CS Logo      
space
bar Information bar Events bar Admissions bar People bar Courses bar DegreePrograms bar Research bar Publications bar
space
design
»  Architecture
bar
»  Artificial Intelligence
bar
»  Computational Biology
bar
»  Databases
bar
»  Languages & Compilation
bar
»  Graphics
bar
»  Systems
bar
»  Scientific Computing
bar
»  Security
bar
»  Theory of Computing
bar
space
Security
space
Home » Research
space

Security

"The nation's security and economy rely on infrastructures for communication, finance, energy distribution and transportation - all increasingly dependent on networked information systems. When these networked information systems perform badly or do not work at all, they put life, liberty and property at risk." --National Research Council, Trust in Cyberspace

Cornell is a leader on a broad range of research issues related to computer security. Under the aegis of the Information Assurance Institute co-located within our department, we tackle the fundamental problem of ensuring the security and reliability of our global critical computing infrastructure.

Currently, we have many different active research projects aimed at developing a science and technology base to enhance information assurance and ensure the trustworthiness of networked information systems. These project areas range from system and network security to reliability and assurance:

Emin Gün Sirer and Fred B. Schneider are leading the development of a new operating system, called the Nexus, for trusted computing. Newly emerging secure coprocessors make it possible to build systems that can provide unprecedented security guarantees; unfortunately, past efforts at achieving these properties have yielded systems that restrict the user's control over her local machine. The Nexus is a new operating system, built from scratch, that proposes new system abstractions, mechanisms and a novel system architecture for taking advantage of secure computing hardware. It enables users to take advantage of the security guarantees of secure coprocessors without limiting the user's flexibility and control over the local software configuration. The resulting system enables novel applications, including spam-free email, secure firewalls, and flexible digital rights management systems.

The Language-Based Security project at Cornell University aims to develop and refine new security enforcement mechanisms that are well suited for networked computing systems built from extensible components. Our work is broad in scope but has a common theme: leveraging recent developments in the field of programming languages while building on classic computer security principles. This research leverages programming language technology including in-lined reference monitors, flexible, type-based enforcement of information flow policies, and efficient certifying compilers.

The COCA (Cornell On-line Certification Authority) project, led by Fred B. Schneider, is concerned with composing fault-tolerance and security. Traditionally, these two elements of system trustworthiness have been treated as distinct problems with disjoint solutions. Yet when replication is used to achieve fault-tolerance, replicated secrets (such as private keys) become more vulnerable to compromise. COCA examines how to securely compose fault tolerance with security in the context of a fault-tolerant and secure on-line certification authority prototype we built and deployed.

The Quicksilver project is interested in security issues arising in large-scale systems where probabilistic mechanisms are used, like the ones in our Bimodal Multicast and Astrolabe technologies. We're tackling several dimensions of the question: how to build new security mechanisms that use these kinds of scalable, robust tools, how to secure the tools themselves, and how to deal with scalability issues that arise when building secure systems. An example of a concrete problem we would like to look at in the coming year involves security issues seen in scalable publish-subscribe systems -- we're building one and the security issues that arise seem to be new and really interesting.

Examples of recent systems we've built include Quicksilver (a scalable publish-subscribe technology, for which the project was named), Tempest (a development tool for building scalable web services, running on our Ricochet protocols), and Fireflies, a Byzantine-fault tolerant, rapidly adaptive, overlay technology that supports scalable media delivery.

The Jif project, led by Andrew Myers, examines security-typed programming languages that extends Java with support for static information flow control. Static information flow control is a promising new approach to protecting the confidentiality and integrity of information manipulated by computing systems. The compiler tracks the correspondence between data and the information flow policies that restrict its use, so that security is enforced in an end-to-end fashion.

Joe Halpern is looking at logics for reasoning about various aspects of security, including logics that can model resource-bounded intruders, that can deal with both qualitative and quantitative aspects of security, for reasoning about noninterference and for reasoning about security policies inolving permission, authority, control, and delegation. Together with students, he is also building a system that gives users a nice front end for inputting and enforcing security policies.

The ECC project, led by Dexter Kozen, addresses issues of performance and ease of implementation in the verification of basic safety properties for untrusted mobile code. In contrast to other more general approaches, it sacrifices language and implementation independence for performance and succinctness of certificates. Verification takes place at the level of native code and does not require just-in-time compilation. We ensure a basic but nontrivial level of code safety, including control flow safety, memory safety, and stack safety. A prototype has been implemented for SCHEME to x86. Current work includes applying this technology to boot-time drivers for plug-in components in the context of the IEEE Open Firmware standard.

he CorSSO project, led by Emin Gün Sirer and Fred B. Schneider, is developing a decentralized, fault-tolerant network single sign-on service. Similar to Microsoft's passport, the goal of a single sign-on service is to authenticate users. Unlike Microsoft's passport, CorSSO enables application servers to delegate client identity checking to sets of authentication servers, wherein the compromise or failure of a threshold of authenticators will not impact the correctness of the overall authentication system. A novel partitioning of the work associated with authentication of principals means that the system scales well with increases in the numbers of users and services.

Besides the samples cited above, there are many other ongoing projects at Cornell related to all aspects of system security, ranging from highly applied work on intrusion detection to theoretical foundations of computer security.

Overall, the breadth and depth of the projects undertaken at Cornell are a direct result of the well-integrated, diverse and collegial environment that our department provides. Our work draws its strength from the synergy between the groups working on security, programming languages, operating systems, logic and formal methods.

Faculty and Researchers

Ken Birman
Joe Halpern
Dexter Kozen
Andrew Myers
Rafael Pass
Fred Schneider
Gün Sirer

Ongoing and Recent Projects

Astrolabe
COCA
CorSSO
ECC
Jif
Nexus
space
bar
bar
[ About Us · Contact Us · Feedback · Site Map ]