Research interests

It is too hard to build trustworthy software systems using conventional systems APIs. I work on higher-level, language-based abstractions for programming that better address important cross-cutting concerns: security, extensibility, persistence, distribution.

Recent and upcoming publications

A type system that enforces expressive policies for information erasure and declassification.

The first implemented voting system that offers universal verifiability and coercion resistance.

Jif security labels drive the partitioning of code and data into secure server-side Java and responsive client-side JavaScript.

Secure information flow can be soundly enforced even with expressive dynamic policies, using a dependent type system.

Conventional measures of quantitative information flow are based on uncertainty, but accuracy is a better basis.

[Undergraduate and MEng research opportunities]

Awards

Current Projects

• STONESOUP: studying how to certify and run software of uncertain provenance securely
• Civitas: A practical, secure, remote voting system.
• Swift: Making web applications secure by construction.
• SIF: Servlets with secure information flow.
• Fabric: A federated system for securely storing, sharing, and computing information.
• Integrating security and fault tolerance
• Jx/J&: a language for extensible, composable software frameworks
• Jif: an extended version of Java that protects privacy by controlling information flow
• JMatch: a Java extension with pattern matching and interruptible iterators
• Polyglot: an extensible Java compiler front end framework for rapid experimentation with new language extensions (the Jif and JMatch compilers build on Polyglot.)
• Program Committees: Co-chair, IEEE Symposium on Security & Privacy '09; PC Member, ACM SIGPLAN Types in Language Design and Implementation (TLDI) 2009, ACM SIGPLAN Programming Languages and Analysis for Security '08 (PLAS), IEEE Symposium on Security & Privacy '08
• DARPA Information Science and Technology Study Group (ISAT)
• Editorial Board, Journal of Computer Security and ACM Transactions on Information and System Security
• Invited conference talks: FMOODS 2008

Older Projects

• Program Committees: SOSP ('01, '07), Security & Privacy '07, OOPSLA'06, HOTDEP'06, CSFW 2006, USENIX Security 2006, FAST'05, POPL'05, OSDI ('00, '04), CCS'04, SIGOPS European Workshop '04, IEEE Security and Privacy ('01, '04, '07, '08), NDSS'04, CSFW'04, PLDI'02, FOOL'00.
• Jif/split: a version of Jif that automatically partitions programs to run securely on a distributed system.
• J₀: Java for novice programmers
• PolyJ: an extended version of Java that supports parametric polymorphism, freely available for both Windows and Unix.
• Thor, a distributed object-oriented database, and Theta, the internal programming language of Thor. This work provided scalable techniques for efficiently implementing distributed, persistent objects and language features such as methods and parametric polymorphism.
• Organizer, Dagstuhl seminar on Mobility, Ubiquity, and Security (Feb.'07)
• Invited and keynote talks: ESOP'05, PASTE'05, FMSE 2005

Courses

• PLDI 2006 tutorial: Expressing and Enforcing Security with Programming Languages
• Summer School on Software Security, June 2004
• CGO'03 tutorial: Security through Languages and Compilers
• CS211, Computers and Programming (S06)
• CS312, Data Structures and Functional Programming (S02–S04,S07–S08) [CS312 Tournaments]
• CS412/413, Introduction to Compilers (S99–S01)
• CS504, Applied Systems Engineering I (F00–F04)
• CS513, System Security (F06)
• CS611, Advanced Programming Languages (F99–F01, F04–F05, F07)
• CS711, Advanced Programming Languages Seminar ( F02, F03)
• Engineering 150 (F04, F06)
• CS754, Cornell Systems Lunch (2001–2008) (with E. Gün Sirer)