Towards Principled and Reliable Software System Security

Marco Vassena

Software systems are trusted with a wealth of sensitive data. They are so complex and hard to get right that opportunities for attacks abound, ranging from application bugs to leaky runtime systems, and even hardware security vulnerabilities. How can we ensure that our data is really secure in our systems?

In this talk, I will describe a principled approach to designing and building software systems with reliable security guarantees. The key idea behind my approach is to leverage formal semantics to specify the behavior and the (desired) security policies of a system, and to apply language-based techniques to enforce them systematically. In the talk, I will first present a recent foundational result on Information-Flow Control (IFC) security that unifies IFC paradigms proposed by the programming language and the operating system community to help developers write secure code. Then, I will cover LIO_PAR, a runtime system design that eliminates all resource-based covert channels in concurrent and parallel systems, and Blade, a new approach to automatically, provably, and efficiently eliminate speculative leaks from cryptographic code.

---

Previous: Wouter Swierstra | A predicate transformer semantics for effects
Next: | Incremental Scannerless Generalized LR Parsing