Conference picture

Research Opportunities

There are many ways to engage and can get exposure to research as an undergraduate student throughout the department:

  • Attend a lecture in the Distinguished Lecture Series (DLS), faculty talks, international speaker talks or honours seminars. A variety of cutting-edge computer science research topics are covered every year
  • Take directed studies courses
  • Attend reading groups offered by various departmental labs

View DLS talks on YouTube
 


Computing Community Consortium: Research Opportunities and Grad School

Bigger Opportunities

Spend 16 weeks working full-time over the summer with a faculty member on a project under the NSERC Undergraduate Student Research Awards (USRA) program. Students who are considering applying to graduate school are strongly encouraged to participate.

Become a mentee with the Undergraduate Research Opportunity (URO). URO runs the Research Experience Program (REX) during the school year from September until March, with the aim of encouraging and facilitating undergraduate students into research.


Winter 2024 Opportunities

Hugo Lefeuvre

Project 1:

 Fuzzing OpenBSD Privilege-Separated Software for Compartment Interface
 Vulnerabilities

Short Description:

 Over the past two decades, the OpenBSD community has invested great effort in
 "privilege-separating" OpenBSD utility programs [0]. Privilege separation, a form
 of software compartmentalization, consists of splitting programs into separate
 processes to limit the damage that can occur if a program is compromised.

 The goal of this project is to see how effective this effort has been. We
 want to see if we can identify ways in which this privilege separation has not
 produced the kind of robustness desired.  We will first study compartment
 interfaces in OpenBSD privilege-separated software, to determine which
 techniques [1] might be most appropriate, and whether or not/how each
 technique should be adapted or improved for this purpose. We will then use the
 techniques to search for bugs and develop case studies on the bugs we find.

 The output of this project will be: a study of compartment interfaces in
 OpenBSD; a tool that finds vulnerabilities in OpenBSD privilege-separated
 software; a set of bugs that we find; and case-studies on these bugs. These
 outputs will be assembled in a paper to be submitted at a top-tier security
 conference.

 [0] https://www.openbsd.org/innovations.html (Search for "Privilege separation")
 [1] https://ieeexplore.ieee.org/document/8863940

Required skills:

 - Highly motivated with 10-12 hours per week to dedicate to this project (this is
   quite challenging).
 - Proficient in C and low-level systems software (beyond that in 313; the
   ideal candidate is likely to have taken 436a and/or 436s).
 - Familiarity with systems software security concepts (buffer overflow, etc.)

Bonus skills (i.e., not required, but definitely a plus):
 - Knowledge of fuzzing
 - Knowledge of OpenBSD

Interested students should send mail to Hugo Lefeuvre at hugo.lefeuvre@ubc.ca. Please
include a resume and transcript. In your email, provide a brief description explaining
what about this project interests you.
 

Project 2:

 Designing Memory Allocators for Compartmentalized Systems

Short Description:

 Software compartmentalization [0] is the practice of breaking down a program
 into groups of isolated and distrusting compartments to reduce the damage that
 can occur if the program is compromised. Because software compartmentalization
 introduces security boundaries into programs, it imposes new design constraints
 on fundamental system building blocks such as the memory allocator. For example,
 the memory allocator is responsible for securely assigning memory to distrusting
 entities.  Sadly, there exists little work on how to design memory allocators for
 compartmentalized software. Most work avoids the problem by statically
 partitioning application memory, which is often suboptimal in practice.

 This project will explore memory allocator designs for compartmentalized systems.
 We will first survey existing solutions (such as snmalloc [1] and CHERIoT's memory
 allocator [2]) to understand their design and the impact these design choices have
 with respect to security and performance. We will then design a new, highly-principled
 memory allocator that can improve on the state of the art.

 The output of this project will be: a literature and field study on memory
 allocation in compartmentalized systems; the design of a new memory allocator
 that improves on the state of the art and/or explores a new point in the
 design space; and its evaluation. These outputs will be consolidated into a
 paper to be submitted at a top-tier systems conference.  Successful applicants
 will get to contribute to fundamental memory allocator research (which is
 extremely fun!) and to join an international collaboration.

 [0] https://www.usenix.org/legacy/events/sec03/tech/full_papers/provos_et_al/provos_et_al.pdf
 [1] https://dl.acm.org/doi/abs/10.1145/3315573.3329980
 [2] https://github.com/CHERIoT-Platform/cheriot-rtos/tree/main

Required skills:
 - Highly motivated with 10-12 hours per week to dedicate to this project (this is
   quite challenging).
 - Proficient in C and low-level systems software (beyond that in 313; the
   ideal candidate is likely to have taken 436a and/or 436s).
 - Familiarity with systems software security concepts (buffer overflow, etc.)

Bonus skills (i.e., not required, but definitely a plus):
 - Familiarity with memory allocators

Interested students should send mail to Hugo Lefeuvre at hugo.lefeuvre@ubc.ca. Please
include a resume and transcript. In your email, provide a brief description explaining
what about this project interests you.
 


Interested in working on research projects with a faculty member?

There are a variety of student-oriented or particularly student-friendly CS research venues to publish your research work. Talk to your research mentor to explore these and other discipline specific conferences: