Research interests
It is too hard to build trustworthy software systems. I aim for
simple, high-level abstractions that offer programmers strong
guarantees about cross-cutting concerns:
security,
distribution,
extensibility,
persistence.
Active Projects
-
Chair, SIGPLAN Executive Committee.
- Viaduct: Automatically compiling high-level code to secure cryptographic protocols.
- SCIF: a language for building secure smart contracts.
- Gallifrey: A new language for efficient geodistributed programming.
- SecVerilog and ChiselFlow: hardware
description languages for building processors that control timing channels,
such as Hyperflow.
- Constrain,
a JavaScript constraint-based system for drawing animated figures.
- Reduct, a game for teaching programming.
-
Fabric: A language and system for secure, distributed computation, sharing, and storage,
built on Jif: an extended
version of Java that enforces security and privacy by controlling information flow.
- SHErrLoc: The Static Holistic Error Locator
identifies the most likely locations of program errors by analyzing graphs of program constraints.
- JLang, an LLVM back end for
Polyglot,
a widely used, extensible Java compiler front end framework for rapid
experimentation with new language extensions.
-
▸ Undergraduate and MEng research opportunities
-
[Show older projects]
Older Projects
- Awards committees:
ACM Doctoral Dissertation Award Committee, 2015-2018 (2017 chair)
Robin Milner Young Researcher Award Committee, 2019
- Editorial Boards:
- Editor-in-Chief,
ACM Transactions on Programming Languages and Systems (TOPLAS) (2017-2023)
Journal of Computer Security (Co-Editor in Chief, 2013–2016)
ACM Transactions on Computer Systems (2009–2016),
ACM Transactions on Information and System Security (TISSEC, now TOPS)
(2007–2010)
- Program Committees:
General Chair, POPL'23;
PC Chair, POPL 2018
[ report ];
Co-chair, CCS 2016
[report];
Co-chair,
Computer Security Foundations 2010;
Co-chair,
IEEE Symposium on Security & Privacy (Oakland) '09;
Co-chair, Principles of Security and Trust (POST) '15;
PC member,
IEEE S&P (Oakland)
'01,
'04,
'07,
'08,
'09,
'11,
'12,
'15,
'22,
PLDI
'02, '10,
'16 (EPC),
'19 (EPC),
SOSP '01,
'07,
'09,
'11,
CSF/CSFW '04, '06,
'09,
'10,
'15,
'20
Euro S&P 2016
POST'14,
Eurosys'14,
ASPLOS '13, '14 (ERC),
TLDI '09,
PLAS '08,
OOPSLA '06, '19,
'22,
HOTDEP'06,
USENIX Security '06,
FAST'05,
POPL '05,
'12,
'17,
SecDev 2016,
SNAPL '15,
'19,
OSDI '00, '04,
CCS '04,
'12,
'13,
'14,
'16,
'20,
SIGOPS
European Workshop '04,
NDSS'04,
FOOL'00.
-
2010–2012, 2014–2015, 2019–2020:
Cayuga
Heights Elementary School Math Club (4th/5th grade)
-
Familia and Genus: OO languages that improve generic programming and exception handling.
- JMatch: a
Java extension with pattern matching and interruptible iterators
-
Civitas: A practical, secure, remote voting system.
-
Swift: Making web applications secure by construction.
- Jx/J&:
language features for extensible, composable, adaptable software
-
J\Mask: Java extended with masked types for safe, flexible object initialization.
-
SIF: Servlets with secure information flow.
-
STONESOUP: an IARPA-funded study on how to certify and run software of uncertain provenance securely
- DARPA Information Science and Technology Study Group (ISAT), 2005–2008
- Jif/split: a version of Jif that automatically partitions programs
to run securely on a distributed system.
-
J0: Java for novice programmers
- PolyJ: an extended
version of Java that supports parametric polymorphism, freely
available for both Windows and Unix.
- Thor, a
distributed object-oriented database, and Theta,
the internal programming language of Thor. This work provided scalable
techniques for efficiently implementing distributed, persistent
objects and language features such as methods and parametric polymorphism.
-
Organizer,
Dagstuhl seminar on Mobility, Ubiquity, and Security (Feb.'07)
- Invited and keynote talks:
POPL 2013,
ICISS 2010,
FMOODS 2008,
ESOP'05,
PASTE'05,
FMSE 2005
[Show courses taught]
Courses
- Oregon PL Summer School on Foundations of Probabilistic Programming and Security, June 2019.
[ notes ]
- PLDI 2014 Tutorial: The Polyglot Extensible Compiler Framework. June 2014.
-
Oregon PL Summer School on Logic, Languages, Compilation, and Verification, July 2012.
[ notes ]
- Summer School Marktoberdorf 2009: Using Security Policies to Write Secure Software
- PLDI 2006 tutorial: Expressing and Enforcing Security with Programming Languages
-
Oregon Summer School on Software Security, June 2004
- CGO'03 tutorial: Security through Languages and Compilers
- CS211 (2110),
Computers and Programming (S06, F22)
- CS2112,
Data Structures and Object-Oriented Design—Honors (S/F12,S/F14,F15,F19-21)
- CS3110,
Data Structures and Functional Programming (S02–S04,S07,S08,F08) [CS312 Tournaments]
-
CS4120/4121/5120/5121, Introduction to Compilers (S99–S01,F09,F11,S16,S18–23)
- CS513 (5430), System Security (F06)
-
CS6110, Advanced Programming Languages
(F99–F01, F04–F05, F07, S09, S13)
-
CS6113, Language-Based Security (F13,F18)
-
CS 6115, Certified Software Systems (F17)
-
CS711, Advanced Programming Languages Seminar
(F02,
F03)
- Engineering 150 (F04, F06)
- CS754 (7490),
Cornell Systems Lunch (2001–2010) (with E.
Gün Sirer, Paul Francis, Robbert van Renesse)
![[Photo: Andrew Myers]](images/18aug-andrew-cropped.jpeg)