David Evans
Yahoo! Tech Talk
16 October 2008
Increases in transistor counts, without corresponding advances in programming techniques and I/O latency, has lead to a situation where unused computing capacity is often cheaply available. Our research explores ways to use redundant computation to improve security. I will present a new architectural framework that uses redundant computation and artificial diversity to enhance security. The framework runs variants in a synchronized way that requires an attacker to compromise one of the system variants without producing detectably different behavior in another system variant. By constructing variants with disjoint exploitation sets, we make it impossible to successfully carry out large classes of important attacks. In this talk, I will describe our framework, identify some useful variations, and present results using a prototype implementation to protect an Apache server.
Bio
David Evans, currently on sabbatical visiting UC Berkeley, is an
Associate Professor at the University of Virginia and Founding
Director of the Interdisciplinary Major in Computer Science. He has
SB, SM and PhD degrees in Computer Science from MIT. His other
research interests include program analysis, RFID privacy, and web
application security. The talk describes joint work with Ben Cox,
Anh Nguyen-Tuong, Jonathan Rowanhill, John Knight, and Jack
Davidson.
David Evans - Talks University of Virginia Department of Computer Science |
David Evans evans@virginia.edu |