2021-11-16: Securing software in the presence of realistic attackers and polices

Abstract:
Our world today heavily relies of software systems. They are used in almost every aspect of our society and thus securing them is a crucial and important task. Today, software is used in various settings such as a web or mobile, they are built from different components, and rely on interaction with other software like database systems or servers. This results in complex and heterogeneous software systems which are implemented and deployed under different assumptions about security policies and attacker capabilities. Therefore, while investigating the security of a program in a particular setting one should consider many different factors such as the relation between its building components, the setting specific threats, and relevant attacker models and security polices. In this seminar I will be presenting my research on security of software systems under
two particular settings. First I will talk about dynamic polices and the effects of changing the security policy during the execution of a program. I will discuss different attacker models and investigate their effects on our definition of security. In the second part of the presentation, I will discuss the security of programs that rely on trusted execution environments (TEE) for secure data storage and computation. The security guarantees of a TEE, relevant attacker capabilities, and their effect on the security of the programs developed for TEE will be the main discussion points of this part. Finally, I will also talk about the future direction of my research.

You are welcome to attend the seminar in person or virtually: kth-se.zoom.us/j/68555815435