Home » Events » Events Calendar

CSAIL Event Calendar: Previous Series

“Building Secure Systems from Buggy Code with Information Flow Control”

Speaker: Dr. Nickolai Zeldovich , Stanford University
Date: March 20 2008
Time: 4:00PM to 5:00PM
Location: 32-G449, Patil/Kiva
Host: Prof. John Guttag, MIT

Contact: Francis Doughty, 253-4602, doughty@mit.edu
Relevant URL:

Today, computer security resembles an arms race: the bad guys constantly
find new ways to break in, and being safe requires staying one step ahead
of them in cutting off avenues of attack. This strategy is simply too
risky and too expensive in the long run. In this talk, I will argue
that we need to address security at a much more fundamental level,
and I will show how re-designing operating systems, network protocols,
and hardware can provide a solid foundation for building applications
in a way that eliminates or radically reduces vulnerabilities.

Much of the challenge in building secure applications stems from the
fact that real systems are constantly evolving, and that most programmers
are not security-conscious, resulting in code rife with bugs that cause
security vulnerabilities. Instead of trying to fix all code, this talk
will argue that we should protect data, by controlling how it can move
through the system. The key insight is that data protection cuts across
layers: any piece of data in an application can also be viewed as memory
or files by the OS, or as physical pages by the hardware. Consequently,
even data in buggy applications can be protected by the OS or by hardware,
despite the latter two being at a much lower level of abstraction.

In particular, I will first describe how a low-level information flow
control mechanism can be provided by a small OS kernel, hardware,
or network protocol, and then show how the same mechanism can be used
throughout the system to enforce security policies ranging from those
traditionally found in Unix to those that can ensure the privacy of user
data in a web server built from largely untrusted code.


Bio:

Nickolai Zeldovich is a postdoc at Stanford University, where he
recently received his Ph.D. Previously he received M.Eng. and
S.B. degrees from MIT. His research interests are in security,
operating systems, and networking.

See other events that are part of CS Special Seminar Series Spring 2008

See other events happening in March 2008


About Us Research News Resources Directory