CSE Colloquium: Making Systems Secure with Information Flow

Presenter: Andrew Myers, Cornell University

Abstract:
Modern civilization depends on complex, interconnected software systems that must safeguard trustworthy or private data. We have ever-growing mountains of code yet lack principled ways to build large systems that are secure. What is missing is a way to securely build these systems compositionally: module by module and layer by layer. Information flow control, enforced throughout software and hardware, offers a plausible way to achieve compositional security, and is increasingly being used by industry. I describe how my research group has incorporated information-flow security into various languages and systems: hardware architectures resilient to timing and speculation attacks, smart contracts, and automatically synthesized cryptographic and distributed protocols. Information flow is inherently compositional and makes possible strong, provable security guarantees that can be connected to cryptographic security definitions. Importantly, it also guides developers during the design process, exposing security-critical decisions up front.

Bio:
Andrew Myers is the Class of 1912 Professor of Engineering in the Department of Computer Science at Cornell University. He received his Ph.D. in Electrical Engineering and Computer Science from MIT, advised by Barbara Liskov. His research interests include programming languages, computer security, and distributed and persistent programming systems. His work on computer security has focused on practical, sound, expressive languages and systems for enforcing information security. Myers is an ACM Fellow and has authored several award-winning papers. He currently serves as the chair of the ACM SIGPLAN Executive Committee.

Hosted By: Professor Mohsen Lesani

Location: Engineering 2, E2-180

Zoom: https://ucsc.zoom.us/j/97682837116?pwd=WZBzhJY4p7rTZshqglmOs6xBtBasbE.1&jst=3