CSE Colloquium: Principled and Practical Approaches to Secure Open-Source Systems and Beyond

Abstract

Open-source programs are everywhere and have become the backbone of today’s cyber world. Among them, system programs such as operating-system kernels and firmware are arguably the most critical ones, and their security may affect billions of devices and users.

Modern systems have become extremely complex, often containing millions of lines of code written in unsafe programming languages. As a result, they are unfortunately insecure, and a single security bug (vulnerability) may compromise the whole system and even a large portion of the network. In this talk, I will discuss how to secure open-source systems with principled and practical approaches. I will first introduce three important properties of secure open-source systems: understandability, assurability, and sustainability. Correspondingly, I will then discuss how to achieve these properties with an overarching, three-pronged approach: program understanding and reasoning, secure-by-design defense, and sustainable security protection. In addition, I will introduce our scalable and precise large-system analysis framework, and discuss our work on securing emerging platforms such as trusted execution environments and IoT devices. At last, I will conclude by discussing challenging but exciting research directions for future work.

Biography

Dr. Kangjie Lu is an assistant professor in the Computer Science & Engineering Department of the University of Minnesota-Twin Cities. His research interests include security and privacy, software engineering, operating systems, and security ethics. He is particularly interested in developing both principled approaches that address fundamental security problems and practical techniques that secure real-world systems. His research also frequently intersects with other fields such as machine learning and NLP, programming languages, compilers, architecture, and formal methods. His research results are regularly published at top-tier venues and have led to many important security updates in widely used software systems such as the Linux kernel, the Android OS, the FreeBSD kernel, Apple’s iOS, OpenSSL, PHP, etc. He is a recipient of the NSF CAREER award 2021 and won the best paper award at ACM CCS 2019 and a distinguished paper award at ACSAC 2022. He received his Ph.D. in Computer Science from the Georgia Institute of Technology in 2017.

Faculty Host: Dr. Trent Jaeger

Research Area: Computer Security