He won’t start work until next year, but Deian Stefan has accepted an appointment as assistant professor in the Department of Computer Science and Engineering (CSE) at the University of California, San Diego, effective in July. His research interests are in building principled and practical secure systems, and he will join CSE’s Security and Cryptography, Systems and Networking as well as Programming Languages groups.
Stefan joins the CSE department with a Ph.D. fresh from Stanford University. His dissertation focused on “Principled and Practical Web Application Security,” under advisors David Mazières of Stanford’s Secure Computer Systems Lab and John C. Mitchell in the Security Lab.
His delayed arrival on campus will allow Stefan to build up his startup, GitStar, where he currently serves as president and chief scientist. GitStar provides developers with tools for deploying web applications with minimal trust. The company builds on Stefan’s prior research on confinement and information flow control.
Gitstar wants to change the way developers build and deploy web applications. “The company will be consuming his immediate cycles before he joins us in Fall 2016,” said CSE Chair Rajesh Gupta in announcing Stefan’s appointment. “A big thanks is due to our recruiting committee, led by Mohan Paturi, which continues to attract compelling talent to the department.”
GitStar flips the traditional application security model from allow-by-default to deny-by-default. “With GitStar,” said Stefan, “you can use third-party modules and ensure they can only perform safe operations, as explicitly allowed by the application’s security policy. This is in contrast to today’s model where any code you use has unfettered access to the file system, database, network, etc.” The framework, now undergoing pilots, allows developers to not only secure their Node.js applications, but also be more productive. “By offloading security enforcement to GitStar, developers can build and deploy applications faster since, firstly, they don’t need to worry about getting subtle security checks right in their application code, and secondly, they can use the latest, hottest (and potentially unsafe) libraries,” added Stefan.
At Stanford, Stefan worked in Programming Languages and Systems in addition to Security. He co-instructed two courses on Programming Languages, and was a teaching assistant for a graduate seminar on advanced topics in Operating Systems. Stefan said he wants to develop a course at UC San Diego on browser engines that could complement OS courses with a platform for exploring concepts such as resource management, concurrency, scheduling, security and interface design. “The course would cover the major subsystems of the browser, including the network stack, security architecture, JavaScript engine, the Document Object Model (DOM), and the renderer,” explained Stefan. “More importantly, it will explore the interaction between these subsystems and how fundamental concepts arise in such a large, real-world system.”
On the systems side, Stefan has worked on a series of novel security systems:
● COWL is a backwards-compatible browser confinement system designed for web developers to build secure, client-side applications such as mashups involving multiple distrusting parties;
● Hails is a security-centric Haskell framework for building extensible web applications. It allows applications to integrate third-party code in a way that preserves data privacy and integrity;
● LIO is a programming environment for building applications that preserve privacy and integrity using a dynamic information-flow control system; and,
● ESpectro is a security architecture for Node.js that provides application-level virtualization for implementing different security mechanisms.
Looking to the future, Prof. Deian Stefan intends to continue his work on secure systems with particular focus on what he calls “least privileged systems,” i.e., applications where code operates using the least set of privileges necessary to complete its function. “One example,” he noted, “is ESpectro, which provides developers with a way to execute untrusted JavaScript in lightweight, isolated compartments, similar to COWL’s browsing contexts.” ESpectro is already being used by Stefan’s startup, GitStar, to provide a framework similar to Hails for server-side JavaScript, and Stefan is investigating how this architecture could be generalized to other language runtimes such as PHP and Python.
“I am generally interested in exploring security mechanisms and policy languages that can allow developers to build secure applications more easily,” said Stefan. “I am also interested in exploring a clean-slate approach to building secure, low-level systems and applications, especially because building secure systems applications is notoriously difficult today.” One possibility, he says, is to design a language that allows programmers to describe system components (e.g., the HTTP parser or logger in the case of a web server, etc.), typed interfaces between the components, and high-level security policies. “Given such a description,” he added, “a compiler can then generate the different isolated components, interfaces between them, and mechanisms to enforce the specified policies.”
Other research areas of interest to Stefan include policy synthesis (he wants to develop tools and design patterns that can help developers specify correct policies more easily), browser security in the form of new browser extension architectures, secure browser engines, and security foundations. Indeed, security foundations have played a crucial role in his systems building: most of the systems Stefan has built have formal Programming Language semantics that allow for formal reasoning about security. “The rise of new application domains, platforms and community building tools such as Stack Exchange has accelerated the speed and willingness of developers to adopt new languages and frameworks,” said Stefan. “There are many longstanding open problems in systems security that can be addressed using programming language methods. I want to continue to tackle these problems in an academic research setting by building practical systems that can leverage ideas from programming languages in novel ways.”
In his most recent publication, Stefan and co-authors from Stanford and Sweden’s Chalmers University of Technology proposed a new, more secure system design for browser extension systems. Their paper, “The Most Dangerous Code in the Browser,” was presented at the 15th UNIX Workshop on Hot Topics in Operating Systems (HotOS), which took place in Switzerland May 18-20, 2015.
Stefan did his undergraduate and Master’s degrees in Electrical Engineering at Cooper Union in New York City, where he worked on GPU and FPGA optimizations for cryptography. To reach Prof. Deian Stefan, email him at deian@cs.stanford.edu.
Deian Stefan website at Stanford
Paper on The Most Dangerous Code in the Browser