Salvatore Guarnieri
I am a 2nd year grad student at the University of Washington. I am exploring the intersection of programming languages, security, and systems. I am advised by Dan Grossman and Yoshi Kohno in my efforts to advance these fields and make it easier for people to write code that produces secure systems.
My long term research focuses on automatically producing secure code during the compilation phase, where secure is defined by a programmer supplied attacker model. The end product, a SOC, will be used much like a current optimizing compiler, except the output of the compiler will be a program that is secure according to the attacker model.
The idea is that it is much simpler to state the attacker model than to write code that obeys an attacker model. Using this model, programmers won't need to write convoluted code to accomplish basic security tasks, like eliminating timing leaks or ensuring data is overwritten after its last use. This makes it easier to write secure programs and it makes it easier to analyze programs to ensure they are secure.
I am also working on various shorter-term projects in the security field. My current project (with Yoshi, Sameer, and David) is studying the information leaked when encoded audio files are streamed over the Internet. The encryption used is provably strong, but as with all things in security, if you encrypt data naively, properties of the data are still visible in the encrypted data.
With this research, we hope to show how a programmer can limit information leakage without sacrificing the performance, or any other important property, of their application.
The information leakage studied in this project actually relates back to my long term research goals. Information leakage is one of the properties that a programmer can easily say they want to avoid, but it is a property that is hard for a programmer to ensure is present in a program. A SOC will know about this form of information leakage and when the programmer states that certain data must be kept completely confidential, the SOC will ensure the data is carefully encrypted to avoid any information leakage that we discover during our research.