30. July 2019 | Magazine:

The man who made Firefox seven times faster made Humboldt Prize winner Professor Michael Franz at the Institute of Software Engineering and Automotive Informatics

In the summer semesters 2020 and 2021, Professor Michael Franz, who was awarded the Humboldt Research Prize in June, will spend two guest semesters at the Technische Universität Braunschweig. The Professor of Computer Science at the University of California, Irvine, will intensify research and teaching at the Institute of Software Engineering and Vehicle Informatics in the field of IT security and in particular in the field of software diversity.

The topic of software diversity and the related topic of software product lines, meaning software configurable by the customer, are topics that Professor Michael Franz, together with Professor Ina Schaefer and her team at the Institute of Software Engineering and Automotive Informatics, will deal with in the guest semesters. Professor Schaefer knew Professor Franz before and invited the Humboldt Prize winner to her institute in Braunschweig.

Professorin Ina Schaefer vom Institut für Softwaretechnik und Fahrzeuginformatik holt den Humboldt-Preisträger Professor Michael Franz in den Sommersemestern 2020 und 2021 als Gastprofessor an die TU Braunschweig. Bildnachweis: Markus Hörster/TU Braunschweig

Professor Ina Schaefer from the Institute of Software Engineering and Automotive Informatics will bring the Humboldt Prize winner Professor Michael Franz to the TU Braunschweig as a visiting professor in the summer semesters 2020 and 2021. Picture credits: Markus Hörster/TU Braunschweig

 “Security is the more interesting and important problem”

After working in the field of compiler construction for many years, Professor Franz has been working primarily in the field of security for several years. This is the more interesting and important problem, he says. “Nowadays very few people care, whether a computer runs ten percent slower or faster, but many people do care, whether their bank account is looted or their secrets get on the Internet.”

Attackers often only need a single vulnerability in the programming code to gain access to a computer. Defenders, on the other hand, have a hard time because they have to monitor the software as a whole. In addition, the identical software is installed on a very large number of devices, so most software vulnerabilities appear in all copies.

Software diversity as protection against attackers

Professor Franz sees a possible solution in the idea of transferring the biological diversity of nature to the field of software. While a computer virus affects all copies of software equally, pathogens are less effective in nature. They lead to mortality rates far below 90 percent, as not all subjects in a target population are equally susceptible due to their different genetic structure.

Behind the idea of Software Diversity, which Professor Michael Franz has decisively shaped, stands a compiler that automatically generates different variants of the same programme. This way, attackers have a smaller attack surface and therefore it is more difficult to cause damage. The precondition is that the attacker does not know which software variant is running on which target computer.

The next step of Software Diversity is to generate the code while installing the program. The team around Professor Franz developed such a technology and founded the start-up company “Immunant” for it. “We already sold the solution to RunSafe Security, a company that integrates the technology into their product,” rejoices Franz.

But even Software Diversity does not end the cat and mouse game between attackers and defenders. “It’s a battle of intellects,” says Professor Michael Franz. These days, attackers use techniques systematically to circumvent Software Diversity. At the same time, there are also new security measures to prevent this circumvention.

Development of a just-in-time compiler for Firefox

The scientist is particularly proud of the “Trace tree” technology he helped develop, which found its way into Mozilla’s popular Firefox web browser in 2009: “There are not many professors who can say that their developed software has several 100 million users. With the inventor of Java Script, Brendan Eich, who was Mozilla’s CTO (Chief Technical Officer) at the time, Franz talked about his recently developed technology, which is used in so-called just-in-time compilers. These are compilers that translate source code into machine code in real time on the target platform. In his doctoral thesis, he already dealt with how programs can be made portable using just-in-time compilation.

Ten years ago, even Java script inventor Eich was not yet aware of the importance his script language would have. Web apps, meaning programs that run in the browser, such as webmail applications like Google’s Gmail, were only made possible by Java Script. However, since there were no fast compilers at that time, this was only possible with relatively small programs.

At the same time the developers at Mozilla heard that Google was working on its own browser. Chrome was to be shipped with a just-in-time Java Script Compiler. And so Mozilla decided to integrate Professor Franz’s technology into the Firefox browser to avoid losing market share in the browser market. In a joint project with Mozilla, Professor Michael Franz and his team then built a new compiler for Java Script. As a result, Java Script was executed in Firefox seven times faster than before, which is an enormous leap forward in computer technology. The doctoral student Andreas Gal, who Franz worked with, later became CTO of Mozilla. Professor Franz and his team also developed a memory management system for Firefox.

Professor Michael Franz von der University of California, Irvine, der im Juni mit dem Humboldt-Forschungspreis der Alexander von Humboldt Stiftung ausgezeichnet wurde, kommt in den Sommersemestern 2020 und 2021 als Gastprofessor an die TU Braunschweig. Bildnachweis: Markus Hörster/TU Braunschweig

Professor Michael Franz from the University of California, Irvine, who was awarded the Humboldt Research Prize of the Alexander von Humboldt Foundation in June, will be visiting Professor at the TU Braunschweig in the summer semesters 2020 and 2021. Picture credits: Markus Hörster/TU Braunschweig

The Humboldt Research Prize

The Humboldt Research Prize of the Alexander von Humboldt Foundation is endowed with 60,000 euros, making it the highest endowed German research prize for foreign scientists. The award ceremony took place in Berlin in June. In addition to his visiting professorship at the TU Braunschweig, Professor Michael Franz will also work in a laboratory at the TU Berlin dealing with the new 5G mobile radio standard.

About the person: Humboldt Research Prize Winner Professor Michael Franz

Michael Franz studied computer science at ETH Zurich, where he received his doctorate in 1994 under Turing Prize winner Niklaus Wirth. In 1996 he became Assistant Professor at the University of California, Irvine (UCI). In 2001 he was promoted to Associate Professor. Since 2006 he is Professor of Computer Science at the School of Information and Computer Sciences at the UCI, and since 2007 he holds a second chair as Full Professor of Electrical Engineering and Computer Science at the School of Engineering at the UCI. Since 2016 he also holds the title “Chancellor’s Professor”. Professor Franz is a Fellow of the Association for Computing Machinery and the Institute for Electrical and Electronics Engineers (IEEE).