School of Computing UofU calendar UofU index UofU directory Map About Salt Lake SoC Calendar University of Utah University of Utah
Colloquium

Aslan Askarov
Harvard University


Wednesday, March 6, 2013
1230 WEB
Refreshments 3:20 p.m.
Lecture 3:40 p.m.


Title: Securing information release: systems, models, and programming languages

Abstract
Computer systems sometimes need to release some confidential information. However, they must also prevent inadvertent release of information that should remain confidential. These requirements significantly complicate reasoning about system security, and are not addressed by conventional security mechanisms. To provide assurance for such systems we need to develop principled approaches for specifying and enforcing secure information release. In this talk, I will describe how this can be achieved using systems and programming languages techniques.

The first part of the talk will focus on controlling inadvertent leaks in complex systems. I will discuss the leaks that happen when an adversary can measure the time at which a system performs an observable action, also known as timing channels. I will explain how timing channels present a serious threat in computer security, and introduce predictive mitigation---a general technique for mitigating timing channels that works by predicting timing from past behavior and public information. Rather than eliminating timing channels entirely, predictive mitigation bounds the amount of information that an adversary can learn via timing channels with a trade-off in system performance. Under reasonable assumptions, the bounds are logarithmic in the running time of the system.

The second part of the talk will present insights into the formalization of practical security specifications for the intentional release of confidential information. I will introduce a programming language-based framework that provides a formal vocabulary for expressing such specifications. Example specifications include what information may be released, when a release may happen, and whether an adversary has any control over a release. These specifications are soundly enforceable using a variety of static and dynamic program analyses.

BIO
Aslan Askarov is currently a postdoctoral fellow at Harvard University, and was previously a postdoctoral associate at Cornell University. He received a PhD from Chalmers University of Technology in Gothenburg, Sweden in 2009. Aslan's research interests include computer security, programming languages, and systems.


Return to 2013 Events Calendar


School of Computing • 50 S. Central Campus Dr. Rm. 3190 • Salt Lake City, UT 84112
801-581-8224 • Fax: 801-581-5843 • Send comments to webmaster@cs.utah.edu
Disclaimer