The Shear project creates a secure environment for the least-authority execution of over-privileged applications that may be exploited by adversaries to launch privileged attacks. We develop advanced program analysis techniques to extract the minimal authority of a program, partition it, and enforce run-time isolation leveraging low-level systems and hardware-assisted techniques.

Available Work

• PoLPer: a least-privilege enforcement tool for setuid calls (paper)
• CAFE: a trusted execution environment for encrypted application code execution (paper, short paper)