Security practitioners have experience building security mechanisms, be they cryptographic protocols, buffer overflow protections, or access control systems, but are far less familiar with designing security policies for these mechanisms to enforce. This talk will cover some of my recent policy work as applied to web browsers, digital rights management, and medical privacy. For web browsers, we analyzed existing security policies for frame navigation and implemented an improved, principled policy, which has been adopted in both Safari 3.1 and Firefox 3. By analyzing DRM systems, we uncovered several anomalies in an industrial license language and applied linear logic to provide a rigorous foundation for improvements to the language. In the privacy arena, we developed a formal language for expressing privacy regulations such as HIPAA, which governs medical privacy.
Adam is currently a full-time Ph.D. student in the Computer Science Department at Stanford University. He received his M.S. in Computer Science from Stanford in the summer of 2005. In May 2003, Adam graduated magna cum laude from Cornell University with a B.A. in Mathematics and Computer Science.