Security and privacy are primary concerns for modern distributed systems, the cloud, and Web applications in general. The worrying number of cyber-security incidents, and the recent revelations on mass-surveillance and privacy abuses, testify to the dire state of the art, and the need for significant progress from both industry and academia. The widespread presence of connected, embedded devices, and the need for highly performant solutions, pose additional challenges that are particularly relevant to HiPEDS.
We adopt a multi-pronged approach for improving the security of distributed systems. For example, we have:
- Built formal models of existing technologies (e.g. JavaScript, PHP, HTTP(S), HTML5) using process calculi and operational semantics, in order to precisely describe the behaviour of distributed applications and the security or privacy policies that they are intended to satisfy.
- Analyzed deployed systems (e.g. social network authentication, encrypted cloud storage, password managers) in order to identify the attack surface of each application, and extract knowledge on potential flaws. When appropriate, we investigated and reported security vulnerabilities.
- Designed new solutions (e.g. verification tools, type systems, secure languages) that can demonstrably improve the state of the art.
To pursue this research further, we are looking for excellent PhD candidates with a strong background in formal methods or systems/software engineering, and a keen interest in security.
Dr. Sergio Maffeis