1998 - 1999 CS Annual Report                                                                  Faculty
choices.gif (4488 bytes)

Andrew Myers

Assistant Professor
andru@cs.cornell.edu
http://www.cs.cornell.edu/andru

PhD Massachusetts Inst. of Technology, 1999

Semantic information about programs and data, obtained from the programming language level, provides leverage for addressing difficult problems in computer systems. Programming language ideas can be applied effectively to problems in security, systems, and databases. I am particularly interested in using language-level information to improve security guarantees, performance, and transparency for distributed systems and mobile code. 
One example of this approach is my current work on the problem of protecting secret data. Current trends are making this problem both more important and more difficult. Computer systems are nearly completely connected via the Internet, allowing software to disseminate private information to almost any location. In addition, we increasingly use untrusted software; for example, downloaded  software such as applets. Standard access-control mechanisms are inadequate because they do not control information propagation. The new programming language Jif judiciously extends Java with privacy annotations that facilitate static analysis of information flows within programs. Privacy annotations are decentralized in the sense that they work even in systems with mutual distrust. These innovations make Jif the most practical language yet implemented for static enforcement of privacy policies. Further areas of investigation include extensions to Jif to address covert channels, investigation of its formal properties, and its use for secure distributed computation with mobile code. 

Awards  

  • George M. Sprowls Award for best Ph.D. thesis in the MIT Electrical Engineering and Computer Science Department. 

Professional Activities  
  • Program Committee, International Workshop on Foundations of Object-Oriented Languages, Jan. 2000 
Publications  
  • Practical mostly-static information flow control. Proc. ACM Symp. on Principles of
    Programming Languages (POPL)     (Jan. 1999), 228-241.  
  • Decentralized mostly-static information flow control. Ph.D. Thesis. Technical Report
    MIT-LCS-TR-783 (Jan. 1999). 
Software  
  • PolyJ: Parameterized types for Java. Located at http://www.pmg.lcs.mit.edu/polyj. July 1998.