Crispin Cowan, Core OS Security, Microsoft
CTO & Co-Founder, Immunix
|
|
|
Past Projects:
|
Immunix
Projects
|
OGI
Projects
|
|
|
- Immunix:
Adaptive System Survivability
- Heterodyne:
Information Application Survivability
- Quasar:
Quality Specification and Adaptive Resource Management for Distributed
Multimedia Systems
- Synthetix:
Operating System Specialization
- HOPE: A
Programming Model for Optimism
|
Past Teaching
- CSE
527: Principles and oPracticesf System Security (every winter
quarter)
- CSE
521 : Introduction to Computer Architecture (various fall and
spring quarters 1996-1998)
- CSE
585: System Survivability: Staying Available in a Hostile World
(winter 1998)
Community
- Current Program Committees
- NDSS 2008 Program Committee Co-Chair
- Past Committees
Contact
Email: crispin "at" crispincowan.com
Phone: 503-819-2734
Research Interests
My research interests are in pragmatic systems research: giving
systems new capabilities and performance, and doing it well enough that
you can read mail on it. My personal workstation runs my research systems.
For the last four years, my primary interest has been survivability
: how to make existing systems better able to survive
security attacks. With the invaluable help of my team, we have
produced the Immunix OS version of
Linux, featuring the StackGuard C compiler which emits programs
resistant to buffer overflow attacks.
Prior to that, I did work in system specialization for performance,
distributed
programming languages, and computer architecture. I am
interested in enhancing performance in all of these areas by using
concurrency and parallelism.
Research Publications:
Seminal Papers and Notable Papers
"Defcon Capture the Flag: Defending Vulnerable Code from Intense
Attack". Crispin Cowan, Seth Arnold, Steve Beattie, Chris Wright, and
John Viega. Presented at the DARPA DISCEX III Conference,
Washington DC, April 22-24 2003. Paper
and Talk.
"Timing the Application of Security Patches for Optimal Uptime".
Steve
Beattie, Seth Arnold, Crispin Cowan, Perry Wagle, Chris Wright, and
Adam
Shostack. Presented at the USENIX 16th
Systems Administration Conference (LISA 2002), Philadelphia,
PA, December 2002. Postscript.
or ugly PDF.
"Linux Security Modules: General Security Support for the Linux
Kernel". Chris Wright, Crispin Cowan, Stephen Smalley, James Morris,
and
Greg Kroah-Hartman. Presented at the 11th USENIX
Security Symposium, San Francisco, CA, August 2002. PDF.
"Buffer Overflows: Attacks and Defenses for the Vulnerability
of the Decade". Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie,
and Jonathan Walpole. DARPA
Information
Survivability Conference and Expo (DISCEX), Hilton Head Island SC,
January 2000. Also presented as an invited talk at SANS 2000,
Orlando FL, March 2000. PDF.
"StackGuard:
Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks".
Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Peat Bakke, Steve
Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. Published in
the proceedings of the 7th
USENIX Security Symposium, January 1998, San Antonio,
TX. PDF.
Journal Papers and Book Chapters
"Survivability: Synergizing Security and Reliability". Crispin
Cowan. Book chapter in "Advances in Computers", Marvin V. Zelkowitz
editing, Academic Press, 2004. Buy "Advances
in Computers" 60 here. Chapter here PDF.
"Software Security for Open Source Systems". Crispin Cowan. IEEE Security & Privacy
Magazine, February 2003, Volume 1, Number
1, pages 35-48. PDF.
"Specialization Tools and Techniques for Systematic Optimization of
System Software". Dylan McNamee, Jonathan Walpole, Calton Pu, Crispin
Cowan, Charles Krasic, Ashvin Goel, Perry Wagle, Charles Consel, Gilles
Muller, Renauld Marlet.ACM
Transactions on Computer Systems, Volume 19, Issue 2, May 2001. PDF.
"Adaptive
Methods for Distributed Video Presentation". Crispin Cowan, Shanwei Cen, Jonathan Walpole, and Calton
Pu. Computing Surveys Symposium on Multimedia, December 1995,
Volume 27, Number 4, pages 580-583.
Conference Papers
"PointGuard: Protecting Pointers From Buffer Overflow Vulnerabilities".
Crispin Cowan, Steve Beattie, John Johansen and Perry Wagle. Presented
at the 12th
USENIX Security Symposium, Washington DC, August 4-8, 2003. Paper and Talk.
"Defcon Capture the Flag: Defending Vulnerable Code from Intense
Attack". Crispin Cowan, Seth Arnold, Steve Beattie, Chris Wright, and
John Viega. Presented at the DARPA DISCEX III Conference,
Washington DC, April 22-24 2003. Paper
and Talk.
"Timing the Application of Security Patches for Optimal Uptime".
Steve
Beattie, Seth Arnold, Crispin Cowan, Perry Wagle, Chris Wright, and
Adam
Shostack. Presented at the USENIX 16th
Systems Administration Conference (LISA 2002), Philadelphia,
PA, December 2002. Postscript.
or ugly PDF.
"Linux Security Modules: General Security Support for the Linux
Kernel". Chris Wright, Crispin Cowan, Stephen Smalley, James Morris,
and
Greg Kroah-Hartman. Presented at the 11th USENIX
Security Symposium, San Francisco, CA, August 2002. PDF.
"Linux Security Module Framework". Chris Wright, Crispin Cowan,
Stephen Smalley, James Morris, and Greg Kroah-Hartman. Presented at the
2002 Ottawa Linux
Symposium,
Ottawa, Canada, June 2002. PDF.
"RaceGuard: Kernel Protection From Temporary File Race
Vulnerabilities". Crispin Cowan, Steve Beattie, Chris Wright, and Greg
Kroah-Hartman. Presented at the 10th USENIX
Security Symposium, Washington DC, August 2001. PDF.
"FormatGuard: Automatic Protection From printf Format
String
Vulnerabilities". Crispin Cowan, Matt Barringer, Steve Beattie, Greg
Kroah-Hartman, Mike Frantzen, and Jamie Lokier. Presented at the 10th USENIX
Security Symposium, Washington DC, August 2001. PDF.
"SubDomain: Parsimonious Server Security". Crispin Cowan, Steve
Beattie, Greg Kroah-Hartman, Calton Pu, Perry Wagle, and Virgil
Gligor. Presented at the USENIX 14th
Systems Administration Conference (LISA 2000), New Orleans,
LA,
December 2000. PDF.
"The Cracker Patch Choice: An Analysis of Post Hoc Security
Techniques". Crispin Cowan, Heather Hinton, Calton Pu, and
Jonathan Walpole. Presented at the National Information Systems
Security Conference (NISSC), Baltimore MD, October 16-19 2000. PDF.
"Buffer Overflows: Attacks and Defenses for the Vulnerability
of the Decade". Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie,
and Jonathan Walpole. DARPA
Information
Survivability Conference and Expo (DISCEX), Hilton Head Island SC,
January 2000. Also presented as an invited talk at SANS 2000,
Orlando FL, March 2000. PDF.
"Protecting Systems from Stack Smashing Attacks with
StackGuard". Crispin Cowan, Steve Beattie, Ryan Finnin Day,
Calton
Pu, Perry Wagle, and Erik Walthinsen. Presented at the Linux Expo, Raleigh, NC, May
18-22, 1999. PDF.
"Survivability From a Sow's Ear: The Retrofit Security Requirement".
Crispin Cowan and Calton Pu. Presented at the 2nd
Information Survivability Workshop, 1998. Postscript
38 KB, PDF
23
KB.
"Death, Taxes, and Imperfect Software: Surviving the Inevitable".
Crispin Cowan, Calton Pu, and Heather Hinton. Presented at the New Security
Paradigms Workshop 1998. Postscript
130 KB, PDF
92 KB.
"StackGuard:
Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks".
Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Peat Bakke, Steve
Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. Published in
the proceedings of the 7th
USENIX Security Symposium, January 1998, San Antonio,
TX. PDF.
"Declarative Specialization of Object-Oriented Programs".
Eugen-Nicolae Volanschi, Charles Consel, Gilles Muller, Crispin Cowan.
Published in the proceedings of the Conference on Object-Oriented
Programming Systems, Languages, and Applications (OOPSLA'97), October
1997, Atlanta, GA. PDF or PS.GZ.
"Microlanguages for Operating System Specialization". Calton
Pu, Andrew Black, Crispin Cowan, and Jonathan Walpole. Published in the
Proceedings of the SIGPLAN Workshop on Domain-Specific Languages,
January 1997, Paris, France.
"A Specialization Toolkit to Increase the Diversity of Operating
Systems". Calton Pu, Andrew Black, Crispin Cowan, and Jonathan
Walpole. Published in the proceedings of the 1996 ICMAS
Workshop on Immunity-Based Systems, December 1996, Nara, Japan.
"Specialization Classes: An Object Framework for
Specialization". Crispin Cowan, Andrew Black, Charles Krasic,
Calton Pu, Jonathan Walpole, Charles Consel, and Eugen-Nicolae
Volanschi. Published in the proceedings of the Fifth International
Workshop on Object-Orientation in Operating Systems (IWOOOS'96),
October 27-28, 1996, Seattle, WA. PDF or PS.GZ.
"Managing Adaptive Presentation Executions in Distributed Multimedia
Database Systems". Heiko Thimm, Wolfgang Klas, Jonathan Walpole, Calton
Pu, and Crispin Cowan. International Workshop on Multimedia Database
Management Systems (IWMMDBMS96), August 1996.
"A
Wait-free Algorithm for Optimistic Programming: HOPE Realized".
Crispin Cowan and Hanan
Lutfiyya, Published in the proceedings of the 16th
International Conference on Distributed Computing Systems (ICDCS'96)
May 27-30, 1996, Hong Kong.
"Fast
Concurrent Dynamic Linking for an Adaptive Operating System".
Crispin Cowan, Charles Krasic, Calton Pu, and Jonathan Walpole.
Presented at the International conference on Configurable
Distributed Systems (ICCDS'96), May 6-8, 1996, Annapolis, MD.
"Optimistic
Incremental Specialization: Streamlining a Commercial Operating System".Calton Pu, Tito Autrey, Andrew Black, Charles
Consel, Crispin Cowan, Jon
Inouye, Lakshmi Kethana,Jonathan Walpole, and Ke Zhang. Published in the
proceedings of the 15th
ACM Symposium on Operating Systems Principles (SOSP'95),
December 3-6, 1995, Copper Mountain, Colorado.
"Formal
Semantics for Expressing Optimism: The Meaning of HOPE". Crispin
Cowan and Hanan Lutfiyya,
Published in the proceedings of the 14th
Symposium on Principles of Distributed Computing (PODC'95), pages
164-173, August 20-23, 1995, Ottawa, Ontario.
"Performance
Benefits of Optimistic Programming: A Measure of HOPE". Crispin
Cowan, Hanan Lutfiyya,
and Mike Bauer,
Published in the proceedings of the Fourth IEEE International
Symposium on High-Performance Distributed Computing (HPDC-4), pages
197-204, August 2-4, 1995, Pentagon City, Virginia.
"A
Distributed Real-Time MPEG Video Audio Player". Shanwei Cen, Calton Pu, Richard Staehli, Crispin
Cowan and Jonathan Walpole.
Published in the proceedings of the Fifth International Workshop
on Network and Operating System Support of Digital Audio and Video
(NOSSDAV'95), April 18-21, 1995. Durham, New Hampshire, USA.
"Optimistic
Language Constructs". Hanan Lutfiyya and
Crispin Cowan. Presented at the ICSE-17 Workshop on Research
Issues in the Intersection of Software Engineering and Programming
Languages, Seattle, WA, April 1995.
"Optimistic
Programming in PVM", Crispin Cowan. 1994 PVM Users' Group
Meeting,
Oak Ridge, TN, May 1994.
"Increasing
Concurrency Through Optimism: A Reason for HOPE", Crispin Cowan, Hanan Lutfiyya, and Mike Bauer, 1994
ACM Computer Science Conference, Phoenix, AZ, March 1994.
"Optimistic
Replication in HOPE", Crispin Cowan, Proceedings of the 1992
CAS
Conference, Toronto, Ontario, November 1992.
"Architectural Support for
Lightweight Tasking in the Sylvan Multiprocessor System",F.J.
Burkowski, C.L.A.
Clarke, Crispin Cowan, and G.J. Vreugdenhil, Symposium
on Experience with Distributed and Multiprocessor Systems (SEDMS II),
Atlanta, GA, March 1991.
Technical Reports
Crispin Cowan, Dylan McNamee, Andrew Black, Calton Pu, Jonathan
Walpole. "A Toolkit for Specializating Production Operating System
Code", OGI Technical Report CSE-97-004, March 1997.
Crispin Cowan, "NIW:
A Simple Superscalar Architecture".
Hobbies:
- Geek Interests
- computer architecture, operating systems, programming languages,
and science fiction
- Non-geek Interests
- Real ale, sailing, and snowboarding
- Trendoid Interests
- Rollerblading, alternative music