Trent Jaeger - Pennsylvania State
Nov 03, 2010
Download: MP4 Video
Watch in your Browser
Watch on YouTube
"Tackling System-Wide Integrity"
Computing system compromises occur because system integrity is not managed effectively. The various parties that contribute to a system, programmers, OS distributors, and system administrators, do not account for integrity threats comprehensively, leading to recurrence of the same kinds of attacks. The problem is that we lack scalable and automated approaches for these parties to assess the integrity of their individual components that enables one to build upon the efforts of others. In this talk, I will discuss an conceptual approach to composing system-wide integrity from enforcement of multiple system layers. This approach is motivated by various work in information flow security, but we find that managing system-wide integrity requires different inferencing approaches and care in mapping actual components to the model. In particular, we will discuss methods to establish a specifications of integrity, validating the initial integrity of system components and channels, and composing systems from such components that protect runtime integrity. We will demonstrate the use of methods on Xen and Linux systems for deploying cloud computing applications. We show that accounting for integrity in component design can lead to comprehensive system-wide management.
About the Speaker
Trent Jaeger is an Associate Professor in the Computer Science and Engineering Department at The Pennsylvania State University and the Co-Director of the Systems and Internet Infrastructure Security (SIIS) Lab. He joined Penn State after working for IBM Research for nine years in operating systems and system security research groups. Trent's research interests include operating systems security, access control, and source code and policy analysis tools. He has published over 90 refereed research papers on these subjects. Trent has made a variety of contributions to open source systems security, particularly to the Linux Security Modules framework, the SELinux module and policy development, integrity measurement in Linux, and the Xen security architecture. Trent is the author of the book "Operating Systems Security," which examines the principles and designs of secure
operating systems. He is active in the security research community, having been a member of the program committees of all the major security conferences, and the program chair of the ACM CCS Government and Industry Track, as well as chairing several workshops. He is an
associate editor with ACM TOIT and has been a guest editor of ACM TISSEC. Trent has an M.S. and a Ph.D. from the University of
Michigan, Ann Arbor in Computer Science and Engineering in 1993 and 1997, respectively.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...