"GreenBox: A Trustworthy Software Platform for Untrusted and Compromised Systems"

This event is sponsored by FAMU-FSU Engineering Department of Electrical & Computer Engineering.

Abstract: The 2010 “axioms” of insecurity for commodity software systems explain why such systems are likely to remain vulnerable for the foreseeable future. Recent reports of security breaches confirm this long-standing trend, illustrating high-value penetrations of both business enterprises and government agencies by state-sponsored adversaries, originating primarily from China and Russia. To counter penetrations of endpoint systems (e.g., laptops, desktops, mobile phones) and embedded applications (e.g., energy distribution subsystems and robotic applications), we designed GreenBox, a low-cost trustworthy software platform that withstands any remote adversary attack – even when the underlying operating systems (e.g., Windows, Linux, MacOS, ROS) are fully compromised by zero-day attacks. GreenBox never requires security patches, and all its updates are formally specified and verified; it retains its secure usability on legacy systems and applications; and it is not vulnerable to social engineering attacks that insert malicious software into the underlying operating system and applications. We argue that the one-time cost of achieving GreenBox’s trustworthiness via formal specification and verification is modest and much below the recurrent cost of recovery from typical software breaches.

Dr. Virgil D. Gligor

Professor, Carnegie Mellon University

Speaker Bio: Virgil D. Gligor is a Professor at Carnegie Mellon University, where he directed CyLab, the university’s institute of security and privacy, between 2008 and 2015. Over the past five decades, his research has ranged from access control mechanisms, penetration analysis, and denial-of-service protection to cryptographic protocols and applied cryptography. He was an associate editor of several ACM and IEEE journals and the editor-in-chief of the IEEE Transactions on Dependable and Secure Computing. He received the 2006 National Information Systems Security Award jointly given by NIST and NSA, the 2011 Outstanding Innovation Award of ACM SIGSAC, and the 2013 Technical Achievement Award of IEEE Computer Society. He was inducted into the National Cyber Security Hall of Fame in 2019.