Northeastern University

NUCAR Security Group



As part of the Northeastern University Computer Architecture Group (NUCAR), we aim to develop new technologies to improve security for computer systems and users. Currently we are working on providing a microarchitectural solution against stack smashing attacks, characterizing the architectural needs of anti-virus programs and developing new methods to prevent virus and worm attacks. Our group is under the direction of Prof. David Kaeli. This project is supported through the National Science Foundation on grant number EIA:0310891.

Group Members:


Current Projects:

Reliable Return Address Stack

In this work, we enhance the current microarchitecture such that the return address of every function call can be validated. Thus, if a return address is smashed, this change will be detected and reported. To facilitate this, we extended the microarchitectural return address stack found on most existing microprocessor, and introduce a new table that holds call and return instruction addresses. In addition, we propose a software thread that is responsible for backing up the hardware stack.

In order to validate the correctness of the solution, we are developing a detailed microarchitectural simulation model. Using this model, we will examine the performance impact of any hardware-based stack smash solution

This work was presented (download slides) at the BARC04 workshop.

We also had a paper in WASSA on this work.

Antivirus Profiling and Characterization

Antivirus programs are wide spread and commonly used. Their performance overhead can be significant. Profiling and characterizing antivirus programs can give insight into their behaviour and potential bottlenecks. We are using the Simics machine simulator to profile antivirus programs and trace their execution. We are currently extracting information on instruction usage and IO behavior. We have written a short whitepaper on some of our preliminary work tracing Norton Anti-Virus.

We also had a paper in WASSA on this work.

Java Security

In related work, we are looking for new ways to enforce different security policies to police viruses and worms. We are studying the Java security model as an example and inspecting current firewalls heuristics. We aim to incorporate different solutions into one general framework.

We have developed a set of security benchmark in the project. You can find these at: SECSPEC .

Here is a talk by Micha Moffie on architectural features that are starting to appear in commercial hardware and software systems.

Prof. David Kaeli
Northeastern University
Dept. of Electrical and Computer Engineering
442 Dana Research Center
Boston, MA 02053
(617)-373-5413
kaeli@ece.neu.edu