Research Interests

I study decentralized security with a focus on using programming language theory and design to build decentralized applications that are secure by construction. My research includes both foundational and practical contributions, from developing novel, more expressive security models and formalized programming languages, to building secure decentralized systems and compilers.

Recent publications

  1. Unstick Yourself: Recoverable Byzantine Fault Tolerant Services
    Improving the recoverability of Byzantine fault tolerant protocols.
    Tran, Tuan and Nawab, Faisal and Alvaro, Peter and Arden, Owen
  2. Applying consensus and replication securely with FLAQR
    A formal language for building application-level consensus and replication protocols that are secure by construction.
    CSF’22   Distinguished paper award
    Mondal, Priyanka and Algehed, Maximilian and Arden, Owen
  3. Payment Channels Under Network Congestion
    Addressing congestion attacks in payment channel networks.
    ICBC’22 (short paper)
    Tran, Tuan and Zheng, Haofan and Alvaro, Peter and Arden, Owen
  4. Total Eclipse of the Enclave: Detecting Eclipse Attacks From Inside TEEs
    Using difficulty monitoring to reliably detect extended eclipse attacks, even when the adversary controls all network connectivity.
    ICBC’21 (short paper)
    Zheng, Haofan and Tran, Tuan and Arden, Owen
  5. Secure Distributed Applications the Decent Way
    A framework for building secure decentralized applications with trusted execution environments and remote attestation.
    Zheng, Haofan and Arden, Owen
  6. AttkFinder: Discovering Attack Vectors in PLC Programs Using Information Flow Analysis
    Using information flow analysis to discover attack vectors in industrial control systems.
    Castellanos, John H. and Ochoa, Martin and Cardenas, Alvaro A. and Arden, Owen and Zhou, Jianying
  7. A Calculus for Flow-Limited Authorization: Expanded Technical Report
    A core programming model that uses flow-limited authorization to provide end-to-end information security to dynamic authorization mechanisms and programs that use them.
    Technical Report   Revised, corrected, and expanded version of CSF’16 paper
    Arden, Owen and Gollamudi, Anitha and Cecchetti, Ethan and Chong, Stephen and Myers, Andrew C
  8. First-Order Logic for Flow-Limited Authorization
    A logic for reasoning about authorization decisions in the presence of information-flow policies.
    Hirsch, Andrew K. and Azevedo de Amorim, Pedro Henrique and Cecchetti, Ethan and Tate, Ross and Arden, Owen
  9. AnyLog: a Grand Unification of the Internet of Things
    A new vision for a completely decentralized, ownerless platform for sharing structured data.
    Abadi, Daniel and Arden, Owen and Nawab, Faisal and Shadmon, Moshe
  10. Information flow control for distributed trusted execution environments
    DFLATE offers high-level security abstractions that reflect both the guarantees and limitations of the TEE security mechanisms.
    Gollamudi, Anitha and Chong, Stephen and Arden, Owen
  11. Nonmalleable Information Flow Control
    A new 4-safety hyperproperty for secure declassification and endorsement and a type system for enforcing it.
    CCS’17   Best paper finalist (11 finalists out of 151 accepted papers).
    Cecchetti, Ethan and Myers, Andrew C. and Arden, Owen
  12. Fabric: Building Open Distributed Systems Securely by Construction
    A secure, decentralized, and distributed programming language and system.
    Liu, Jed and Arden, Owen and George, Michael D. and Myers, Andrew C.
  13. Cryptographically Secure Information Flow Control on Key-Value Stores
    An information flow control system that transparently incorporates cryptography to enforce confidentiality and integrity policies on untrusted storage.
    Waye, Lucas and Buiras, Pablo and Arden, Owen and Russo, Alejandro and Chong, Stephen

Owen Arden

Current PhD students

Haofan Zheng

Priyanka Mondal

Roy Shadmon

Tuan Tran (co-advised with Peter Alvaro)

Current Projects

Secure decentralized applications with Trusted Execution Environments.

Flow-limited authorization for Haskell

Flow-limited authorization
An expressive new security model that unifies authorization and information flow control.

Practical static information flow control for Scala Spark applications.

Resilient consensus protocols using re-configuration.

Proximal Consensus
Responsive, fault-tolerant data pipelines at the edge.

Previous Projects

A language and runtime for enforcing information flow control in federated applications.

Information flow control for Java

An extensible Java compiler framework