Stay Informed:
Baskin Engineering COVID-19 Information and Resources
Campus Roadmap to Recovery
Zoom Links: Zoom Help | Teaching with Zoom | Zoom Quick Guide

Owen Arden: Faculty

Computer Science and Engineering
Tupelo, Mississippi
Undergraduate Institution: 
Georgia Institute of Technology
Graduate Institution: 
Cornell University
Professor Owen Arden

Owen Arden is an Assistant Professor of Computer Science and Engineering at the Baskin School of Engineering and an expert in language-based security for computer programs. In observance of Cyber Security Awareness Month this October, he spoke with us about his research, current concerns in cyber security, and the simple things we can do to make our online accounts more secure.

How did you become interested in cyber security? 

Even when I was a kid, I was really interested in making computers do things they weren’t supposed to. Back in the ’90s there wasn’t this big awareness of cyber security among people who had computers, and there were these hacker magazines called Phrack and 2600. I loved reading these things and figuring out ways computers could go wrong. It made my parents very nervous when I left these printouts lying around the house… I never really got into any trouble doing that, but it led to my first job at an internet company where I got to learn more about the way we use secure systems. After school, I worked for the National Security Agency for a long time, and it really motivated me to see how important it is to secure computers when lives are on the line.

What is your current research on? 

My research is focused on language-based security. I use techniques from programming language theory and design to build into the programing languages that you design a computer program with to enforce security by construction, so any program you write in that language is going to enforce the confidentiality and integrity policies on the data that it is processing. One of the main tools that I use in a lot of my research is information flow control, which makes sure that not just access to secrets or high-integrity data is controlled, but also the way that it flows through the program. This way, you know that any imputs that are secret are not going to flow into public outputs so that an attacker would be able to learn something just from analyzing the outputs of the program. 

What are the most pressing concerns in cyber security right now?

There are many pressing concerns. You look at the news and there are any number of things that are really challenging. I think one of the things that people are really struggling with right now is what is the right tradeoff between securing the systems that are out there right now and getting more assurance and building better systems for the future. A lot of my research focuses on the long term, asking if we had to start from scratch to some degree, how would we build things that give us really high assurance? One of the big challenges is that it is tough to put a bandaid on a lot of the systems that are out there, so right now we can really only kind of fix things. The real strong security that we all need is going to take some effort and some cost, and industry is only beginning to realize just how much of a change we are going to have to go through to really be serious about cyber security.

What is one thing you wish more people would do to increase cyber security? 

I think the easiest thing people could do is use password managers. Don’t use the same password on all your accounts, and use randomized passwords. Those are really hard to remember, but password managers are really easy to use these days, and they let you keep all of the passwords that you are using for different sites in your computer and automatically fill in forms, so I think it is a great way to give yourself some assurance that even if one of your accounts gets compromised, all of your internet presence won’t be.  

What do you like about doing research at UCSC? 

I really like the people here. I am part of a group of faculty, and we call ourselves the Language Systems and Data lab, or the LSD lab. It is a really creative group of people, and we have different approaches to research, but we all share this idea that there is a principled way to designing systems and designing languages that have certain properties. I also love living in Santa Cruz. I think it is a great place to live and it provides a really good immediate work/life balance because I can go play in the waves or go play in the redwoods while thinking all the deep research thoughts that are on my mind.  

What are you most looking forward to for the coming academic year? 

I am teaching a couple classes that I am excited about. I am teaching Intro to Functional Programing, which is a new course offering this quarter. I am really passionate about functional programming languages because I think it is easier to get them right and easier to prove they are correct. I am also excited about teaching this Compilers class that is happening in the winter. I encourage students who are interested in compilers and languages to take some classes with me, because I love to infect people with programing languages.