Popular Science Description

Computer security is a massive challenge. We often run third-party applications that access our personal data, but when are we really sure what information gets shared? This is one of the main interests of Aslan Askarov’s research. Whereas the Logic and Semantics group mainly looks at the foundations of programming languages and programming logics for reasoning about programs in general his expertise is more on the security side.

- My general research area is principal approaches to computer security, where we can understand what it means for a computer system to be secure.  It’s highly relevant because it is something we have to make sure we’re getting right. No one wants to have confidential data compromised, Aslan Askarov states.

Access to data and then what?

Consider, for example, an application on your smartphone.  The application can access your contact data, which might be confidential information. The application may only use the data for internal reasons, but it is very difficult, as a consumer, to understand what happens after the application accesses the data.

Aslan Askarov studies the security of the different systems that access such data.

-We analyze programs that may access sensitive data, and by analyzing the programs we can understand if it satisfies our security requirements. By looking into the program code, we can understand if it is actually coherent to the security policy, or if we otherwise should reject the program as insecure, he explains.

Checking up on application security requirements

As another example, consider an application that promises to delete your data. But does that mean the application will not be able to see it; does it mean that your mobile provider won’t be able to access it, or does it mean that if someone steals your phone, they can’t recover the data?

-If you delete a message on your phone, there are other pieces of information in the system connected to it, he points out.

This security issue is called information erasure. It is a highly relevant and interesting issue, as mobile users have certain expectations about security requirements. Users may want to make sure the information is erased from the system, and not just the data itself, but what is connected to it.

-My research focuses on understanding if we can build systems with such security requirements, or to see if we can find security violations in the implementations, says Aslan Askarov.

Detecting security flaws

Some of his previous research has gone into understanding the security aspects of systems known as timing channels, and coming up with techniques for mitigating them.

-An example of a timing channel is; if I ask you today how you are doing, you respond immediately that you are fine. I then ask you again tomorrow, and it takes you ten seconds to reply. In both cases your answer is the same, but the amount of time it takes you to provide the answer is different, he points out.

By making control inquiries like this, it is possible to detect security flaws in a system. Aslan Askarov explains how.

- Because of the delay, I can deduce that something is different. It’s principally the same with computer systems. They may produce the same events, but the time it takes to produce the event may depend on information, that we don’t necessarily realize is being leaked.

Aslan Askarov in brief

Before being appointed associate professor at Aarhus University, Aslan Askarov was a postdoctoral fellow at Harvard University, 2012-14.

He became a Bachelor of Science in Applied Mathematics in 2002, at the Baku State University in Azerbaijan. In 2005 he got his Master’s Degree in Computer Science at the Chalmers University of  Technology, Göteborg.

In 2009 Aslan Askarov became PhD in Computer Science at Chalmers University of Technology, before being a Postdoc at Cornell University, Ithaca, NY, 2009-11.