Bryan Parno is an associate professor with a joint appointment in the Computer Science, and the Electrical and Computer Engineering departments. His research is primarily focused on investigating long-term, fundamental improvements in how to design and build secure systems. As a result, his work combines theory and practice to provide formal, rigorous security guarantees about concrete systems, with an emphasis on creating solid foundations for practical solutions.
Designing and Building Provably Secure Systems
2010 Ph.D., Electrical and Computer Engineering, Carnegie Mellon University
2005 MA, Electrical and Computer Engineering, Carnegie Mellon University
2004 BA, Computer Science, Harvard University
- authentication and passwords
- cloud security
- computer engineering
- computer security
- data security and privacy
- distributed systems
- Formal methods
- formal methods for security
- hardware security
- Internet of Things (IoT)
- ML and AI
- network security
- operating systems
- protocol security
- secure systems
- security of AI and ML
- software security
- systems security
- Usability and human behavior
Provably-secure code incorporated into Linux kernel
This month, code from the provably correct and secure “EverCrypt” cryptographic library, which CyLab’s Bryan Parno and his team helped develop and release last year, was officially incorporated into the Linux kernel — the core of the Linux operating system.
Computer Business Review
Parno collaborates on cryptographic provider and library
Team Everest, a joint Microsoft-academia collaboration, recently released a cryptographic provider and library called EverCrypt. ECE’s Bryan Parno, who worked on the project, says that it has “the same features, convenience, and performance as popular existing cryptographic libraries without the bugs that leave protocols and applications vulnerable.”
Achieving provably-secure encryption
Earlier this week, a team consisting of researchers from CyLab released the world’s first verifiably secure industrial-strength cryptographic library—a set of code that can be used to protect data and is guaranteed to protect against the most popular classes of cyberattacks.
Parno quoted in PopSci on end-to-end encryption
End-to-end encryption is essential to privacy. But as Facebook begins to incorporate encryption into its messaging services, it’s important to consider the caveats that come with it. ECE’s Bryan Parno weighs in on the conversation in Popular Science.
Parno develops Vale to mathematically verify code security
ECE/CyLab’s Bryan Parno, in collaboration with his Ph.D. student and researchers from Microsoft, has developed a programming tool called “Vale.” The tool can mathematically verify the security of low-level assembly code, such as the cryptographic code that runs when one browses the Internet. Vale can verify security up to 10 times faster than other tools without sacrificing performance.
Building a verifiably-secure internet
In security, almost nothing is guaranteed. It's impossible to test the infinite ways a criminal hacker may penetrate a proverbial firewall. But what if, by the laws of mathematics, something could be proven to be secure without running an infinite number of test cases?
Reducing complexity to increase security
Carnegie Mellon University team receives $7.5M ONR grant for software complexity reduction, or simplifying complex internet protocols to build greater security.
The Wall Street Journal
Parno quoted by WSJ on Intel chip flaws
CyLab/ECE’s Bryan Parno was quoted about a jump in computer hardware security papers submitted to an IEEE conference in response to Intel's Spectre and Meltdown chip flaws.
The CONIX Center is creating the architecture for networked computing to better connect edge devices to the cloud in the IoT.
CyLab’s Bryan Parno receives 2018 Sloan Research Fellowship
CyLab’s Bryan Parno is one of five Carnegie Mellon recipients of the 2018 Sloan Research Fellowship.
Parno quoted on Chronicle, Alphabet's newest cybersecurity company
Although machine learning is a powerful tool, ECE/CyLab’s Bryan Parno says in an article for Popular Science that, historically, its been challenging to use for security problems.