The CMU-developed Perspectives security add-on for the Firefox web browser has made national news this week, hitting the AP, the San Francisco Chronicle, the BBC, and many other major media outlets, as well as tons of online sites, including Slashdot, CNET, and Ars Technica. The system was developed by Dan Wendlandt and Ethan Jackson (Carnegie Mellon Computer Science Ph.D. student and undergraduate student, respectively), along with their faculty advisors, David Andersen and Adrian Perrig. This was a joint effort between the Computer Science Department and the CyLab.
I find Perspectives to be elegantly simple — one of those mechanisms that makes you think, “Why didn’t I think of that?” (My thesis advisor used to tell me that if something seems obvious but hasn’t been discovered before, then it is probably fundamental. Time will tell whether that applies in this case.) The problem it addresses is the man-in-the-middle attack, something that has become more serious with the widespread use of public wifi hotspots.When a Perspectives-enabled web client tries to access a particular web site, it first securely contacts a trusted “network notary server”. The server contacts the same web site and then compares the public key it sees with the key the client has received. While this isn’t completely foolproof, as a practical matter the key comparison gives very high confidence that a man-in-the-middle attack is or isn’t present.
Thank you, Dan, Ethan, Dave, and Adrian. You’ve made the Internet noticeably safer!
Peter Lee @ August 28, 2008
The weblog of the Computing Community Consortium has an opinion piece by Berkeley’s Dave Patterson, on the need for a major, government-sponsored attack on the so-called multicore challenge. You can read it here. (Note: I am acting essentially as the co-editor of the CCC blog.) Patterson is quite alarmed, making a jab at the “Dead Parallel Computer Society,” and arguing that we really don’t know how to cope with parallelism. His concern: unless we come up with ideas, this will lead to a “slowdown in portions of the US economy.”
I’m less certain about this, but it does seem to me that the most important place to turn for ideas is research in programming languages. Ultimately, it seems likely that software will have to be written intentionally to be parallel, and to have any hope of doing this right we’ll need new languages. Given our tremendous strengths in programming language research, I’m hoping that any future breakthroughs along these lines will have contributions from CMU.
Peter Lee @ August 27, 2008
The CMU Computer Science Department has started a bit of a growth spurt, and one of the areas that is expanding is theoretical computer science. Next week, Venkat Guruswami will be joining us for a one-year visiting appointment. (Personally, I’m hoping he’ll end up staying here permanently!) The combination of Venkat with our recent hiring of Ryan O’Donnell significantly beefs up our research capabilities in complexity theory, algorithms, and related areas. Another important new hire is Andre Platzer, who does superb work in formal methods and particularly in hybrid systems verification; he will be joining us in October.
Of course, this is on top of what is already a pretty strong presence in several theory areas. By my rough count, we will have 12 faculty members who work in algorithms and complexity theory, and 11 who work in applied logic, type theory, and formal verification. Given the demands of the major research problems in such diverse areas as parallel and distributed computing, data-intensive machine learning, software reliability, privacy and security, high-performance networking, computational biology, computational astrophysics, and others, I have no doubt that they will all be kept extremely busy.
Overall, it seems pretty clear that, over the next decade, the best CS departments will be required to have the best theory research. We’ll be working hard to recruit the people we need to do just that.
Peter Lee @ August 26, 2008