Sandeep Bhatkar

Data Space Randomization

Over the past several years, US-CERT advisories, as well as most critical updates from software vendors, have been due to memory corruption vulnerabilities such as buffer overflows, heap overflows, etc. Several techniques have been developed to defend against the exploitation of these vulnerabilities, with the most promising defenses being based on randomization. Two randomization techniques have been explored so far: address space randomization (ASR) that randomizes the location of objects in virtual memory, and instruction set randomization (ISR) that randomizes the representation of code. We explore a third form of randomization called data space randomization (DSR) that randomizes the representation of data stored in program memory. Unlike ISR, DSR is effective against non-control data attacks as well as code injection attacks. Unlike ASR, it can protect against corruption of non-pointer data as well as pointer-valued data. Moreover, DSR provides a much higher range of randomization (typically 232for 32-bit data) as compared to ASR. Other interesting aspects of DSR include (a) it does not share a weakness common to randomization-based defenses, namely, susceptibility to information leakage attacks, and (b) it is capable of detecting some exploits that are missed by full bounds-checking techniques, e.g., some of the overflows from one field of a structure to the next field. Our implementation results show that with appropriate design choices, DSR can achieve a performance overhead in the range of 5% to 30% for a range of programs.

Improving Scalability of Personalized Recommendation Systems for Enterprise Knowledge Workers

Enterprise knowledge workers have been overwhelmed by the growing rate of incoming data in recent years. In this paper, we present a recommendation system with the goal of helping knowledge workers in discovering useful new content. In particular, our system builds personalized user models based on file activities on enterprise network file servers. Our models use novel features that are derived from file metadata and user collaboration. Through extensive evaluation on real-world enterprise data, we demonstrate the effectiveness of our system with high precision and recall values. Unfortunately, our experiments reveal that per-user models are unable to handle heavy workloads. To address this limitation, we propose a novel optimization technique, active feature-based model selection, that predicts the user models that should be applied on each test file. Such a technique can reduce the classification time per file by as much as 23 times without sacrificing accuracy. We also show how this technique can be extended to improve the scalability exponentially at marginal cost of prediction accuracy, e.g., we can gain 169 times faster performance on an average across all shares by sacrificing 4% of F-score.

Access Prediction for Knowledge Workers in Enterprise Data Repositories

The data which knowledge workers need to conduct their work is stored across an increasing number of repositories and grows annually at a significant rate. It is therefore unreasonable to expect that knowledge workers can efficiently search and identify what they need across a myriad of locations where upwards of hundreds of thousands of items can be created daily. This paper describes a system which can observe user activity and train models to predict which items a user will access in order to help knowledge workers discover content. We specifically investigate network file systems and determine how well we can predict future access to newly created or modified content. Utilizing file metadata to construct access prediction models, we show how the performance of these models can be improved for shares demonstrating high collaboration among its users. Experiments on eight enterprise shares reveal that models based on file metadata can achieve F scores upwards of 99%. Furthermore, on an average, collaboration aware models can correctly predict nearly half of new file accesses by users while ensuring a precision of 75%, thus validating that the proposed system can be utilized to help knowledge workers discover new or modified content.