Deian Stefan primarily works on building secure systems by employing programming languages and program analysis techniques. Here is one of several projects Deian, his students, and his collaborators are working on.
We are designing a domain specific language for writing constant-time code,
such as the cryptographic primitives at the core of TLS/SSL. FACT provides
developers with high-level constructs and low-level hardware capabilities
(e.g., instructions for AES, add with carry, and conditional move).
Simultaneously, FaCT’s type system ensures that executable code cannot leak
sensitive data (e.g., secret keys) via covert timing channels.