BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Memento EPFL// BEGIN:VEVENT SUMMARY:IC Colloquium : Securing information release: systems\, models\, a nd programming languages DTSTART:20130404T161500 DTEND:20130404T173000 DTSTAMP:20260407T053550Z UID:0629cd664cb7bbd1343db985c5690777dc84553b6498f2a363d64347 CATEGORIES:Conferences - Seminars DESCRIPTION:Aslan Askarov\, Harvard University\, School of Engineering and Applied Sciences\nIC faculty candidate\nAbstract\nComputer systems someti mes need to release some confidential information. However\, they must als o prevent inadvertent release of information that should remain confidenti al. These requirements significantly complicate reasoning about system sec urity\, and are not addressed by conventional security mechanisms. To prov ide assurance for such systems we need to develop principled approaches fo r specifying and enforcing secure information release. In this talk\, I wi ll describe how this can be achieved using systems and programming languag es techniques.\nThe first part of the talk will focus on controlling inadv ertent leaks in complex systems.  I will discuss the leaks that happen wh en an adversary can measure the time at which a system performs an observa ble action\, also known as timing channels. I will explain how timing chan nels present a serious threat in computer security\, and introduce predict ive mitigation---a general technique for mitigating timing channels that w orks by predicting timing from past behavior and public information. Rathe r than eliminating timing channels entirely\, predictive mitigation bounds the amount of information that an adversary can learn via timing channels with a trade-off in system performance. Under reasonable assumptions\, th e bounds are logarithmic in the running time of the system.\nThe second pa rt of the talk will present insights into the formalization of practical s ecurity specifications for the intentional release of confidential informa tion. I will introduce a programming language-based framework that provide s a formal vocabulary for expressing such specifications. Example specific ations include what information may be released\, when a release may happe n\, and whether an adversary has any control over a release. These specifi cations are soundly enforceable using a variety of static and dynamic prog ram analyses.Biography\nAslan Askarov is currently a postdoctoral fellow a t Harvard University\, and was previously a postdoctoral associate at Corn ell University. He received a PhD from Chalmers University of Technology i n Gothenburg\, Sweden in 2009. Aslan's research interests include computer security\, programming languages\, and systems. LOCATION:BC 420 https://plan.epfl.ch/?room==BC%20420 STATUS:CONFIRMED END:VEVENT END:VCALENDAR