Closing the Loop on Secure System Design

Despite decades of research building secure operating systems, many deployed systems must still choose between flexible application APIs and security. As a result, the vast majority of programmers are unable to improve these systems. This is not merely a result of poor system building. It is hard to design highly  extensible systems that are both secure and useful. Moreover, evaluating novel  designs with actual developers is critical in order to make sure system builders  can adopt research systems in practice.

Fortunately, in emerging application domains, such as the Internet of Things, there are no entrenched operating systems and application portability is less important. This makes it possible evaluate research techniques for building more secure and extensible systems with developers who are willing to adopt them.

I'll describe Tock, an operating system for microcontrollers that enables third-party developers to extend the system. Tock uses the Rust type-system to isolate kernel extensions and the hardware to isolate applications. I'll discuss  how we continuously evaluate Tock by engaging with practitioners, and how  lessons from practitioners have fed back into the system's design.

Bio:
Amit Levy is a PhD candidate in Computer Science at Stanford University.  He builds secure operating system kernels, web platforms, and network systems  that help make computers more programmable by third-party application  developers.