Martin Rinard

Computer Security Projects

My research group has worked on multiple computer security projects. All of these projects work with a system and a specification of the security properties that the system must satisfy. The specification is obtained either directly from a developer, by inferring the specification from observations of the system as it operates securely, or derived from standard execution integrity properties that every running program should observe. Some of the techniques dynamically monitor the execution of the system to observe any attempted security property violation, then intervene to change the behavior of the system to eliminate the violation. Others statically analyze the implementation before it executes to verify that all executions will satisfy the security properties (and potentially change the implementation to do so if it may not).

Unlike many approaches, these projects emphasize the continued safe execution of the system even in the presence of attacks so that it provides as much desirable functionality as possible and continues to provide service to legitimate users while under attack.