There have been thousands of security mechanisms, cryptographic schemes, and security protocols introduced in the last few decades. Unfortunately this coincided with an tremendous increase in the number of software and hardware vulnerabilities. These twin trends of more security proposals and more vulnerabilities indicate that there is a growing gap in the adoption of secure technologies, possibly due to concerns for performance, compatibility, and engineering effort.
In this talk Mihai Christodorescu will argue that to close this gap we need to automate the integration of security in software systems. Automatic software security holds the promise of allowing non-experts the fruitful use of advanced security mechanisms, from zero-knowledge proofs, information flow tracking, and secure multi-party computation, to oblivious RAM and privilege separation. Mihai Christodorescu will illustrate this approach with two examples of adding integrity and confidentiality to existing systems in ways that are transparent to developers, configurable by system administrators, and verifiable by users. There are exciting questions to address in this space and the talk will conclude with a research agenda for automating software security.
Mihai Christodorescu is a principal researcher in systems security at Visa Research and also serves as senior director of the systems security, cryptography, and blockchain groups. He is interested in fundamental approaches to computer security and privacy problems by combining methods from multiple domains---programming languages, systems, machine learning, and formal methods. His past and present projects have addressed Internet-scale security analyses of networks, systems, and software, and whole-system security hardening for both cloud and mobile endpoints.