Nobody imagined back in the Internet’s dinosaur days how perilous cyberspace would one day become. Or that things called worms and viruses would soon become high-tech menaces.
“In 2003 the Sapphire Slammer Worm was released, and we estimate that it infected 90 percent of the infectable hosts within 10 minutes,” says Kevin Hamlen, an assistant professor of computer science at UT Dallas’s Jonsson School of Engineering & Computer Science. “All sorts of problems like that are going on, and we don’t have any adequate means of defending people.”
The root of the problem is that almost all the software being used is written in programming languages that are inherently unsafe.
“It’s extremely difficult to write a program that does not have vulnerabilities in it, mainly because these languages were designed in the ‘70s and early ‘80s, when nobody was thinking about computer security,” he adds.
Even though safer languages have been developed, quickly transitioning to them just isn’t feasible, especially when the software industry is still deeply ensconced in the old languages.
And so Dr. Hamlen and about 100 other people nationwide have dedicated themselves to the developing field of language-based security. Rather than trying to change the computer world, their goal is making that world safer within existing parameters.
“I’m trying to take those techniques that have evolved in program language theory design and apply them to the legacy codes,” he explains.
As an undergraduate, Dr. Hamlen studied programming language theory at Carnegie Mellon University, where his honors thesis concerned using programming language theory to generate proofs of correctness for code. Then, while doing his graduate work at Cornell University, one of his professors became intrigued by the idea of using these theories for security.
Dr. Hamlen and about 100 other people nationwide have dedicated themselves to the developing field of language-based security. Rather than trying to change the computer world, their goal is making that world safer within existing parameters.
The concept was a revelation to Dr. Hamlen.
“I thought they were just good for inventing programming languages,” he recalls. And his focus then turned to this new field of research.
Among the advances Dr. Hamlen has helped develop is Mobile, an extension of the .NET Common Intermediate Language.
“It takes an arbitrary program that has been compiled using the Microsoft .NET framework and analyzes it and modifies it to eliminate security vulnerabilities,” he says. “It not only generates new codes that are safe to execute, it also generates a proof of correctness for that new code. It’s a general paradigm that applies to all sorts of software development.”
In its current incarnation Mobile still has limitations, operating only with a certain subset of Microsoft .NET programs. But Dr. Hamlen and his graduate students are working to increase its capabilities.
Since joining UT Dallas in 2006, he’s been particularly gratified by the enthusiasm his students have shown for the research he’s leading. And he says UT Dallas is an ideal venue for his interests because of its strengths in both programming languages and data security.
“My research bridges the gap between the two groups,” he says.
