Security Seminar: Compositional Security for Reentrant Applications with Ethan Cecchetti
June 11, 2021
Next Friday (June 11) at 11AM, we’ll have a security seminar talk with Ethan Cecchetti, who will be presenting his paper that received a best paper award at IEEE S&P ’21.
Title: Compositional Security for Reentrant Applications
Speaker: Ethan Cecchetti
Time: Friday June 11 at 11AM
Abstract:
The disastrous vulnerabilities in smart contracts sharply remind us of our ignorance: we do not know how to write code that is secure in composition with malicious code. Information flow control has long been proposed as a way to achieve compositional security, offering strong guarantees even when combining software from different trust domains. Unfortunately, this appealing story breaks down in the presence of reentrancy attacks. In this talk I will present a highly general definition of reentrancy and reentrancy security that allows software modules like smart contracts to protect their key invariants while retaining the expressive power of safe forms of reentrancy. I will describe how we can combine a type system and run-time mechanism to enforce this new notion of security even in the presence of unknown code.
This work recently received a best paper award at IEEE S&P ’21. The paper is available at https://www.cs.cornell.edu/ ~ethan/papers/serif.pdf
Bio:
Ethan is a final year PhD student at Cornell University working with Andrew Myers and Ari Juels and will be a post-doc with the cybersecurity group at the University of Maryland, College Park starting in the fall. His research focuses broadly on designing secure systems and building tools to ease their development. More specifically, Ethan uses cryptography and language-based tools to secure decentralized applications composed of mutually distrusting subsystems. More information is available at his website: https://www.cs. cornell.edu/~ethan/