Resilient Mission Computer (RMC)

Speaker/Bio

Nathan Burow is a Technical Staff Member at MIT Lincoln Laboratory. His research focuses both on securing legacy C/C++ code through memory safety, control-flow integrity, and shadow stacks, as well as new technologies for building tomorrow's secure system, in particular the combination of safe languages like Rust and new tagged or capability based architectures. When not in front of a computer, Nathan can be found cycling or skiing. He completed his PhD in 2019 at Purdue under Mathias Payer in the HexHive group.

Abstract

Today’s computer systems trace their roots to an era of trusted users and highly constrained hardware. Consequently, their design’s fundamentally emphasize performance and discount security. The seemingly endless war in memory between attackers and defenders, and its collateral damage to users in the form of data breaches, ransomeware, and other malware infecting systems, will continue to rage until we adopt a fundamentally new system architecture that emphasizes security as a first class citizen, and not just performance. The research community has already developed many of the advanced technologies required create such a secure and performant system architecture. Here, we present a vision for how tomorrow’s technologies can co-operate across all layers of modern systems — from hardware through the operating system to user applications — in order to enable performant systems that are immune to the underlying causes of today’s exploits. Put another way, we show how the small steps towards security represented by existing technologies can be combined into one giant leap for the security of computer systems. We are not so naive as to think that this will stop all cyber attacks, however it can dramatically shift the landscape in the defender’s favor. In order jump-start the shift to secure- by-design systems, we highlight both foundational technologies for such systems that require further research, and the research challenges in composing existing security technologies to create a secure system architectures.