Research Statement Dissertation Work: Foundations of Access Control for Systems Security

My research aims to bring principles and techniques from programming languages to the design and implementation of secure and correct systems. To this end, I conduct research that spans the areas of programming languages, security, and verification, while maintaining a strong relevance to systems. In the past, I have studied systems as diverse as operating systems, file systems, web-application frameworks, and mobile-phone platforms. I have developed new principles and techniques—strongly founded in type theory, logic, and abstract interpretation—to analyze such systems for security and correctness. I believe that similar foundations can (and should) guide the construction of secure and correct systems from scratch. To me, research is often a bridge to an ambitious goal—a bridge that needs to be crossed in steps. I tend to work on projects that try to bring cutting-edge research ideas to mainstream practice. This is seldom a trivial task; various practical issues can (and often do) expose inadequacies in conventional research ideas. But these inadequacies usually provide new research opportunities, and solving such problems usually have the potential for significant impact. In the past few years, I have organized and collaborated on various such research efforts, which are discussed below.

[1]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[2]  Shai Halevi,et al.  Enforcing Confinement in Distributed Storage and a Cryptographic Model for Access Control , 2005, IACR Cryptol. ePrint Arch..

[3]  Martín Abadi,et al.  An Overview of the Singularity Project , 2005 .

[4]  Martín Abadi,et al.  Formal security analysis of basic network-attached storage , 2005, FMSE '05.

[5]  Steve Vandebogart,et al.  Labels and event processes in the Asbestos operating system , 2005, TOCS.

[6]  Avik Chaudhuri Dynamic Access Control in a Concurrent Object Calculus , 2006, CONCUR.

[7]  Martín Abadi,et al.  Secrecy by typing and file-access control , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[8]  M. Abadi,et al.  Formal Analysis of Dynamic, Distributed File-System Access Controls , 2006, FORTE.

[9]  David Flanagan,et al.  The Ruby Programming Language , 2007 .

[10]  Michael Howard,et al.  Writing Secure Code for Windows Vista , 2007 .

[11]  Avik Chaudhuri,et al.  Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[12]  Avik Chaudhuri,et al.  On Secure Distributed Implementations of Dynamic Access Control , 2008, ArXiv.

[13]  Avik Chaudhuri,et al.  EON: modeling and analyzing dynamic access control systems with logic programs , 2008, CCS.

[14]  Avik Chaudhuri,et al.  A type system for data-flow integrity on Windows Vista , 2008, SIGP.

[15]  Avik Chaudhuri,et al.  PCAL: Language Support for Proof-Carrying Authorization Systems , 2009, ESORICS.

[16]  Avik Chaudhuri,et al.  Static Typing for Ruby on Rails , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[17]  Dave Thomas,et al.  Agile Web Development with Rails, Third Edition , 2009 .

[18]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[19]  Avik Chaudhuri,et al.  A concurrent ML library in concurrent Haskell , 2009, ICFP.

[20]  Avik Chaudhuri,et al.  Language-based security on Android , 2009, PLAS '09.

[21]  Frank Pfenning,et al.  A Proof-Carrying File System , 2010, 2010 IEEE Symposium on Security and Privacy.

[22]  Robert J. Simmons,et al.  Proofs from Tests , 2008, IEEE Transactions on Software Engineering.