Tenure-track Researcher, Centrum Wiskunde & Informatica (CWI)
Dr. Chenglu Jin, is a tenure-track researcher in the Computer Security Group at Centrum Wiskunde & Informatica, the national research institute for mathematics and computer science in the Netherlands.
Before joining CWI Amsterdam, he worked as a research assistant professor at New York University.
He obtained his Ph.D. degree in Electrical Engineering at the University of Connecticut in 2019. His research interests are cyber-physical system security, hardware security, and applied cryptography.
The Computer Security (CSY) research group was established on June 1, 2020. Chenglu represents the whole Computer Security group in this PhD Workshop.
The broad landscape of information security research studies how to securely store data (in for example database systems and file systems), how to securely communicate data (by using appropriate communication protocols with security measures in place), how to execute sensitive application code or systems (this can be a smart grid, or an industrial control system, or an execution on a multicore processor, etc.).
Security guarantees are fundamentally bootstrapped from something secret (like a secret key not known to an adversary). Crypto primitives and protocols, secure hardware design, communication firewalls, etc. are all used to bootstrap a secure application execution and engender a broader sense of trust. It also relies on the assumption that software and hardware are correctly implemented.
Computer security research is about how data can be stored, computed on, and communicated in such a way that no sensitive information about the data leaks (we require confidentiality) and that the integrity of information extracted from the data in the form of a computation can be trusted (we require authenticity and freshness). In addition, the identity of those who outsource computation or initiate communication may need to remain private (anonymity).
Security guarantees need to survive hostile adversarial environments where attackers may not only observe digital communication and (analogue) side channels but also tamper with, damage, or impersonate hardware, software, or digital data with the purpose to misdirect or disrupt the computation or communication.
Attackers can be classified in adversarial models that define collections of available adversarial capabilities. These capabilities may be restricted in that an adversary may only have remote access to a computing system rather than physical access, may have certain storage or computation limitations, may have restrictions with respect to which intermediate computations or communicated information between system modules can be observed, etc.
The more powerful physical attacker (which goes beyond the remote adversary) also has direct access to, e.g., the address bus or power side channel. In general, we may already assume an adversarial model where the adversary has a footprint in the Operating System (OS) of a computational environment (because the large code base of an OS cannot be assumed safe, as in not having exploitable bugs).
We can consider the attack surface of a computing system/environment as a collection of attack points to which an adversary has access. To harden the security of a system:
One general theme in our computer security research is how to design a secure computing environment bootstrapped from a minimal/small TCB. This means that if a user outsources a computation to such an environment, then the environment should provide security in that it does not create additional attack points that can be exploited by an adversary (within the set of capabilities as defined by the considered adversarial model). In particular, a remote user of the secure computing environment is assured that the environment does not weaken the security posture of executed code. This does not imply that the environment improves the security posture of the executed code: The code itself with its I/O interactions to the world outside the secure computing environment is the responsibility of the code developer and may still be vulnerable to attacks (such as a buffer overflow exploit).
Our aim is to bring rigorous cryptographic thinking to security engineering. This includes mathematical modeling of adversarial capabilities leading to definitional frameworks that allow mathematical proofs of security guarantees. In the typical defender-adversarial setting, new security solutions are motivated by strong adversarial models and/or limited resources available for implementing defense strategies (due to practical requirements). This may lead to new security primitives that can be used in wider contexts. Our research spans computational environments ranging from secure cloud computing (distributed computing) to embedded system security (in cyber-physical systems).
The group’s research has four pillars: