A genius approach to web security

dawn_song.top.jpgSong in a study area in her Berkeley office By Michael V. Copeland, senior writer

FORTUNE -- The prototypical computer security expert is some ponytailed guy with a three-day beard and an uncomfortable habit of telling hacker war stories that make you scared to go online for weeks. Then there's Dawn Song, a 36-year-old associate professor at the University of California at Berkeley and a MacArthur Foundation fellow (also known as a MacArthur genius). With her broad smile and laugh, Song puts a visitor at ease, then begins mapping the Internet out on a whiteboard. The whole genius thing quickly becomes apparent.

Song and her research team aren't looking to simply patch holes in the Internet that online baddies are constantly trying to penetrate. She takes a more holistic approach, designing technology tools that can act as building blocks for an overall secure computing experience -- on any device. The proliferation of smartphones and tablets means more people are trying to share sensitive information via the public Internet instead of private networks, a practice that makes Song shudder. "If I have uploaded my data naively into the cloud, the best I can do now is cross my fingers and hope that whoever is storing my data is doing a good job with their security," she says.

By studying the underlying patterns of how software, hardware, and networks interact, Song has become expert at understanding the flow of both "good" data and ill-intentioned hacks. Song's groundbreaking research has become the basis for two important platforms: BitBlaze, which analyzes malicious software code, and WebBlaze, which focuses on defending web-based applications and services against it. (The WebBlaze approach has been used in the design of mainstream web browsers.) Song is also working on the privacy side of things, so that people can trace where their sensitive data have been and know that it is either secure or has been sold or breached.

Song's hope is that BitBlaze, WebBlaze, and her privacy initiatives become fundamental Internet tools that are deployed when any person or company builds a new cloud-based service or overhauls an existing one. Her team is working on commercial versions of the security platforms that would offer custom analysis to paying customers.

Song is no fear monger, but she stresses that the risks are mounting as everything -- phones, tablets, even wireless health-monitoring gadgets -- gets connected to the web. "We are always playing catch-up," she admits. But if Song and her team are successful, consumers and companies won't have to simply keep their fingers crossed -- and she may even put a few of those ponytailed security experts out of business.  To top of page