Software Tools & Impact
All software and benchmarks below are prototypes, so please use at your own risk.
Tools and Software
VulnLoc - Localizing Vulnerabilities Statistically From One Exploit
(ASIACCS 2021)
BesFS - A SGX Filesystem with Coq Proofs
(Usenix Security 2020)
OHIE - Simple and Scalable Blockchain Consensus
(Oakland 2020)
NPAQ - Quantitative Verifier for Deep Nets
(CCS 2019)
EthRacer - Concurrency Bug-finding Tool for Smart Contracts
(ISSTA 2019)
VIF - Secure In-Network Filters using SGX
(ICDCS 2019)
TaintInduce - Taint Rule learner
(NDSS 2019)
Obscuro - Bitcoin Mixer using SGX
(ACSAC 2018)
MAIAN - Symbolic execution tool for multi-transctional contracts
(ACSAC 2018)
Neural Nets to Learn Function Signatures - datasets
(Usenix Security 2017)
SmartPool on Ethereum
and
Project Page
(Usenix Security 2017)
Panoply - Low TCB Micro-containters using SGX
(NDSS 2017) -- v0.1 released!
Oyente Smart Contract Analyzer
,
Online Demo
(By Melon) &
Benchmarks
(CCS 2016)
Web2Local Attacks on Chrome
(CCS 2016)
OblivP2P Code
(Usenix Security 2016)
Data-oriented Programming Toolkit and Samples
(IEEE SS&P 2016)
Data-oriented Attack Benchmarks
(Usenix Security 2016)
DexterJS VM
(FSE 2015)
AutoCSP
(ICSE 2015)
SMC - String Model Counter
(PLDI 2014)
AutoCrypt
(CCS 2013)
Kaluza: A String Decision Procedure
(not maintained)
Impact (out of date...)
Our research has influenced several real-world systems.
Dropbox's
deployment of privilege separation
in HTML5 apps
Privilege Separated design deployed as the
Google Chrome Extension Platform
Techniques for privilege separation in HTML5 applications has influenced the design of
Chrome Store Applications
Auto-sanitization in
Google Closure Framework
to prevent XSS attacks
Flaws found in
AJAX Applications
,
usage of client-primitives
,
web templating frameworks
, and
large-scale legacy web applications
.
Last modified: Thu Aug 16 22:26:10 SGT 2012