Research Directions

Quick Note: This page presents a short summary of my recent research directions. At the end of each section, I list some of the projects that I am currently working on, or potential projects I am going to explore. Happy to chat more if you are perspective students who are interested in working on these projects.

Overview

The primary goal of my research is to advance the state of the art of formal methods for correctness and security of computer systems, especially cyber-physical systems (CPSs), and to develop tools and techniques to help construct systems that are correct and secure. Many computer systems are safety and security critical. Systematic, correct, and secure system design and implementation are urgently needed, and I believe that rigorous formal methods are essential for substantial improvements. They enable reasoning from logical or mathematical specifications of the behaviors of computer systems and offer rigorous proofs that all system behaviors meet some desirable properties. Formal methods are crucial for security goals, because they can show that no attack (with assumptions) will cause a system to misbehave. My research approach is to investigate sound, powerful, and pragmatic formal reasoning techniques for safety and security properties, and develop efficient enforcement mechanisms of these properties in constructing practical systems

Security Analysis for Cyber-Physical Systems

A major piece of my research is to develop fundamental concepts and methodologies for secure design and implementation of Cyber-Physical Systems (CPSs). CPSs, which interact continuously with the physical world, raise significant challenges for formal methods. Security and privacy models for CPSs have to be aware of the interaction between software systems and physical dynamics; enforcement of security properties requires us to go significantly beyond the state-of-the-art in the CPSs area. I introduce frameworks for modeling and analyzing attacks on CPSs. The frameworks often introduce a threat model of attacks, formalization of security properties, and techniques developed for reasoning with the security properties.

Relevant Publications
  • Quantitative Robustness Analysis of Sensor Attacks on Cyber-Physical Systems
    Stephen Chong, Ruggero Lanotte, Massimo Merro, Simone Tini, and Jian Xiang. (all equal contributions)
    Proceedings of the 26th ACM International Conference on Hybrid Systems: Computation and Control (HSCC), May 2023.
    Abstract |  PDF |  BibTeX  ]
  • Relational Analysis of Sensor Attacks on Cyber-Physical Systems
    Jian Xiang, Nathan Fulton, and Stephen Chong.
    Proceedings of the 34th IEEE Computer Security Foundations Symposium (CSF), June 2021.
    Abstract |  PDF |  BibTeX ]
Ongoing / Potential Projects
  • Specifying and verifying security of CPSs

    Express and verify security properties within formal models of CPSs. Develop extensions of formal logics to specify security properties, and develop algorithms to verify these properties. Some examples include compositional modeling and reasoning, specification-based testing, and proof techniques for relational or hyper properties.

  • Reasoning techniques for physical dynamics

    Develop techniques to reason with dynamics of CPSs, i.e., differential equations (ODEs). Some examples include proving relational properties, e.g., robustness, of ODE, and sensitivity analysis of ODEs.

  • Formal models of CPSs and their security properties

    Develop formal models of CPSs and their security properties with different formalisms of interests. For example, develop formal models of industrial robotic arms and their security requirements.

  • Secure-by-construction for implementations of CPS models

    Build verified pipelines that automatically transform high-level models of CPSs to controller executables, where the transformation preserves security properties verified at high-level models. This is a very challenging but also very interesting project.

  • Build CPSs implementations with both security and performance guarantees

    Integrate system modeling, analysis, and synthesis of runtime enforcement into the development of CPSs, to provide security guarantees as well as performance guarantees. Some examples include framework to make tradeoff between security and performance, developing efficient security enforcement mechanisms for CPSs, and instrumenting state-or-art controllers with runtime security mechanisms.

Language-based Approaches for Application Security

Another piece of my research uses abstractions from programming languages to specify and enforce security properties, such as secure information flow, in software systems. The correctness and security of applications often rely on correctly enforcing appropriate restrictions on sensitive information. The main challenge is finding the right abstractions to enable formal methods for security, in particular, abstractions to present to the programmers, e.g., useful sets of formally defined, composable, verifiable, and high performance security primitives.

Relevant Publications
  • Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages
    Jian Xiang and Stephen Chong.
    Proceedings of the 42nd IEEE Symposium on Security and Privacy (Oakland), May 2021.
    Abstract |  PDF |  Implementation |  Coq formalization |  BibTeX ]
Ongoing / Potential Projects
  • Better exception handling for Co-Inflow

    A follow-up work of Co-Inflow: develop sound exception handling mechanisms for Co-Inflow.

  • Information-flow analysis for programming languages

    Develop IFC mechanisms for different programming languages, e.g., Rust. Identify language abstractions that are suitable for information flow tracking, and develop mechanisms to enforce IFC policies. Common examples include secure type systems and coarse-grained dynamic analysis for a particular language.

  • Language extensions for reasoning with security properties

    Develop extensions of programming languages or formal logics to specify and reason with relational properties or hyperproperties.

  • Runtime enforcement mechanisms for security properties

    Develop efficient runtime mechanisms, e.g., monitors, to enforce relational or hyper properties within applications.

  • Interesting language-based abstractions or mechanisms...

    Interesting language abstractions that may be suitable for specify and/or verify security properties.

System Assurance vis Real-World Semantics

One of my research directions focuses on the dependability of systems, by investigating a very general and comprehensive approach for enforcing safety and security constraints in computer systems like CPSs. It focuses on specifying and analyzing constraints that derive from the physical world through enriched specifications and enhanced error-checking techniques. Systems like CPSs interact with the real world in order to sense and affect it. They should obey rules inherited from the real world, e.g., laws of physics. To enforce these constraints, I develop rich semantic types and type systems to analyze the consistency of software logic with the real-world entities with which the logic interacts.

Relevant Publications
  • Is My Software Consistent With the Real World?
    Jian Xiang, John Knight, and Kevin Sullivan.
    Proceedings of the 18th IEEE Symposium on High Assurance Systems Engineering (HASE),  2017.
    Abstract |  PDF |  BibTeX ]
  • Synthesis of Logic Interpretation
    Jian Xiang, John Knight, and Kevin Sullivan.
    Proceedings of the 17th IEEE Symposium on High Assurance Systems Engineering (HASE),  2016.
    Abstract |  PDF |  BibTeX ]
  • Real-World Types and Their Application
    Jian Xiang, John Knight, and Kevin Sullivan.
    Proceedings of the 34th Conference on Computer Safety, Reliability and Security (SAFECOMP),  2015.
    Abstract |  PDF |  BibTeX ]
  • A Rigorous Definition of Cyber-Physical Systems
    John Knight, Jian Xiang, and Kevin Sullivan.
    Trustworthy Cyber-Physical Systems. (Chapman and Hall/CRC),  2016.
    BibTeX ]
Ongoing / Potential Projects
  • Automated mining of specifications for semantic type checking

    Using data-driven techniques to automatically mine specifications, i.e., rich semantic types and type rules, for an application domain of interest, e.g., geographic system. This can also help build libraries of rich semantic types and type rules for a particular application domain.

  • Automated checking of units of measurement

    Checking units consistency is a special kind of type checking. Develop mechanisms to automatically find units of measurement and check their consistency for software applications.