Asst Professor, Computer Science and Engineering
Faculty, Computer Science and Engineering
Building principled and practical secure systems, cryptography, confinement, information flow control, web application security, and programming languages.
Deian Stefan will continue his work on secure systems with particular focus on what he calls “least privileged systems,” i.e., systems where code operates using the least set of privileges necessary to complete its function. He is generally interested in exploring language-level security mechanisms and policy languages that can allow average developers to build secure applications more easily. He is also interested in exploring a clean-slate approach to building secure, low-level systems and applications (e.g., remote shells and web servers), even if building secure systems applications is notoriously difficult. One possibility, he says, is to design a language that allows programmers to describe system components (HTTP parser, logger, etc.), typed interfaces between the components, and high-level security policies. Given such a description, a compiler can then generate the different application components and security-enforcement mechanisms.
Other research areas of interest to Stefan include policy synthesis (developing tools and paradigms that can help developers specify correct policies more easily), browser-extension security architectures, secure browser-engine designs, and security foundations.
In his most recent publication, Stefan and co-authors from Stanford and Sweden’s Chalmers University of Technology proposed a better system for the creation of browser extensions. Their paper, “The Most Dangerous Code in the Browser,” was presented at the 15th UNIX Workshop on Hot Topics in Operating Systems (HotOS), which took place in Switzerland May 18-20, 2015.
Stefan earned a Ph.D. in Computer Science from Stanford University. His dissertation focused on “Principled and Practical Web Application Security,” under advisors David Mazières of Stanford’s Secure Computer Systems Lab and John C. Mitchell in the Security Lab. Stefan co-founded GitStar, a start-up that provides web developers with tools for building applications with minimal trust in November 2014 and is the company’s President and Chief Scientist. Stefan earned his undergraduate and master’s degrees in Electrical Engineering at Cooper Union in New York City, where he worked on GPU and FPGA optimizations for cryptography.