Andrew Myers

Cornell University

Large distributed software systems are running our civilization, yet they are riddled with vulnerabilities that compromise our security and privacy. Fundamentally, the way these systems are built makes it difficult for developers to reason about security.  Experience shows that it is too difficult to analyze the security and reliability of systems after they are built. Instead, we need a constructive

approach: the process of constructing software should give assurance that it is secure.


Our Fabric programming system explores whether a simple, high-level programming abstraction can offer constructive security for complex distributed systems.  We'd like programming to feel as simple as programming in CS 2110. But the systems we need to build span multiple computers. They incorporate distrusted and unreliable data, code, host machines, and users, and all of these may be added dynamically to the system as it is used. Fabric therefore starts from a Java-like programming model but adds language-level annotations describing confidentiality, integrity, and consistency requirements.  The compiler and run-time system analyze and transform code to enforce these requirements, even in the presence of mobile, possibly adversarial code and data. Fabric therefore offers a constructive approach to building distributed systems such as web applications securely.


This work was done jointly with Owen Arden, Aslan Askarov, Jed Liu, Mike George, Xin Qi, K. Vikram, and Lucas Waye.


B17 Upson Hall

Thursday, September 15, 2011

Refreshments at 3:45pm in the Upson 4th Floor Atrium


Computer Science


Spring 2011

Constructive Security:

Making Systems Easier to Build than to Destroy