Jonathan McCune is a Research Systems Scientist for CyLab at Carnegie Mellon University. He earned his Ph.D. degree in Electrical and Computer Engineering from Carnegie Mellon University, and received the A.G. Jordan thesis award. He received his B.Sc. degree in Computer Engineering from the University of Virginia (UVA). Jonathan's research interests include secure systems, trusted computing, virtualization, and spontaneous interaction between mobile devices.
posted by Richard Power
CyLab Chronicles: What is SPATE? And what does it do?
Jonathan McCune: SPATE stands for Small-group PKI-less Authenticated Trust Establishment. It is a technique for bootstrapping digital trust amongst a group of people by using physical trust, based on the observation that people who need to exchange sensitive information electronically are likely to have first met in person. SPATE allows a group of physically proximate individuals to conveniently exchange contact information, plus some cryptographic keys, so that standard tools for encrypted email, text-messaging, and file exchange can be used automatically for future communication between group members.
CyLab Chronicles: What challenges does SPATE address -- not just from the technical perspective, but from the business and/or end-user perspectives?
McCune: Let's talk about the end-user perspective. It is really inexcusable that most of us still send all of our email and text messages unencrypted. Software programs to intercept these unprotected communications can be readily found on the internet, which hopefully illustrates the level of threat. Likewise, a quick search on Google will reveal the many dangers of using today's crop of peer-to-peer file-sharing software. There are well-understood mechanisms to protect against these threats, but to date they have a high barrier-to-entry. Security is a secondary objective for the great majority of computer users. What I mean is that, users will often sit down at their computer to write an email. Very few users sit down at their computer to "be secure." To do so with today's available tools requires a level of expertise that is unreasonable to assume of the general population. SPATE represents progress towards solving these problems because it can be used to bootstrap secure communications without requiring the user to even be aware of how it works behind the scenes. Users perform a quick interaction with their mobile phones, in person, once. It involves taking a photograph and comparing two images. From then on electronic communications between these users can automatically leverage state-of-the-art protection.
CyLab Chronicles: What is Flicker? And what does it do?
McCune: Flicker is an architecture that the developers of computer applications can use to improve the security of the programs they write. It leverages low-level techniques to run the sensitive portions of computer programs in isolation from all other programs and devices on the system. This even extends to the operating system. With Flicker, we don't have to trust it. This way, even if a system is infected with malware such as a worm or Trojan, the code running with Flicker's protection remains safe. In some sense, this is the opposite of an anti-virus program, which attempts to make sure no malware is installed. Flicker is built assuming that malware will be installed, and uses very strong hardware-based isolation to hide from it. Flicker is also constructed such that one computer can verify whether another computer ran a program using Flicker's protections. This is possible even if these computers are located on opposite sides of the globe. One example of when this capability is extremely useful is when a mobile device such as a laptop or smartphone wants to connect to a corporate network using a VPN. Servers on the corporate network can verify that the mobile devices are running protected code before allowing them to connect.
CyLab Chronicles: What challenges does Flicker address -- not just from the technical perspective, but from the business and/or end-user perspectives?
McCune: Since Flicker is a development technique, end-users need not even be aware of its existence. From a business perspective, Flicker may be compelling because it enables programs to be written such that they are much harder to attack and compromise. So far, Flicker is a research prototype, and it does not run as fast as we would like. It also requires a lot of expertise from developers. We are continuing to work to improve Flicker in both of these areas, so that Flicker-protected programs can run just as fast as ordinary programs today, and so that many of these protections can be applied to existing applications, with little or no extra work required of programmers.
CyLab Chronicles: What else would you like to share about your research in the area of Trusted Computing? What are you working on? What do you see as important?
McCune: Trusted Computing is a relatively young area, but it is ripe with opportunity because many of the major companies in the computing industry have decided to invest in the hardware changes required to make these technologies work. This is a rare opportunity, because the level of competition in the computer industry tends to prevent long-term investment in security-related technologies without an immediate return-on-investment.
Today we cannot say with any degree of certainty that a computer system is secure. In fact, I can say with a very high degree of confidence that there is still another yet-to-be-discovered vulnerability in every software program of significant size. My research can be described as trying to make computers trustworthy. That is, cause them to behave in a predictable way, so that we can say with some degree of certainty that the data they process will not be leaked unintentionally, or that they are not susceptible to malware. I believe this should be possible not just for experts and well-funded governments or companies, but for all computer users. This is a tall order, and we may not see a complete solution for many years. However, it is a very important problem, and I am determined to make progress. It is also important to distinguish between the commercial need to justify the investment in this technology, and the world-wide need to fundamentally change the way our computers work so that they can become more secure. Those who are most successful in this area will likely find a way to bring these sometimes contradictory objectives into alignment.
See all CyLab Chronicles articles