Talk: Compositional Security for Decentralized Systems

LIVE STREAM LINK: https://uwmadison.zoom.us/j/93347059428?pwd=M1lkYnZmcGwrR1dNZ0VwcmRtb0JFZz09

Abstract: Systems are increasingly built from a large number of small interconnected components: large microservice architectures, JavaScript modules on a web page, blockchain smart contracts, and more. The disastrous vulnerabilities in smart contracts are a sharp reminder of how difficult it is to write code that is secure in composition with malicious services. This talk explores different techniques for understanding, analyzing, and enforcing security in this challenging setting. I show how tools from programming languages can define and eliminate entire classes of real-world vulnerabilities, like reentrancy, that have led to multiple attacks costing tens of millions of dollars. I also explore how applied cryptography can enable secure composition of systems, bridging gaps in functionality and connecting new and old decentralized systems, like smart contracts and web services. Finally, I discuss how these techniques can combine to apply strong compositional guarantees from high-level security specifications to low-level protocols running on real systems.

Bio: Ethan studies the security of complex systems of interconnected modules that may not trust each other. He brings together techniques from programming languages and applied cryptography to better understand the security needs of such systems. His work designing secure systems and building tools and frameworks to ease their development has won best paper awards and nominations at IEEE S&P and CCS. Ethan is currently a postdoc at the Maryland Cybersecurity Center at the University of Maryland. He earned his PhD from Cornell in 2021 working with Andrew Myers and Ari Juels, and is the recipient of a 2017 NDSEG fellowship.