Title: Principled Approaches to Information Security

Abstract:

Modern computer systems have complex security requirements. We routinely run third-party applications that process confidential data, our security policies change over time, and we are surrounded by sophisticated adversaries capable of long-term observations and powerful inferences. In order to provide satisfactory security guarantees in this environment, we must address a number of challenges. First, we must understand how sensitive data propagates within systems and how untrusted code influences a system's operations. Second, we must take into account the dynamic nature of security requirements: for example, a document considered secret today may be released to the public tomorrow, and vice versa: a public entry may need to be securely erased from a system at some point in the future. Finally, we need techniques for building provably-secure systems that satisfy our security requirements.

In the first part of the talk, I will present a formal framework for reasoning about a rich class of security requirements of modern systems. The core of the framework is a notion of attacker knowledge that precisely characterizes the information deducible by an attacker based on the attacker's observations. Using attacker knowledge as a building block, we can specify a wide range of security requirements, including dynamic policies. These security requirements are amenable to sound enforcement using programming-languages techniques, such as static program analysis and runtime monitoring.

The second part of the talk will focus on so-called timing channels—inadvertent leaks in complex systems that occur when an adversary can measure the time at which a system performs an observable action. I will explain how timing channels present a serious threat in computer security, and will introduce predictive mitigation—a general technique for mitigating timing channels that works by predicting timing from past behavior and public information. Rather than eliminating timing channels entirely, predictive mitigation bounds the amount of information that an adversary can learn via timing channels with a trade-off in system performance. Under reasonable assumptions, the bounds are logarithmic in the running time of the system.

Bio:

Aslan Askarov is currently a postdoctoral fellow at Harvard University, and was previously a postdoctoral associate at Cornell University. He received a PhD from Chalmers University of Technology in Gothenburg, Sweden in 2009. Aslan's research interests include computer security, programming languages, and systems.