The TAU Programming Languages and Systems Seminar - Closing the Loop on Secure Operating System Design

Abstract

Secure system design should be guided by two principles: (1) system security should not impede third-party developers, who are often the main source of innovation, and (2) systems that secure third-party extensions also improve security by reducing the amount of specially-privileged first-party code.

Unfortunately, very few systems today adhere to these principles. This is not merely a result of poor system building. It is hard to design highly extensible systems that are both secure and useful. Moreover, the research community often fails to evaluate novel designs under real-world usage by actual practitioners. As a result, many promising research approaches remain difficult to adopt in practice.

I'll describe Tock, an operating system for microcontrollers we designed with these principles in mind. I'll discuss how we continuously evaluate Tock by engaging with practitioners, and how lessons from practitioners have fed back into the system's design.

Bio

Amit Levy is a Computer Science PhD student at Stanford University. He works with David Mazières in the Secure Computer Systems group and Phil Levis in the Stanford Information Networks Group.  Amit's research involves building secure operating systems, distributed security, and networks, often with the aid of programming language. His work has been published in systems, security and programming language conferences including SOSP, OSDI, USENIX Security and ICFP. Recently, he's been working on a new secure operating system for low-memory microcontrollers, called Tock.

He holds M.Sc's in Computer Science from Stanford and University of Washington and a B.Sc in Computer Science and Economics from University of Washington.