Dr. Jinpeng Wei’s research interests are in the area where systems software (e.g., Operating Systems and middleware) and computer security overlap. In particular, he explores novel systems mechanisms and implementations to make widely deployed systems software (e.g., the Linux OS, the Windows OS, and MapReduce) robust against malicious attacks, while still keeping it efficient and easy to use.
- Defense against kernel queue hooking rootkits. Kernel queue hooking (KQH) rootkits achieve stealthy malicious function execution by embedding malicious hooks in dynamic kernel schedulable queues (K-Queues). Because they keep kernel code and persistent hooks intact, they can evade detection of state-of-the-art kernel integrity monitors. We propose the Precise Lookahead Checking of function Pointers (PLCP) approach that checks the legitimacy of pending K-Queue callback requests by proactively checking function pointers that may be invoked by the callback function. Prototype defenses have been developed for the Linux kernel and the Windows Research Kernel (WRK) and shown to be effective against advanced malware.
- Automated derivation of data invariants for system runtime integrity monitoring: The recent interest in runtime attestation requires modeling of a program’s runtime behavior to formulate its integrity properties. We propose scoped invariants as a primitive for analyzing a software system for its integrity properties, and we develop automated tools that employ dynamic or static program analysis techniques to derive scoped invariants for any given program. We have applied our tools to Xen, the Linux kernel, and the Windows Research Kernel, which demonstrates very low false positive rate (1 out of 141,280 in our Linux kernel case study) and very low false negative rate (about 0.013%).
- Integrity assurance of MapReduce: Among all the security issues surrounding cloud computing, computation integrity is one of the most critical that needs attention. For example, MapReduce suffers from the integrity assurance vulnerability: it takes only one malicious worker to render the overall computation result useless. In order to increase the assurance of cloud computing integrity, we propose a set of measures that can tolerate malicious participants in a cloud computing environment. These include job replication, verification, quizzing, and task obfuscation. We have designed and implemented some of our ideas in the VIAF framework in a MapReduce environment, which can detect both collusive and non-collusive mappers. Our ongoing research is to overlay the VIAF framework on top of heterogeneous cloud infrastructures such as Amazon EC2 and Microsoft Azure.
- Department of Homeland Security (2010-ST-062-000039), “A Research and Educational Framework to Advance Disaster Information Management in Computer Science PhD Programs,” $400,000, period 2/1/11 – 1/31/15, Co-PI.
- Centre for Strategic Infocomm Technologies (CSIT), Singapore, “Malware Persistence in OS Kernels,” $121,819, period 4/15/11 – 4/14/13, PI.
- Best paper award, International Workshop on Cloud Privacy, Security, Risk and Trust (CPSRT 2010), in conjunction with the 2nd IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2010).
- Outstanding paper award, the 24th Annual Computer Security Applications Conference (ACSAC’08).
- Best student paper award, High Performance Computing Conference 2007 (HPCC’07).
- Georgia Institute of Technology
- IBM T. J. Watson Research Center
- Intel Corporation
- Centre for Strategic Infocomm Technologies (CSIT), Singapore
- Jinpeng Wei, Calton Pu. Towards a General Defense against Kernel Queue Hooking Attacks. Computers & Security, Elsevier Ltd., March 2012, Volume 31, Issue 2, pages 176-191. doi: 10.1016/j.cose.2011.12.007.
- Jinpeng Wei, Feng Zhu, and Yasushi Shinjo. Static Analysis Based Invariant Detection for Commodity Operating Systems. 7th International Conference on Collaborative Computing (CollaborateCom 2011), Orlando, FL, October 15-18, 2011.
- Jinpeng Wei, Bryan D. Payne, Jonathon Giffin, Calton Pu. Soft-Timer Driven Transient Kernel Control Flow Attacks and Defense. Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC’2008), Anaheim, CA, December 8-12, 2008.
- Yongzhi Wang, Jinpeng Wei. VIAF: Verification-based Integrity Assurance Framework for MapReduce. Proceedings of the Fourth IEEE International Conference on Cloud Computing (CLOUD 2011), IEEE Computer Society, Washington, DC, July 4-9, 2011, pages 300 – 307.
- Jinpeng Wei, Xiaolan Zhang, Glenn Ammons, Vasanth Bala, and Peng Ning. Managing Security of Virtual Machine Images in a Cloud Environment. Proceedings of the 2009 ACM Cloud Computing Security Workshop (CCSW), co-located with the 16th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, Nov. 9-13, 2009.