-
CS Colloq: Bryan Parno
Thu, Mar 25, 2010 @ 03:30 PM - 05:00 PM
Thomas Lord Department of Computer Science
Conferences, Lectures, & Seminars
Talk Title: Secure Code Execution on General-Purpose Computers
Speaker: Bryan Parno
Host: Prof. Ramesh GovindanAbstract:
As businesses and individuals entrust more and more sensitive tasks (e.g., paying bills, shopping online, or accessing medical records) to computers, it becomes increasingly important to ensure this trust is warranted. However, users are understandably reluctant to abandon the low cost, high performance, and flexibility of today's general-purpose computers. Thus, one of the fundamental questions I consider is: How can secure code execution coexist with the untrustworthy mountain of buggy yet feature-rich software that is common on modern computers?
For example, how can we keep a user's keystrokes private if the operating system, the most privileged software on the computer, cannot be trusted to be free of vulnerabilities? This is made all the more difficult by the need to preserve the system's existing functionality and performance.In this talk, I will present two techniques I have developed to address the need for features and security. With the Flicker architecture, I showed that that these conflicting needs can both be satisfied by constructing an on-demand secure execution environment, using a combination of software techniques and recent commodity CPU enhancements. This provides a solid foundation for constructing secure systems that must coexist with standard software; the developer of a security-sensitive code module need only trust her own code, plus as few as 250 lines of Flicker code, for the secrecy and integrity of her code's execution.Flicker assumes that a small portion of the computer's hardware can be trusted, but an increasing number of computing tasks are outsourced to the "cloud", where the user has no such guarantees. To formalize this setting, I introduced the notion of verifiable computing and designed a protocol to provably and efficiently provide computational integrity for work done by an untrusted party. The protocol also provides provable secrecy for the inputs and outputs of the computation. In addition, my protocol provides asymptotically optimal performance (amortized over multiple inputs). This result shows that we can outsource arbitrary computations to untrusted workers, preserve the secrecy of the data, and efficiently verify that the computations were done correctly.Bio:
Bryan Parno is a PhD candidate in Electrical and Computer Engineering
(ECE) at Carnegie Mellon University. He earned his Masters in ECE at Carnegie Mellon University, and his Bachelors in Computer Science at Harvard University. His current work focuses on the foundations of trust on modern computers. His research interests include computer security, systems, networks, and applied cryptography. In his spare time, he enjoys photography and volunteering as an Emergency Medical technician.
Location: Seaver Science Library (SSL) - 150
Audiences: Everyone Is Invited
Contact: CS Front Desk
