In an untrusted computing environment, assurance of computing systems plays a vital role. Assurance is evidence that a computer system is secure, i.e., obeys its security specification, usually called a security policy. To assure the security of a system, it is important that all of its Trusted Computing Base (TCB) components work as mandated/specified. From the plethora of computing systems for which assurance is in demand, Operating Systems are a special class of systems for which security is vital as that is one of the crucial components of the overall system from which either the security goals can be realized despite threats faced or broken if insecure. To quote from a white paper on IoT security from Wind River (a subsidiary of Intel Corporation), Software security controls need to be introduced at the operating system level, take advantage of the hardware security capabilities now entering the market, and extend up through the device stack to continuously maintain the trusted computing base.  

In building end-to-end secure systems, it is not only important to define the access of information/resources precisely, but also important to clearly define the way the information flows from one subject to subject. The latter is usually referred to as Information Flow Control (IFC) and is very important in the context of building secure systems.  In the workshop, we shall address current research and challenges in building secure end-to-end secure systems.

The broad topics of the lectures would be:

• Security Models: A comparative evaluation
• Language-based Security: information-flow control in imperative languages and platforms for security certification of programs
• Whither Operating Systems Security?
• Online Social Networks: Limitations in Privacy-preservation
• Adapting applications for Blockchains: challenges of correctness & scalability

Faculty, staff and research students involved in ISEA are welcome to participate.

Lectures will be delivered by members of ISRDC, IIT Bombay.