Gazelle, Nozzle, Nemesis, SNARE, Vanish: Yep, must be a security conference

Anti-spam, secure e-mail and browsers among target areas for researchers at Usenix event

I'm a sucker for research projects with catchy names and a slew of them will be discussed at next week's Usenix Security Symposium in Montreal. Here's a sampler:


You might have run across this new Microsoft browser OS that reportedly can enforce strong security during the recent Google Chrome OS frenzy. Gazelle will get a further review at the Usenix event during the presentation of the paper  "The Multi Principal OS Construction of the Gazelle Web browser"  authored by Microsoft Research, University of Washington and University of Illinois at Urbana-Champaign researchers.

The authors write: "Our prototype implementation and evaluation experience indicates that it is realistic to turn an existing browser into a multi-principal OS that yields significantly stronger security and robustness with acceptable performance. Our security policies pose some incompatibility, the cost of which requires further investigation."


SNARE (Spatio-temporal Network-level Automatic Reputation Engine), the brainchild of Georgia Tech and McAfee researchers, is designed to foil spammers. And we can use all the help we can get on that front if recent numbers from McAfee can be believed: it found that spam now constitutes 92% of all e-mail.

SNARE eschews spam filtering techniques based purely on identifying the content or relying on reputation-based blacklists/whitelists. Instead, SNARE zeroes in on network-level behavior ("how messages are sent") to spot spammers. This includes eyeing how far apart spammers are from their targets and each other and even what time of day they launch their messages.

Technology Review recently profiled the technology, noting that one Georgia Tech researcher is helping Yahoo address spam issues by using knowledge from the SNARE project.


This technology is described as "A Defense Against Heap-spraying Code Injection Attacks,"  in a paper authored by Microsoft Research and Cornell University researchers. Heap-spraying, if you aren't familiar with it, refers to certain ActiveX or JavaScript routines trying to fill up browser memory until they can get a shell code and take over the computer, according to an expert quoted in an earlier Network World article. Nozzle's creators say they have come up with "a runtime monitoring infrastructure that detects attempts by attackers to spray the heap. Nozzle uses lightweight emulation techniques to detect the presence of objects that contain executable code. To reduce false positives, we developed a notion of global 'heap health'."


Stanford University and MIT researchers are looking to make Web applications more secure by preventing authentication and access control vulnerabilities. Their paper explains that "Nemesis combines authentication information with programmer-supplied access control rules on files and database entries to automatically ensure that only properly authenticated users are granted access to any privileged resources or data." It also "constructs a shadow authentication system to track user authentication state through an additional HTTP cookie." Nemesis has been tested out on applications such as PHP iCalendar and Linpha Image Gallery.


I recently put this University of Washington prototype technology for safeguarding e-mail to the test. In a nutshell, Vanish gives email senders control over how long the messages they send last. In other words, it's email with a built-in self destruct button.

Follow Bob on Twitter

Copyright © 2009 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022