Stelios Sidiroglou-Douskos

Stelios Sidiroglou-Douskos

Research Scientist
MIT, Computer Science and Artificial Intelligence Laboratory

Ph.D. 2008, Columbia University
M.Phil. 2006, Columbia University
M.Sc. 2003, Columbia University
The Stata Center, Building 32-G728
32 Vassar St, Cambridge, MA 02139
stelios at csail dot mit dot edu

 

About

I am a research scientist in the Computer Science and Artificial Intelligence Laboratory at MIT in Cambridge, MA. My technical interests are in systems security, programming languages, and software engineering.
I am also interested in entrepreneurship: I am a co-founder of Locu, Inc. ( Acquired by GoDaddy ) and AarnoLabs, LLC.

Link to Google Scholar page.

News

  • Press coverage on our CodeCarbonCopy work from MIT News and Vice.

  • Our paper "CodeCarbonCopy" was accepted at FSE 2017

 

Research

My research interests span the areas of security, programming languages and software engineering. I investigate ways in which software can be pushed to operate beyond its prescribed use to provide innovative solutions such as self-healing software, automatic code transfer, collaborative application communities and energy-conscious computing. Today’s software systems are exploding in size and complexity, resulting in security vulnerabilities and performance issues. Fortunately, there is a significant fringe benefit to all this complexity: software elasticity, or the ability of a program to operate outside its intended use. Software elasticity is founded on the observation that as software grows in complexity, so does its ability to tolerate unexpected events such as induced errors or reduced accuracy. My research utilizes software elasticity to develop faster, more robust and resilient systems, solving traditionally hard problems by challenging conventional assumptions about the way software systems operate.

Automatic Code Transfer

Software developers often transfer functionality between applications by copying code originally developed for one application (the donor application) into another application (the recipient application). Current practice involves manually adapting the copied code to operate within the environment of the recipient. The software development overhead associated with this manual adaptation can complicate the ability of developers to rapidly and easily transfer functionality between applications. Automatic Code Transfer automates the transfer of desired functionality, including translating the data representation from the donor representation to the recipient representation. It can also eliminate errors in recipient software applications by finding correct code in donor applications, then transferring that code from the donor into the recipient.

CodeCarbonCopy is the first system for automatically transferring code from a donor application into a recipient application. CodeCarbonCopy can automatically translate between different data representation layouts in the donor and recipient.

CodePhage is the first system for automatically transferring correct security checking code from donor applications into recipient applications that process the same inputs to successfully eliminate errors in the recipient.

Input Rectification

Applications are typically able to process the vast majority of inputs securely. Attacks usually succeed because they contain an atypical feature that the application does not process correctly. Our input rectification research observes inputs that the application processes correctly to derive a model (in the form of constraints over input fields) of the "comfort zone" of the application (the set of inputs that the application can process successfully). When it encounters an input that is outside the comfort zone, the rectifier uses the model to change the input to move the input into the comfort zone of the application. Our results show that this technique eliminates security vulnerabilities in a range of applications, leaves the overwhelming majority of safe inputs unchanged, and preserves much of the useful information in modified atypical inputs.

SIFT is a sound input filter system with sophisticated program analysis techniques. It guarantees to filter out all malicious inputs that trigger critical integer overflow errors.

SOAP is the first automatic input rectification system. It enforces a set of inferred invariants on the inputs so that potentially malicious inputs are transformed to benign inputs.

Code Perforation

Many modern computations (such as video and audio encoders, Monte Carlo simulations, and machine learning algorithms) are designed to trade off accuracy in return for increased performance. To date, such computations typically use ad-hoc, domain-specific techniques developed specifically for the computation at hand. Our research explores a new general technique, Code Perforation, for automatically augmenting existing computations with the capability of trading off accuracy in return for performance. In contrast to existing approaches, which typically require the manual development of new algorithms, our implemented SpeedPress compiler can automatically apply code perforation to existing computations with no developer intervention whatsoever. The result is a transformed computation that can respond almost immediately to a range of increased performance demands while keeping any resulting output distortion within acceptable user-defined bounds.

Projects

DARPA: Transparent Computing (TC)

Today’s computer systems are essentially opaque. They contain millions of lines of code, with the purpose and behavior of much of this code not immediately clear to end users. Extensive configuration options offer useful enhanced functionality but provide convenient openings for attackers. The most insidious attacks combine desirable functionality with hidden malware that (for example) silently exfiltrates sensitive information , corrupts data, or waits for a remote trigger before disabling critical functionality.

The goal of the ClearScope project is to instrument the entire mobile software stack to efficiently generate a precise and comprehensive provenance graph to make the operation of the mobile device transparent and effectively analyzable. The goal is to do so with acceptable overhead, specifically no more than 100% overhead, and to provide fully precise value-level provenance tracking with no provenance conflation. The generated information will be configurable to enable a wide variety of software analytics.

DARPA: Mining and Understanding Software Enclaves (MUSE)

Software is becoming increasingly complex and sophisticated as computing devices become more pervasive. At the same time, approaches for software development and maintenance have not evolved commensurately to this complexity, leading to brittle, insecure programs with errors ranging from runtime failures to large-scale security violations. As software continues to increase in complexity, it is necessary to fundamentally change the capabilities of development environments to prevent exponential increases in errors.

The goal of the CLIO project is to develop a data-driven approach to computer- aided programming. CLIO will use the massive amounts of available data (and metadata) about existing programs and their runtime behavior to introduce automation into software development and maintenance tasks. The goal of the proposed system is to serve as a programming assistant that takes high-level guidance from a programmer regarding a task that needs to be performed and produces high-quality code with minimal interaction.

DARPA: Secure Cloud Computing Systems (MRC)

Modern cloud computing systems offer unprecedented computational resources and flexibility in allocating those resources to a variety of users and tasks. But cloud computing systems also provide attackers with new opportunities and can amplify the ability of the attacker to compromise the computing infrastructure.

The Cloud Intrusion Detection and Repair project is developing a system that observes normal interactions during the secure operation of the cloud to derive properties that characterize this secure operation. If any part of the cloud subsequently attempts to violate these properties, the system intervenes and changes the interaction (by, for example, adding or removing operations or changing the parameters that appear in operations) to ensure that the cloud executes securely and survives the attack while continuing to provide uninterrupted service to legitimate users.

 

Media Coverage

Press on #CodeCarbonCopy

Press on #CodePhage

Locu acquired by GoDaddy:

Press on our Secure Cloud Computing Systems work:

Some press on our software self-healing work:

Some press on our Code Perforation work:

 

Papers

    2017

  1. [FSE] "CodeCarbonCopy"
    Stelios Sidirouglou-Douskos , Eric Lahtinen, Anthony Eden, Fan Long, and Martin Rinard, FSE 2017
  2. [USPTO] "Systems, methods, and media for testing software patches"
    Stelios Sidirouglou-Douskos , Angelos Keromytis, US Patent 9,606,905
  3. [USPTO] "Systems, methods, and media protecting a digital data processing device from attack"
    Stelios Sidirouglou-Douskos , Angelos Keromytis, Sal Stolfo, US Patent 9,544,322

    4. 2016

  4. [IEEE Security and Privacy] "IEEE SecDev 2016: Prioritizing Secure Development"
    Robert Cunningham, Pamela Gupta, Ulf Lindqvist, Stelios Sidiroglou-Douskos, Michael Hicks, IEEE Security and Privacy, Volume 14, Issue 4, Pages 82-84.
  5. [DIMVA] "AutoRand: Automatic Keyword Randomization to Prevent Injection Attacks"
    Jeff Perkins, Jordan Eikenberry, Alessandro Coglio2, Daniel Willenson, Stelios Sidirouglou-Douskos , and Martin Rinard, DIMVA 2016

    6. 2015

  6. [CCS] "Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity"
    Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, Stelios Sidiroglou-Douskos . CCS 2015
  7. [HPEC] "Program Fracture and Recombination for Efficient Automatic Code Reuse"
    Peter Amidon, Eli Davis, Stelios Sidiroglou-Douskos , Martin Rinard. HPEC 2015
  8. [PLDI] "Automatic Error Elimination by Multi-Application Code Transfer"
    Stelios Sidiroglou-Douskos , Eric Lahtinen, Fan Long, Martin Rinard. PLDI 2015
  9. [Oakland] "Missing the Point: On the Effectiveness of Code Pointer Integrity"
    Isaac Evans, Samuel Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos , Martin Rinard, Hamed Okhravi. Oakland 2015
  10. [ASPLOS] "Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement"
    Stelios Sidiroglou , Eric Lahtinen, Nathan Rittenhouse, Paolo Piselli, Fan Long, Doekhwan Kim, Martin Rinard. ASPLOS 2015
  11. [NDSS] "Principled Sampling for Anomaly Detection"
    Brendan Juba, Christopher Musco, Fan Long, Stelios Sidiroglou , Martin Rinard. NDSS 2014.
  12. [USPTO] " Systems, methods, and media protecting a digital data processing device from attack""
    Stylianos Sidiroglou, Angelos D. Keromytis, and Salvatore J. Stolfo. U.S. Patent 9,143,518. Issued on September 22, 2015.

    13. 2014

  13. [USPTO] "Automatic Correction of Program Logic"
    Jeff Perkins, Stelios Sidiroglou , Martin Rinard, et al. . U.S. Patent Number 8788884. Issued on June 7th, 2014.
  14. [USPTO] "Systems, methods, and media for testing software patches "
    Angelos D. Keromytis and Stylianos Sidiroglou. U.S. Patent Number 8,683,450. Issued on March 25, 2014.
  15. [PLDI] "Automatic Runtime Error Repair and Containment via Recovery Shepherding"
    Fan Long, Stelios Sidiroglou , Martin Rinard. PLDI 2014.
  16. [POPL] "Sound Input Filter Generation for Integer Overflow Errors"
    Fan Long, Stelios Sidiroglou , Deokhwan Kim, Martin Rinard. POPL 2014.

    17. 2013

  17. [CASCON] "A Source-to-Source Transformation Tool for Error Fixing"
    Your Khmelevsky, Martin Rinard, Stelios Sidiroglou. CASCON 2013 Toronto, Canada, November 2013
  18. [USPTO] "Methods, systems, and media for detecting covert malware"
    Brian M. Bowen, Pratap V. Prabhu, Vasileios P. Kemerlis, Stelios Sidiroglou , Salvatore J. Stolfo, and Angelos D. Keromytis. U.S. Patent Number 8,528,091. Issued on September 3rd, 2013.
  19. [USPTO] "Systems, methods, and media protecting a digital data processing device from attack"
    Stelios Sidiroglou , Angelos D. Keromytis, and Salvatore J. Stolfo U.S. Patent Number 8,407,785. Issued on March 26th, 2013.

    20. 2012

  20. [RACES'12] "Dancing with Uncertainty"
    Sasa Misailovic, Stelios Sidiroglou and Martin Rinard
    In the Proceedings of the SPLASH 2012 Workshop on Relaxing Synchronization for Multicore and Manycore Scalability
    June 2012, Zurich, Switzerland.
  21. [ICSE'12] "Automatic Input Rectification"
    Fan Long, Vijay Ganesh, Michael Carbin, Stelios Sidiroglou and Martin Rinard
    In the Proceedings of the 34th International Conference on Software Engineering.
    June 2012, Zurich, Switzerland.
  22. [USPTO] "Methods, media and systems for detecting anomalous program executions"
    Salvatore J. Stolfo, Angelos D. Keromytis and Stelios Sidiroglou , . U.S. Patent Number 8,074,115. Issued on January 7th, 2012.

    23. 2011

  23. [FSE'11] "Managing Performance vs. Accuracy Trade-offs With Loop Perforation"
    Stelios Sidiroglou, Sasa Misailovic, Henry Hoffman, Martin Rinard
    In the ACM SIGSOFT Symposium on the Foundations of Software Engineering.
    September 2011, Szeged, Hungary.

  24. [ASPLOS'11] "Dynamic Knobs for Power-Aware Computing"
    Stelios Sidiroglou, Henry Hoffman, Stelios Sidiroglou, Michael Carbin, Sasa Misailovic, Anant Agarwal and Martin Rinard
    In the Proceedings of the 15th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).
    March 2011, Newport beach, CA, USA
  25. [USPTO] "Methods, systems and media for software self-healing"
    Michael E. Locasto, Angelos D. Keromytis, Salvatore J. Stolfo, Angelos Stavrou, Gabriela Cretu, Stelios Sidiroglou, Jason Nieh, and Oren Laadan. U.S. Patent Number 7,962,798. Issued on June 14th, 2011.
  26. [USPTO] "Systems and methods for detecting and inhibiting attacks using honeypots"
    Stelios Sidiroglou , Angelos D. Keromytis, and Kostas G. Anagnostakis. U.S. Patent Number 7,904,959. Issued on March 8th, 2011.

    27. 2010

  27. [ICISC'10] "An Adversarial Evaluation of Network Signaling and Control Mechanisms"
    Kangkook Jee, Stelios Sidiroglou, Angelos Stavrou, Angelos D. Keromytis
    In the Proceedings of the 13th International Conference on Information Security and Cryptology (ICISC).
    December 2010, Seoul,Korea
  28. [ONWARD'10] Patterns and Statistical Analysis for Understanding Reduced Resource Computing
    Martin Rinard, Sasa Misailovic, Hank Hoffman and Stelios Sidiroglou,
    In the Proceedings of the Onward! 2010 Conference
    October 2010, Reno-Tahoe, Nevada, USA.
  29. [RAID '10] "BotSwindler: Tamper Resistant Injection of Believable Decoys in VM-Based Hosts for Crimeware Detection"
    Brian M. Bower, Pratap Prabhu, Vasileios P. Kemerlis, Stelios Sidiroglou, Angelos D. Keromytis and Salvatore J. Stolfo
    In the Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection.
    September 2010. Ottawa, Canada
  30. [ICSE '10] "Quality of Service Profiling"
    Sasa Misailovic, Stelios Sidiroglou, Hank Hoffman and Martin Rinard
    In the Proceedings of the 32nd International Conference on Software Engineering.
    May 2010, Cape Town, South Africa.
  31. [IJCNS '10] "Shadow Honeypots"
    Michalis Polychronakis, Periklis Akritidis, Stelios Sidiroglou , Kostas G. Anagnostakis, Angelos D. Keromytis, and Evangelos Markatos.
    In the International Journal of Computer and Network Security (IJCNS), vol. 2, no. 7, July 2010.

    32. 2009

  32. [SOSP '09] "Automatically Patching Errors in Deployed Software"
    Jeff H. Perkins (MIT), Sunghun Kim (HKUST), Sam Larsen (VMware), Saman Amarasinghe (MIT), Jonathan Bachrach (MIT), Michael Carbin (MIT), Carlos Pacheco (BCG), Frank Sherwood, Stelios Sidiroglou (MIT), Greg Sullivan (BAE AIT), Weng-Fai Wong (NUS), Yoav Zibin (Come2Play), Michael D. Ernst (U. of Washington), Martin Rinard (MIT)
    In the Proceedings of the 22th ACM Symposium on Operating Systems Principles (SOSP)
    October 2009, Big Sky, MT.
  33. [ASPLOS '09] "ASSURE: Automatic Software Self-healing Using REscue points"
    Stelios Sidiroglou, Oren Laadan, Carlos-Rene Perez, Nico Viennot, Angelos D. keromytis and Jason Nieh
    In the Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).
    March 2009, Washington, DC.
  34. "Methods and systems for repairing applications"
    Angelos D. Keromytis, Michael E. Locasto, and Stelios Sidiroglou. U.S. Patent Number 7,490,268. Issued on February 10th 2009.

    35. 2008

  35. "Software Self-Healing Using Error Virtualization"
    Stelios Sidiroglou. PhD Thesis. Columbia University May 2008.

    36. 2007

  36. [EC2ND '07] "Defending Against Next Generation Attacks Through Network/Endpoint Collaboration and Interaction"
    Spiros Antonatos, Michael E. Locasto, Stelios Sidiroglou, Angelos D. Keromytis, and Evangelos Markatos. In the Proceedings of the 3rd European Conference on Computer Network Defense (EC2ND). October 2007, Heraclion, Greece. (Invited paper)
  37. [USENIX SEC '07] "Proximity Breeds Danger: Emerging Threats in Metro-area Wireless Networks"
    Periklis Akritidis, W.Y. Chin, V.T. Lam, Stelios Sidiroglou, Kostas Anagnostakis
    in Proc. of USENIX Security 2007, August 2007 (Acceptance rate: 12.3%)
  38. [OAKLAND '07] "Using Rescue Points to Navigate Software Recovery (Short Paper)"
    Stelios Sidiroglou, Oren Laadan, Angelos D. Keromytis, and Jason Nieh. In the Proceedings of the IEEE Symposium on Security & Privacy. May 2007, Oakland, CA. (Acceptance rate: 8.3%)
  39. [IEEE SARNOFF '07] "Network Security as a Composable Service"
    Stelios Sidiroglou, Angelos Stavrou, and Angelos D. Keromytis. In the Proceedings of the IEEE Sarnoff Symposium. May 2007, Princeton, NJ. (Invited paper)
  40. [HOTDEP '07] "Band-aid Patching (Poster Paper)"
    Stelios Sidiroglou, Sotiris Ioannidis, and Angelos D. Keromytis. In the Proceedings of the 3rd Workshop on Hot Topics in System Dependability (HotDep). June 2007, Edinburgh, UK.

    41. 2006

  41. [HOTSEC '06] "Privacy as an Operating System Service"
    Stelios Sidiroglou, Sotiris Ioannidis and Angelos D. Keromytis. In the Proceedings of the Workshop on Hot Topics in Security (HOTSEC). August 2006, Vancouver, CA.
  42. "Execution Transactions for Defending Against Software Failures: Use and Evaluation"
    Stelios Sidiroglou and Angelos D. Keromytis. In Springer International Journal of Information Security (IJIS), vol. 5, no. 2, pp. 77 - 91, April 2006. (Extended version of the ISC 2005 paper.)

    43. 2005

  43. [IEEE Security & Privacy '05] "Countering Network Worms Through Automatic Patch Generation"
    Stelios Sidiroglou and Angelos D. Keromytis. IEEE Security & Privacy, Volume:3 Issue 6, Nov.2005. Pages: 41-49 An older, extended version is available as Columbia University Computer Science Department Technical Report CUCS-029-03, November 2003.
  44. [NDSS '05] "Software Self-Healing Using Collaborative Application Communities"
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In the Proceedings of the Internet Society (ISOC) Symposium on Network and Distributed Systems Security (SNDSS). February 2005, San Diego, CA. (Acceptance Rate: 13.6%)
  45. [ISC '05] "A Dynamic Mechanism for Recovering from Buffer Overflow Attacks"
    Stelios Sidiroglou, Giannis Giovanidis, and Angelos D. Keromytis. In the Proceedings of the 8th Information Security Conference (ISC). September 2005, Singapore. An older version of this paper is available as Columbia University Computer Science Department Technical Report CUCS-031-04, September 2004. (Acceptance rate: 14%)
  46. [USENIX SEC '05] "Detecting Targeted Attacks Using Shadow Honeypots"
    Kostas G. Anagnostakis, Stelios Sidiroglou, Periklis Akritidis, Konstantinos Xinidis, Evangelos Markatos, and Angelos D. Keromytis. In the Proceedings of the 14th USENIX Security Symposium. August 2005, Baltimore, MD. (Acceptance rate: 12.3%)
  47. [ISPEC '05] "An Email Worm Vaccine Architecture"
    Stelios Sidiroglou, John Ioannidis, Angelos D. Keromytis, and Salvatore J. Stolfo. In the Proceedings of the 1st Information Security Practice and Experience Conference (ISPEC) April 2005, Singapore
  48. [USENIX TECH '05] "Building A Reactive Immune System for Software Services"
    Stelios Sidiroglou, Michael E. Locasto, Stephen W. Boyd, Angelos D. Keromytis. In the Proceedings of the USENIX Annual Technical Conference. April 2005, Anaheim,CA
  49. [HOTDEP '05] "Application Communities: Using Monoculture for Dependability"
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In the Proceedings of the 1st Workshop on Hot Topics in System Dependability (HotDep), held in conjunction with the International Conference on Dependable Systems and Networks (DSN). June 2005, Yokohama, Japan.
  50. [NSPW '05] "Speculative Virtual Verification: Policy-Constrained Speculative Execution"
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In the Proceedings of the New Security Paradigms Workshop (NSPW). September 2005, Lake Arrowhead, CA.
  51. "Composite Hybrid Techniques for Defending against Targeted Attacks"
    Stelios Sidiroglou and Angelos D. Keromytis. In Malware Detection, vol. 27 of Advances in Information Security Series, Mihai Christodorescu, Somesh Jha, Douglas Maughan, Dawn Song, and Cliff Wang (editors). Springer, October 2006. (By invitation, as part of the ARO/DHS 2005 Workshop on Malware Detection.)

    2004

  52. "Hardware Support For Self-Healing Software Services"
    Stelios Sidiroglou, Michael E. Locasto, and Angelos D. Keromytis. In ACM SIGARCH Computer Architecture News, vol. 33, no. 1, pp. 42 - 47. March 2005. Also appeared In the Proceedings of the Workshop on Architectural Support for Security and Anti-Virus (WASSA), held in conjunction with the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI), pp. 37 - 43. October 2004, Boston, MA.
  53. [WASSA '04] "Hardware Support For Self-Healing Software Services"
    Stelios Sidiroglou, Michael E. Locasto, and Angelos D. Keromytis. In the Proceedings of the Workshop on Architectural Support for Security and Anti-Virus (WASSA), held in conjunction with the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI). October 2004, Boston, MA.

    54. 2003

  54. [IEEE Communications '03] "Topics in in-how networking -Ubiquitous computing in home networks"
    Stefan Berger, Henning Schulzrinne, Stelios Sidiroglou and Xiaotao Wu. Communications Magazine, IEEE, Volume:41 Issue 11, Nov.2003. Pages: 128-135
  55. [WETICE '03] "A Network Worm Vaccine Architecture"
    Stelios Sidiroglou and Angelos D. Keromytis. In Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security. June 2003, Linz, Austria.
  56. [NOSSDAV '03] "Ubiquitous Computing Using SIP"
    Stefan Berger, Henning Schulzrinne, Stelios Sidiroglou and Xiaotao Wu. In Proceedings of the ACM International Workshop on Network and Operating Systems Support for Digital Audio and Video (NOSSDAV). June 2003, Monterey, CA.