My primary focus is building an Operating System called Ethos, which will make it far easier to create robust applications, that is, applications which withstand attack. We believe that due to the high penetration of all kinds of software, it will be necessary to completely replace our current software base.
Its an enormous undertaking, we need help! We're looking for programmers which are interested in operating systems, compilers, or userspace environment. If interested, make an appointment and come and see me.
My research interests are in Computer Security and Privacy, Operating Systems, the Web, Distributed Systems, and Networks. Current projects include
- Ethos, an operating systems designed for security.
- SayI/SayAnything A distributed authentication infrastructure based on public key cryptography.
- Authorization: what a system allows to happen (theory, operating systems, and high-level specifications);
- Secure networking including Distributed Denial of Service mitigation and ensuring integrity and confidentiality of communication.
- EAGER: Collaborative: Faster and Stronger Onion Routing (FASOR) from the National Science Foundation
- TWC: Medium: A Layered Approach to Securing Web Services from the National Science Foundation
- TC:Medium: The impact of operating systems on application robustness, from the National Science Foundation
- CRI: The SecLab at UIC from the National Science Foundation
- Homeland Security STEM Fellowships, from the Department of Homeland Security
- CT: High-Level Authorizations into Kernel-Level Configurations from the National Science Foundation
- Fall'16: CS 587: Computer Systems Security.
- Ethos: weekly meeting for Ethos project members (Friday @ 12:00)
- Ethos hackathon (Friday @ 1:00)
BloggingI tweet (@JonSolworth), mostly about progress on the Ethos project. We're trying to get MinimaLT, our TLS replacement out. I started blogging (Insecurity Blog). I just couldn't help myself.
Recent program committees
- Program Co-Chair: Fifth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE), 2015
- Program Committee, Embedded Operating System Workshop (EWILI), 2014-2015
- Program Committee, International Conference on Availability, Reliability and Security (ARES), 2008-2015
- Program Committee, ACM Workshop on Digital Identity Management (DIM 2011)
- Program Committee, New Security Paradigms Workshop (NSPW), 2008.
- Program Committee, 8th Symposium on Identity and Trust on the Internet (IDtrust 2009, 2010, 2011).
- Program Committee, ACM Computer and Communications Security (CCS 2009).
- Program Committee, ACM Symposium on Information, Computer and Communications Security (AsiaCCS), 2007.
- Program Committee Co-Chair and Organizer (2007) and Program Committee Member and Organizer (2008) 1st Computer Security Architecture Workshop (CSAW), co-located at ACM/CCS
Center for Research and Instruction in Technologies for Electronic Security (RITES)
In December, 2005 the Center for Research and Instruction in Technologies for Electronic Security (RITES) was established at UIC to coordinate research and education in the areas of computer security and privacy. In 2007, RITES was designated by NSA/DHS as a National Ceneter for Academic Excellence in Information Assurance Education.
EducationPh.D. Computer Science,New York University, 1987
M.S. Computer Science, New York University, 1981
B.A. Computer Science, New York University, 1978
I consult from time to time in the area of computer security, and have taught industrial courses on computer security.
The Oakland PapersIn 2004, Bob Sloan and I had a paper a IEEE Symposium on Security and Privacy (called in the community the Oakland Conference) on the decidability of a model which could represent each of the Discretionary Access Control (DAC) systems in the Osborn-Sandhu-Munawer DAC taxonomy. Our model was the first which was known to be sufficiently expressive to represent these DAC systems and which could be analyzed with respect to the safety problem.
In 2005, Prof. Li and Mahesh V. Tripunitara published a paper in Security and Privacy which among other things claimed that our model was incorrect (and furthermore, mischaracterized our model with respect to decidability). Here is a link to our statement on their paper.