Vis nyhed

WHAT DOES IT MEAN FOR A COMPUTER SYSTEM TO BE SECURE?

Associate Professor Aslan Askarov has substituted Harvard University with Aarhus University to become part of the research group in Logic and Semantics.

By Anders Kilgast Jensen

In august 2014, Aslan Askarov was appointed associate professor at the Department of Computer Science. He will teach the compilation course about the theory of translating programming languages, and be part of the research group in Logic and Semantics.

- The Logic and Semantics group is mainly looking at the foundations of programming languages and programming logics for reasoning about programs in general. My expertise is more on the security side, so I’ll give some complimentary background on how to use these powerful techniques, says Aslan Askarov.

Research in computer security and sensitive data

Computer security is a massive challenge. We often run third-party applications that access our personal data, but when are we really sure what information gets shared? This is one of the main interests of Aslan Askarov’s research.

- My general research area is principal approaches to computer security, where we can understand what it means for a computer system to be secure.  It’s highly relevant because it is something we have to make sure we’re getting right. No one wants to have their confidential data compromised, he points out.

Consider, for example, an application on your smartphone.  The application can access your contact data, which might be confidential information. The application may only use the data for internal reasons, but it is very difficult, as a consumer, to understand what happens after the application accesses the data.

Aslan Askarov studies the security of the different systems that access such data.

-We analyze programs that may access sensitive data, and by analyzing the programs we can understand if it satisfies our security requirements. By looking into the program code, we can understand if it is actually coherent to the security policy, or if we otherwise should reject the program as insecure, he explains.

Checking up on application security requirements

As another example, consider an application that promises to delete your data. But does that mean the application will not be able to see it; does it mean that your mobile provider won’t be able to access it, or does it mean that if someone steals your phone, they can’t recover the data?

-If you delete a message on your phone, there are other pieces of information in the system connected to it, he points out.

This security issue is called information erasure. It is a highly relevant and interesting issue, as mobile users have certain expectations about security requirements. Users may want to make sure the information is erased from the system, and not just the data itself, but what is connected to it.

-My research focuses on understanding if we can build systems with such security requirements, or to see if we can find security violations in the implementations, says Aslan Askarov.

Detecting security flaws

Some of his previous research has gone into understanding the security aspects of systems known as timing channels, and coming up with techniques for mitigating them.

-An example of a timing channel is; if I ask you today how you are doing, you respond immediately that you are fine. I then ask you again tomorrow, and it takes you ten seconds to reply. In both cases your answer is the same, but the amount of time it takes you to provide the answer is different, he points out.

By making control inquiries like this, it is possible to detect security flaws in a system. Aslan Askarov explains how.

- Because of the delay, I can deduce that something is different. It’s principally the same with computer systems. They may produce the same events, but the time it takes to produce the event may depend on information, that we don’t necessarily realize is being leaked.

Aslan Askarov in brief

Before being appointed associate professor at Aarhus University, Aslan Askarov was a postdoctoral fellow at Harvard University, 2012-14.

He became a Bachelor of Science in Applied Mathematics in 2002, at the Baku State University in Azerbaijan. In 2005 he got his Master’s Degree in Computer Science at the Chalmers University of  Technology, Göteborg.

In 2009 Aslan Askarov became PhD in Computer Science at Chalmers University of Technology, before being a Postdoc at Cornell University, Ithaca, NY, 2009-11.