Security Policies / Deian Stefan
Deian Stefan primarily works on building secure systems by employing programming languages and program analysis techniques. Here is one of several projects Deian, his students, and his collaborators are working on.
We are building a verified HTTP server and a type-safe express.js-like
framework atop this web server. The framework allows developers to specify
security policies declaratively, alongside data models. Our runtime system
ensures that these policies are always enforced, even on third-party library
code. To ensure security, we are developing formal semantics for multi-core
concurrent information flow control runtime systems that can capture covert
channels, such as the scheduler and garbage collector. To validate the
framework we are building 1) an AWS-Lambda like platform for deploying web
applications and 2) an IoT platform that allows in-network data analysis. Both
platforms will leverage language-level isolation mechanisms to address
performance concerns while allowing for multiple tenants to share
infrastructure.