Projects


ExpoSE: A Quick Start Guide

In this tutorial I explain how to use the ExpoSE dynamic symbolic execution (DSE) tool. First I run through how to use ExpoSE with some simple JavaScript test-cases and then explain how to interpret the results. More info
Tags: Projects, JavaScript, ExpoSE, Tutorials Created on: 10-08-2018

How to Instrument JavaScript in Chromium

When analyzing JavaScript software it is common to rewrite or instrument the program in some way in order to expose specific data during execution. Typically instrumentation of JavaScript in the browser is achieved by a proxy - a tool that rewrites JavaScript in network requests. In practice proxies typically do not perform well as there are often multiple entry points to a program and it can be hard to correctly rewrite all cases. Another alternative is modifying V8 to achieve the desired level of program instrumentation. Unfortunately, modern JavaScript interpreters are complex pieces of software and this often carries heavy technical and maintenance overheads. Instead we propose rewriting the JavaScript entry point within a browser to instrument source code, achieving a reasonable compromise between maintainability and development time. In this tutorial we are going to modify V8, the JavaScript interpreter used by Chromium, so that all JavaScript executed by Chromium can be rewritten by an instrumentation framework. More info
Tags: Projects, Chromium, Tutorials, JavaScript Created on: 09-08-2018

A Short Tutorial on Logging in ExpoSE

The concurrent execution of test-cases and JavaScript compilation process can make logging test-case output confusing in ExpoSE. In this short tutorial I explain how to enable test-case logging and give quick configurations. More info
Tags: Projects, JavaScript, Tutorials, ExpoSE Created on: 09-08-2018

Z3JavaScript - Native Z3 Bindings for Node.js

Before we can symbolically execute JavaScript we need a way to invoke an SMT solver directly from JavaScript, however we found that there is almost no existing language support for Node.js. To remedy this we developed Z3JavaScript, an NPM-installable set of bindings to the popular SMT solver Z3. In addition to a set of primitive bindings we provide a set of wrapper classes to simplify usage from JavaScript. We also provide a regular expression rewriter which allows for reasoning about regular expressions, capture groups, and backreferences in programs. More info
Tags: Projects Created on: 09-08-2018

ExpoSE: Practical Symbolic Execution Of Standalone JavaScript

JavaScript has evolved into a versatile ecosystem for not just the web, but also a wide range of server-side and client-side applications. With this increased scope, the potential impact of bugs increases. Despite this, testing tools for JavaScript have remained relatively primitive, largely due to the languages complex implementation and confusing specification. ExpoSE is a dynamic symbolic execution (DSE) tool for JavaScript with support for asynchronous events, strings, and complex regular expressions (including capture groups). It also supports concurrent test-case execution and provides detailed coverage statistics. More info
Tags: Papers, Research, Projects Created on: 09-08-2018

Detecting Humanity - Brave Software

One unresolved problem with the web is the detection of bots, programs that drive a web browser to emulate human behavior. Bot detection is an issue in web development because automated tools can reduce the user experience, such as a bot which responds to Twitter posts with angry messages. During a research internship as Brave, a privacy-focused web browser, we worked on a new client-side approach to detect user humanity. More info
Tags: Projects, Research, Work Created on: 09-08-2018

A Solution To Compression Oracles on the Web - Cloudflare

Compression is often considered an essential tool when reducing the bandwidth usage of internet services. The impact that the use of such compression schemes can have on security, however, has often been overlooked. The recently detailed CRIME, BREACH, TIME and HEIST attacks on TLS have shown that if an attacker can make requests on behalf of a user then secret information can be extracted from encrypted messages using only the length of the response. Deciding whether an element of a web-page should be secret often depends on the content of the page, however there are some common elements of web-pages which should always remain secret such as Cross-Site Request Forgery (CSRF) tokens. Such tokens are used to ensure that malicious webpages cannot forge requests from a user by enforcing that any request must contain a secret token included in a previous response. More info
Tags: Projects, Research, Work Created on: 09-08-2018

PhD - Information Security Group - Royal Holloway, University of London

I began a PhD with the Information Security Group (ISG) at Royal Holloway in September 2015 as part of the Cyber Security CDT. The CDT is set to take 4 years to complete during which I will be exposed to a wide variety of topics relating to the security of computing devices such as static and dynamic program analysis, cryptography, and network security. More info
Tags: Projects, Work Created on: 09-08-2018

Kiniro - Android Game & Engine

Kiniro is a game (and accompanying game-engine) from developed from scratch. For this work I created a 2.5D platforming game engine compatible with Linux, Mac OS X, and Android. The engine is entirely written in C++ and includes support for physics through a homebrew physics engine, sound through OpenAL, and large 2D animations. More info
Tags: Games, Projects Created on: 09-08-2018

Dawn - x86 Operating System

Dawn is a x86 based operating system (OS) with a process scheduler, virtual memory manager, application loader, a defined set of system calls and a host of other features. This project was undertaken as part of an optional A-level module. The project involved development of a operating system kernel and a set of utility programs, as well as the design of a set of tools designed for the OS which allow the user to interact and perform tasks. The code was primarily written in C (C99), with small amounts of assembly used in the Kernel, as well as some bash or python scripts to automate compilation and deployment of the OS. More info
Tags: Projects Created on: 09-08-2018

Scribble - Interpreted, Garbage Collected, Programming Language

Scribble is a garbage collected programming language with a reference implementation including a full compiler, intermediate representation and reference virtual machine. The language was designed to make extending existing C++ applications easier and to enable users to extend a programs functionality, increasing the usefulness of a piece of software. The implementation also attempts to reduce the likelihood of security issues by allowing developers to strictly control what functionality the virtual machine exposes to the end user through a simple interface, allowing them to control what access the scripts will have to the host platform. More info
Tags: Projects Created on: 09-08-2018

LJIT - LISP Language with JIT

As a recent hobby project I have been working to improve my knowledge of ahead-of-time (AOT) and just-in-time (JIT) compilers. To that end I developed a new LISP style language with a AOT compiler. The project was developed in C++ and includes a LL(1) parser, a AST structure and a AST -> Machine code JIT converter. The resulting language is a simple integer only language which supports recursion and function arguments. More info
Tags: Programming Languages, Projects Created on: 09-08-2018