Talk: "Secure Distributed Applications using Information Flow Control", Peter Pietzuch

Title: "Secure Distributed Applications using Information Flow Control"
Speaker: Peter Pietzuch, Department of Computing, Imperial College London
Time: Wednesday, June 8th, 10:30h in S2/02 - A102

Ensuring the confidentiality and integrity of data in distributed healthcare or financial applications is challenging. Developers may introduce unintended or deliberate security flaws in different parts of an application, which may lead to the disclosure of sensitive data. While access control mechanisms and source code auditing are used in practice to avoid security flaws, security violations are nevertheless a frequent occurrence.

Instead of avoiding all security flaws, I introduce our work on providing a "safety net" to distributed applications that prevents sensitive data disclosure from happening. Our approach is to use information flow control (IFC) to track the flow of data through a complex, heterogeneous distributed application and constrain undesirable flows that could violate data protection policy. I describe our DEFCon middleware that applies the IFC model to event-based systems in Java, after adding support for strong isolation between objects to the Java runtime. In addition, I present our recent work on PHP Aspis, which uses IFC to protect PHP web applications against injection vulnerabilities.

Dr. Peter Pietzuch is a Lecturer (Assistant Professor) in the Department of Computing at Imperial College London where he leads the Large-scale Distributed Systems (LSDS) group. His research focuses on the design and engineering of scalable, reliable and secure large-scale software systems, including event processing, peer-to-peer and global sensing applications. Dr. Pietzuch has published over forty research papers in peer-reviewed venues, including USENIX ATC, NSDI, ICDE, ICDCS, ACM/USENIX Middleware and DEBS. He has co-authored a book on Distributed Event-based Systems published by Springer. Before joining Imperial College, Dr Pietzuch was a post-doctoral fellow at Harvard University. He holds Ph.D. and M.A. degrees from the University of Cambridge.