Nickolai Zeldovich, Stanford University

Building secure systems around information flow control


Abstract:

Today's state of computer security resembles an arms race: the
bad guys are constantly searching for new ways to break in, and
being safe requires staying one step ahead of them in cutting
off avenues of attack.  This strategy is simply too risky and
too expensive in the long run.  In this talk, I will argue that
we need to address security at a much more fundamental level,
and I will show how rethinking the design of operating systems,
network protocols, and hardware can provide a solid foundation
for building applications in a way that does not introduce
vulnerabilities faster than we can fix them.

Much of the challenge stems from the fact that real systems
are constantly evolving, and that most programmers are not
security-conscious, resulting in code rife with security
vulnerabilities.  Instead of trying to fix code, this talk
will focus on mechanisms that protect data, by controlling
how data can move through the system.  The key insight is that
data movement cuts across layers: any data in an application
can also be viewed as memory or files by the OS, or as physical
pages by the hardware.  This means that even if the application
code is poorly written, we can still protect application data
by controlling the flow of information at a much lower level.