiroglou , Kostas G. Anagnostakis, Angelos D. Keromytis, and Evangelos Markatos.
    In the International Journal of Computer and Network Security (IJCNS), vol. 2, no. 7, July 2010.

    15. 2009

  15. [SOSP '09] "Automatically Patching Errors in Deployed Software"
    Jeff H. Perkins (MIT), Sunghun Kim (HKUST), Sam Larsen (VMware), Saman Amarasinghe (MIT), Jonathan Bachrach (MIT), Michael Carbin (MIT), Carlos Pacheco (BCG), Frank Sherwood, Stelios Sidiroglou (MIT), Greg Sullivan (BAE AIT), Weng-Fai Wong (NUS), Yoav Zibin (Come2Play), Michael D. Ernst (U. of Washington), Martin Rinard (MIT)
    In the Proceedings of the 22th ACM Symposium on Operating Systems Principles (SOSP)
    October 2009, Big Sky, MT.
  16. [ASPLOS '09] "ASSURE: Automatic Software Self-healing Using REscue points"
    Stelios Sidiroglou, Oren Laadan, Carlos-Rene Perez, Nico Viennot, Angelos D. keromytis and Jason Nieh
    In the Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).
    March 2009, Washington, DC.
  17. "Methods and systems for repairing applications"
    Angelos D. Keromytis, Michael E. Locasto, and Stelios Sidiroglou. U.S. Patent Number 7,490,268. Issued on February 10th 2009.

    18. 2008

  18. "Software Self-Healing Using Error Virtualization"
    Stelios Sidiroglou. PhD Thesis. Columbia University May 2008.

    19. 2007

  19. [EC2ND '07] "Defending Against Next Generation Attacks Through Network/Endpoint Collaboration and Interaction"
    Spiros Antonatos, Michael E. Locasto, Stelios Sidiroglou, Angelos D. Keromytis, and Evangelos Markatos. In the Proceedings of the 3rd European Conference on Computer Network Defense (EC2ND). October 2007, Heraclion, Greece. (Invited paper)
  20. [USENIX SEC '07] "Proximity Breeds Danger: Emerging Threats in Metro-area Wireless Networks"
    Periklis Akritidis, W.Y. Chin, V.T. Lam, Stelios Sidiroglou, Kostas Anagnostakis
    in Proc. of USENIX Security 2007, August 2007 (Acceptance rate: 12.3%)
  21. [OAKLAND '07] "Using Rescue Points to Navigate Software Recovery (Short Paper)"
    Stelios Sidiroglou, Oren Laadan, Angelos D. Keromytis, and Jason Nieh. In the Proceedings of the IEEE Symposium on Security & Privacy. May 2007, Oakland, CA. (Acceptance rate: 8.3%)
  22. [IEEE SARNOFF '07] "Network Security as a Composable Service"
    Stelios Sidiroglou, Angelos Stavrou, and Angelos D. Keromytis. In the Proceedings of the IEEE Sarnoff Symposium. May 2007, Princeton, NJ. (Invited paper)
  23. [HOTDEP '07] "Band-aid Patching (Poster Paper)"
    Stelios Sidiroglou, Sotiris Ioannidis, and Angelos D. Keromytis. In the Proceedings of the 3rd Workshop on Hot Topics in System Dependability (HotDep). June 2007, Edinburgh, UK.

    24. 2006

  24. [HOTSEC '06] "Privacy as an Operating System Service"
    Stelios Sidiroglou, Sotiris Ioannidis and Angelos D. Keromytis. In the Proceedings of the Workshop on Hot Topics in Security (HOTSEC). August 2006, Vancouver, CA.
  25. "Execution Transactions for Defending Against Software Failures: Use and Evaluation"
    Stelios Sidiroglou and Angelos D. Keromytis. In Springer International Journal of Information Security (IJIS), vol. 5, no. 2, pp. 77 - 91, April 2006. (Extended version of the ISC 2005 paper.)

    26. 2005

  26. [IEEE Security & Privacy '05] "Countering Network Worms Through Automatic Patch Generation"
    Stelios Sidiroglou and Angelos D. Keromytis. IEEE Security & Privacy, Volume:3 Issue 6, Nov.2005. Pages: 41-49 An older, extended version is available as Columbia University Computer Science Department Technical Report CUCS-029-03, November 2003.
  27. [NDSS '05] "Software Self-Healing Using Collaborative Application Communities"
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In the Proceedings of the Internet Society (ISOC) Symposium on Network and Distributed Systems Security (SNDSS). February 2005, San Diego, CA. (Acceptance Rate: 13.6%)
  28. [ISC '05] "A Dynamic Mechanism for Recovering from Buffer Overflow Attacks"
    Stelios Sidiroglou, Giannis Giovanidis, and Angelos D. Keromytis. In the Proceedings of the 8th Information Security Conference (ISC). September 2005, Singapore. An older version of this paper is available as Columbia University Computer Science Department Technical Report CUCS-031-04, September 2004. (Acceptance rate: 14%)
  29. [USENIX SEC '05] "Detecting Targeted Attacks Using Shadow Honeypots"
    Kostas G. Anagnostakis, Stelios Sidiroglou, Periklis Akritidis, Konstantinos Xinidis, Evangelos Markatos, and Angelos D. Keromytis. In the Proceedings of the 14th USENIX Security Symposium. August 2005, Baltimore, MD. (Acceptance rate: 12.3%)
  30. [ISPEC '05] "An Email Worm Vaccine Architecture"
    Stelios Sidiroglou, John Ioannidis, Angelos D. Keromytis, and Salvatore J. Stolfo. In the Proceedings of the 1st Information Security Practice and Experience Conference (ISPEC) April 2005, Singapore
  31. [USENIX TECH '05] "Building A Reactive Immune System for Software Services"
    Stelios Sidiroglou, Michael E. Locasto, Stephen W. Boyd, Angelos D. Keromytis. In the Proceedings of the USENIX Annual Technical Conference. April 2005, Anaheim,CA
  32. [HOTDEP '05] "Application Communities: Using Monoculture for Dependability"
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In the Proceedings of the 1st Workshop on Hot Topics in System Dependability (HotDep), held in conjunction with the International Conference on Dependable Systems and Networks (DSN). June 2005, Yokohama, Japan.
  33. [NSPW '05] "Speculative Virtual Verification: Policy-Constrained Speculative Execution"
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In the Proceedings of the New Security Paradigms Workshop (NSPW). September 2005, Lake Arrowhead, CA.
  34. "Composite Hybrid Techniques for Defending against Targeted Attacks"
    Stelios Sidiroglou and Angelos D. Keromytis. In Malware Detection, vol. 27 of Advances in Information Security Series, Mihai Christodorescu, Somesh Jha, Douglas Maughan, Dawn Song, and Cliff Wang (editors). Springer, October 2006. (By invitation, as part of the ARO/DHS 2005 Workshop on Malware Detection.)

    2004

  35. "Hardware Support For Self-Healing Software Services"
    Stelios Sidiroglou, Michael E. Locasto, and Angelos D. Keromytis. In ACM SIGARCH Computer Architecture News, vol. 33, no. 1, pp. 42 - 47. March 2005. Also appeared In the Proceedings of the Workshop on Architectural Support for Security and Anti-Virus (WASSA), held in conjunction with the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI), pp. 37 - 43. October 2004, Boston, MA.
  36. [WASSA '04] "Hardware Support For Self-Healing Software Services"
    Stelios Sidiroglou, Michael E. Locasto, and Angelos D. Keromytis. In the Proceedings of the Workshop on Architectural Support for Security and Anti-Virus (WASSA), held in conjunction with the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI). October 2004, Boston, MA.

    37. 2003

  37. [IEEE Communications '03] "Topics in in-how networking -Ubiquitous computing in home networks"
    Stefan Berger, Henning Schulzrinne, Stelios Sidiroglou and Xiaotao Wu. Communications Magazine, IEEE, Volume:41 Issue 11, Nov.2003. Pages: 128-135
  38. [WETICE '03] "A Network Worm Vaccine Architecture"
    Stelios Sidiroglou and Angelos D. Keromytis. In Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security. June 2003, Linz, Austria.
  39. [NOSSDAV '03] "Ubiquitous Computing Using SIP"
    Stefan Berger, Henning Schulzrinne, Stelios Sidiroglou and Xiaotao Wu. In Proceedings of the ACM International Workshop on Network and Operating Systems Support for Digital Audio and Video (NOSSDAV). June 2003, Monterey, CA.