[talks] A Blankstein general exam

Melissa M. Lawson mml at CS.Princeton.EDU
Thu Jan 17 13:35:34 EST 2013

Aaron Blankstein will present his research seminar/general exam on Thursday January 24 at 
Noon in Room 402. The members of his committee are: Michael Freedman (advisor), Ed 
Felten, and Vivek Pai. Everyone is invited to attend his talk, and those faculty wishing to 
remain for the oral exam following are welcome to do so. His abstract and reading list follow 
----- Original Message -----

In many client-facing applications, a vulnerability in any portion can 
compromise the entire application. In this talk, I describe the design 
and implementation of Passe, a web framework that provides integrity 
and confidentiality guarantees for existing applications. Passe 
automatically splits (previously single-process) web applications into 
sandboxed processes, and then limits the types of queries each 
component can make to shared storage. While previous approaches like 
Decentralized Information Flow Control sought to provide security 
guarantees by explicitly labeling and tracking data, Passe provides 
similar guarantees by instead enforcing integrity constraints on 
database queries, even when they originate from compromised 
components. Further, rather than requiring developers to specify such 
constraints explicitly, Passe infers these constraints during a 
testing phase, in which it assumes that the “proper” execution of 
database queries is reading and writing data appropriately. Such 
policy inference allows Passe to execute unmodified applications 
without explicit policies. I present a prototype of Passe which acts 
as a drop-in replacement for the Django web framework. By running 
seven unmodified, off-the shelf applications in Passe, I demonstrate 
its ability to provide strong security guarantees with reasonable 

Reading List 

"Principles of Computer System Design" - Saltzer and Kaashoek 

"The KeyKOS Nanokernel Architecture" A. Bomberger, A. Frantz, 
W. Frantz, A. Hardy, N. Hardy, C. Landau, and J. Shapiro. 

"Complete, Safe Information Flow with Decentralized Labels" A. Myers 
and B. Liskov. 

"Hails: Protecting data privacy in untrusted web applications." Daniel 
B. Giffin, Amit Levy, Deian Stefan, David Terei, David Mazières, John 
Mitchell, and Alejandro Russo. 

“The protection of information in computer systems,” J. H. Saltzer and 
M. D. Schroeder, 

"Information Flow Control for Standard OS Abstractions" (Flume) Max 
Krohn, Alexander Yip, Micah Brodsky, Natan Cliffer, M. Frans Kaashoek, 
Eddie Kohler, Robert Morris 

"Making information flow explicit in HiStar. " Nickolai Zeldovich, 
Silas Boyd-Wickizer, Eddie Kohler, and David Mazières. 

“Bugs as deviant behavior: a general approach to inferring errors in 
systems code" D. Engler, D. Y. Chen, S. Hallem, A. Chou, and B. Chelf 

“All you ever wanted to know about dynamic taint analysis and forward 
symbolic execution (but might have been afraid to ask),” E. J. 
Schwartz, T. Avgerinos, and D. Brumley 

“Building secure high-performance web services with OKWS" - Max Krohn 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cs.princeton.edu/pipermail/talks/attachments/20130117/76b0d715/attachment.htm>

More information about the talks mailing list