“Developing Automated Analysis Tools for Space/Time Sidechannel Detection.”
Secure development is now more than just avoiding buffer overruns, SQL injections, and so on. It’s about recognizing new classes of vulnerabilities. Secure software development has evolved over the last 20 years, but we’re still looking for the same types of problems:
- First generation (buffer overflow,SQL injection, and so on) are well understood.
- Second order issues (side channels, algorithmic exploits) are much more difficult to find and understand.
Jeremy Epstein joined DARPA’s Information Innovation Office (I2O) in 2016 as a program manager. He currently leads the Space/Time Analysis for Cybersecurity (STAC) and Brandeis programs, and is working on defining new programs. Prior to joining DARPA, he spent four years leading the National Science Foundation’s Secure and Trustworthy Cyberspace (SaTC) program. His research interests include voting system security and software assurance. He’s associate editor in chief of IEEE Security & Privacy magazine, and founder of ACSA’s Scholarships for Women Studying Information Security (SWSIS).
