![[AIST]](/y.oiwa/data/symbolaist120x22lg.gif)
![[RISEC]](/y.oiwa/data/RISEC-Logo-RGB-H20px.png){kind=logo}
I've updated my OpenPGP key on 1 July 2009. Please fetch the newer key from my PGPKeys page.
Leader, Research Group for Software Reliability, Research Institute for Secure Systems (RISEC), National Institute of Advanced Industrial Science and Technology (AIST) (from April 2005)
Programming Language (Theory, Design and Implementation), Computer Security, Network Protocol
These days, security holes caused by program bugs introduces critical situations such as information leakage (e.g. credit card numbers) or service interruptions. I am currently working on safe execution methods of programs.
Especially, I am constructing a Fail-Safe ANSI C Compiler, which prevents all kinds of memory-corruption attacks (such as buffer overrun exploits) for full ANSI C language.
Starting 20 October 2007, I distribute the current implementation of the Fail-safe C Compiler system for interested researchers. For details, please refer to the Fail-Safe C Project homepage.
Software used on the Internet uses several "protocols" in the various level. TCP, TLS, HTTP are the examples for the transport and protocol layer. In addition to those, several web applications implements its own session management systems. Further more, some of the application logics can also be thought as private protocols.
Those protocols, implementations of the protocols, or the implementation of the application itself are tends to contain many bugs or defects, which sometimes cause security vulnerabilities. I analyze such vulnerabilities, report those to the developers, and tries to summarize the fundamental and effective approaches to prevent such vulnerabilities.