{"52809":{"#nid":"52809","#data":{"type":"event","title":"CS Faculty Candidate Seminar - Max Krohn","body":[{"value":"\u003Cp\u003E\u003Cstrong\u003EMax Krohn\u003Cbr \/\u003E\u003C\/strong\u003E\u003Cstrong\u003EMassachusetts Institute of Technology\u003C\/strong\u003E\u003C\/p\u003E\n\u003Cp class=\u0022MsoPlainText\u0022\u003E\u0022\u003Cstrong\u003ESecuring Servers With Decentralized Information Flow Control\u0022\u003C\/strong\u003E\u003C\/p\u003E\n\u003Cp class=\u0022MsoPlainText\u0022\u003E\u003Cstrong\u003EABSTRACT:\u003C\/strong\u003E\u00a0 Today\u0027s operating systems struggle to contain the effects of malicious application code.\u00a0 For a desktop PC, one bad software download can reveal the entire contents of the PC\u0027s hard drive.\u00a0 On servers, one bad Web application component can reveal the entire contents of a site\u0027s database.\u00a0 In both cases, bad software can maliciously overwrite important data.\u00a0 Far from receding, these security flaws are finding their way into new server-side computing platforms, such as Facebook applications.\u003C\/p\u003E\n\u003Cp\u003EOur solution is Decentralized Information Flow Control (DIFC) at the OS level.\u00a0 DIFC systems track the flow of secret and high-integrity data as they are copied from file to file and communicated from process to process.\u00a0 In the end, the operating system lets modules known as \u0027declassifiers\u0027 determine the policy for secret data exiting to the network and for impure applications overwriting important files.\u00a0\u00a0 Example policies include ``only reveal Alice\u0027s secret data to Alice\u0027s Web client\u0027\u0027 or ``only local, authorized text-editors can overwrite this file.\u0027\u0027\u00a0 DIFC provides better security than standard OSes because it allows developers to concentrate security-critical code in small, audit-friendly declassifiers, which remain small and contained even as the overall system balloons with new features.\u003C\/p\u003E\n\u003Cp\u003EThis talk presents DIFC, an implementation of DIFC for Linux, and a case study of a complex, popular open-source application (MoinMoin Wiki) secured with DIFC.\u00a0 MoinMoin is a prototype for more ambitious and general work to come, such as a novel server-side application platform with encouraging security guarantees.\u003C\/p\u003E\n\u003Cp\u003E\u00a0---------\u003C\/p\u003E\n\u003Cp\u003EJoint work with: Micah Brodsky, Natan Cliffer, Petros Efstathopoulos, Cliff Frey, Eddie Kohler, David Mazieres, Robert Morris, Frans Kaashoek, Steve VanDeBogart, Mike Walfish, Alex Yip, David Ziegler\u003C\/p\u003E\n\u003Cp\u003E\u003C\/p\u003E\n\u003Cp\u003E\u003Cstrong\u003EBio:\u003C\/strong\u003E Maxwell Krohn is a PhD candidate in Computer Science at MIT.\u00a0 He received his BA from Harvard in 1999, and was a staff research scientist at NYU from 2002-2003.\u00a0 In between, he co-founded and co-built several community Web sites, some vintage (TheSpark.com), others live and kicking (SparkNotes.com and OkCupid.com).\u00a0 His research interests are in operating systems, distributed systems and security.\u003C\/p\u003E\n\u003Cp\u003E\u003C\/p\u003E","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":"","uid":"27154","created_gmt":"2010-02-11 15:57:54","changed_gmt":"2016-10-08 01:50:09","author":"Louise Russo","boilerplate_text":"","field_publication":"","field_article_url":"","field_event_time":{"event_time_start":"2008-02-26T10:00:00-05:00","event_time_end":"2008-02-26T11:00:00-05:00","event_time_end_last":"2008-02-26T11:00:00-05:00","gmt_time_start":"2008-02-26 15:00:00","gmt_time_end":"2008-02-26 16:00:00","gmt_time_end_last":"2008-02-26 16:00:00","rrule":null,"timezone":"America\/New_York"},"extras":[],"groups":[{"id":"47223","name":"College of Computing"}],"categories":[],"keywords":[],"core_research_areas":[],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"Shanita Williams","format":"limited_html"}],"email":[],"slides":[],"orientation":[],"userdata":""}}}