BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:CRASH/SAFE: Clean-slate Co-design of a Secure Host Architecture - 
 Catalin Hritcu\, University of Pennsylvania 
DTSTART:20130328T100000Z
DTEND:20130328T110000Z
UID:TALK43865@talks.cam.ac.uk
CONTACT:Microsoft Research Cambridge Talks Admins
DESCRIPTION:An important cause for the insecurity of today's computer syst
 ems is security--performance trade-offs made decades ago\, which are now d
 eeply embedded in the hardware and software ecosystem\, but which are base
 d on assumptions that are now obsolete. We are now living in an era in whi
 ch security is no longer a side issue\, hardware resources are abundant\, 
 and formal methods are more practical\, so the time is ripe for a redesign
 .\n\nThe CRASH/SAFE project brings together academics (University of Penns
 ylvania\, Harvard\, and Northeastern) and industry (BAE Systems and Clozur
 e Associates)\, with the very ambitious goal of designing a significantly 
 more secure network host from scratch\, without any legacy constraints. In
  this DARPA-funded project\, we have undertaken a clean-slate co-design of
  novel hardware\, operating system\, programming language\, and verificati
 on strategy based on modern cost structure and capabilities.\n\nThe SAFE h
 ardware and a very thin layer of privileged software (a zero-kernel operat
 ing system)\, provide a run-time system for Breeze\, a safe high-level lan
 guage in which application software is written. This simpler design elimin
 ates some of the traditional sources of complexity in operating systems an
 d makes formal analysis more tractable. Moreover\, safety and security are
  enforced at all layers of the system\, not just at the programming langua
 ge level. The SAFE hardware and runtime system dynamically enforce type an
 d memory safety as well as fine-grained dynamic information-flow control (
 IFC) and label-based access control (clearance).\n\nI'm going to talk abou
 t the CRASH/SAFE project in general and about a couple of specific researc
 h problems on which I've been working. I will focus on the novel exception
  handling mechanism in Breeze\, which allows IFC violations to be recovera
 ble exceptions as opposed to fatal stop-the-world failures. This work iden
 tifies public labels and delayed exceptions as the crucial ingredients for
  making all errors recoverable in a sound and usable language with fine-gr
 ained dynamic IFC. Finally\, I'm going to discuss several directions for f
 uture research.\n
LOCATION:Auditorium\, Microsoft Research Ltd\, 21 Station Road\, Cambridge
 \, CB1 2FB
END:VEVENT
END:VCALENDAR