Ensuring Secure Acceptable Execution via Comfort Zone Enforcement

Martin Rinard

MIT EECS and CSAIL

Standard testing approaches are remarkably effective in enabling developers to detect and eliminate defects within the tested regions of the execution and input spaces. Within successfully tested regions (we call such regions the comfort zone of the system), the system almost always works.

Using a combination of learning, dynamic monitoring, and static analysis, we characterize the comfort zone. We then deploy a variety of techniques that monitor the system and, when necessary, intervene to ensure that it remains within its comfort zone.

Our results show that these techniques can nullify security vulnerabilities and enable systems to continue to provide acceptable service despite the presence of otherwise exercised defects and vulnerabilities. They therefore provide a compelling enhancement to today's existing approaches to software quality (which focus on detecting and eliminating software defects).

Bio:

Martin Rinard is a Professor in the MIT Department of Electrical Engineering and Computer Science and a member of the MIT Computer Science and Artificial Intelligence Laboratory. His research interests include parallel and distributed computing, programming languages, program analysis, program verification, software engineering, computer security, and computer systems. Much of his current research focuses on techniques that enable software systems to to survive otherwise fatal errors or security attacks.

Professor Rinard holds a PhD in Computer Science from Stanford University. He is an ACM Fellow and has received many awards including an Alfred P. Sloan Research Fellowship, an NSF CAREER Award, and Distinguished and Best Paper Awards from a variety of publication venues. For more information see: http://people.csail.mit.edu/rinard/.