Speaker/Affiliation: Nickola

i Zeldovich/Stanford University

Date/Time: Tuesday April 22 2008

11:00 a.m.

Location: ACES 2.302

Host: Emmett Witchel

Talk Title: Building Secure Systems from Buggy Code with Information Flow
Control

Talk Abstract:
Today computer security resembles an arm

s race: the bad
guys constantly find new ways to break in and being sa

fe
requires staying one step ahead of them in cutting off avenues
o

f attack. This strategy is simply too risky and too expensive
in the l

ong run. In this talk I will argue that we need to address
security a

t a much more fundamental level and I will show how
re-designing opera

ting systems network protocols and hardware
can provide a solid found

ation for building applications in a way
that eliminates or radically r

educes vulnerabilities.

Much of the challenge in building secure app

lications stems from
the fact that real systems are constantly evolving
and that most
programmers are not security-conscious resulting in co

de rife
with bugs that cause security vulnerabilities. Instead of tryi

ng to
fix all code this talk will argue that we should protect data b

y
controlling how it can move through the system. The key insight

is that data protection cuts across layers: any piece of data in
an app

lication can also be viewed as memory or files by the OS
or as physica

l pages by the hardware. Consequently even data
in buggy applications
can be protected by the OS or by hardware
despite the latter two being
at a much lower level of abstraction.

In particular I will first d

escribe how a low-level information flow
control mechanism can be provid

ed by a small OS kernel hardware
or network protocol and then show ho

w the same mechanism can
be used throughout the system to enforce secur

ity policies ranging
from those traditionally found in Unix to those th

at can ensure the
privacy of user data in a web server built from large