Andrew Myers,
Associate Professor
Cornell University,
Ithaca, New York
“Making distributed systems
secure by construction”
Bio:
Andrew Myers is an Associate Professor in the Computer Science Department at Cornell University in Ithaca, NY. He received his Ph.D. in Electrical Engineering and Computer Science from MIT in 1999.
His research interests include computer security, programming
languages, and distributed and persistent objects. His work on computer security has focused on practical, sound, expressive languages and systems for enforcing information security. The Jif programming language makes it possible to write programs which the compiler ensures are secure. The Polyglot extensible compiler framework is now widely used for programming language research.
Andrew is the recipient of an NSF CAREER award, an Alfred P. Sloan Fellowship, a College of Engineering Abraham T. C. Wong '72 Excellence in Teaching Award, a George M. Sprowls award for outstanding Ph.D. thesis from MIT, and a best paper award for a paper in SOSP 2001.
OCTOBER 9th, 2006 - 4:30 pm cst
ACES Building, Room 6.304
Department of Computer Sciences
The University of Texas at Austin
Abstract:
The distributed information systems we use every day are becoming more complex and interconnected. Can we trust them with our information? Many mechanisms are available to ensure information security: for example, encryption, various cryptographic protocols, access control, and replication. Currently there is no good way to check that complex distributed software uses information securely, even if we have the source code. We currently lack both sufficiently expressive ways to specify information security requirements, and sufficiently accurate methods for checking them.
This talk describes a way to build systems that are secure by construction. Programs are annotated with explicit security policies specifying the confidentiality, integrity, and availability of information. The compiler automatically uses a combination of techniques to transform the source code to run securely on the available host machines. The compiler introduces quorum replication to satisfy both integrity and availability policies. It introduces partitioning, encryption, and one-way hashing to satisfy confidentiality policies. To accommodate the needs of realistic applications, the information security policies are also enriched to support new notions of ownership, declassification, robustness, and erasure. These policies have precise semantics, and the construction process can be shown to enforce policies in terms of these semantics.
Joint work with Lantian Zheng, Steve Chong, Andrei Sabelfeld, and Steve Zdancewic.