Leader, Cyber Physical Architecture Research Group, Information Technology Research Institute,
National Institute of Advanced Industrial Science and Technology (AIST)
Network Protocol and Architecture, Computer Security, Programming Language (Theory, Design and Implementation)
Evolution of "Internet of Things" (IoT) brings us much closer connection between the physical and the "cyber" world. Some expects more than one trillion sensors will be around the connected world in 2030. However, we concern that the current design of the Internet have not enough agility, flexibility, and strength on the aspect of security and management to accommodate such huge numbers of nodes. Such shortcoming might become a critical bottleneck for the evolution of IoT. We are designing a near-future architecture of the Internet, which will provide better security, privacy and flexibility to its users, still preserving open nature of the Internet. We also work on foundational technologies of security/safety validation such as software verification, which will become important bases for the safety of the future cyber-physical society.
These days, security holes caused by program bugs introduces critical situations such as information leakage (e.g. credit card numbers) or service interruptions. I am currently working on safe execution methods of programs.
Especially, I am constructing a Fail-Safe ANSI C Compiler, which prevents all kinds of memory-corruption attacks (such as buffer overrun exploits) for full ANSI C language.
Starting 20 October 2007, I distribute the current implementation of the Fail-safe C Compiler system for interested researchers. For details, please refer to the Fail-Safe C Project homepage.
Software used on the Internet uses several "protocols" in the various level. TCP, TLS, HTTP are the examples for the transport and protocol layer. In addition to those, several web applications implements its own session management systems. Further more, some of the application logics can also be thought as private protocols.
Those protocols, implementations of the protocols, or the implementation of the application itself are tends to contain many bugs or defects, which sometimes cause security vulnerabilities. I analyze such vulnerabilities, report those to the developers, and tries to summarize the fundamental and effective approaches to prevent such vulnerabilities.