Michael Franz


Michael Franz is an American computer scientist best known for his pioneering work on just-in-time compilation and optimisation and on artificial software diversity. He is a Chancellor's Professor of Computer Science in the Donald Bren School of Information and Computer Sciences at the University of California, Irvine, a Professor of Electrical Engineering and Computer Science in the Henry Samueli School of Engineering at UCI, and Director of UCI's Secure Systems and Software Laboratory.
He is a Fellow of the AAAS, a Fellow of the ACM, a Fellow of the IEEE, a Fellow of the IFIP, a recipient of the IEEE Computer Society's Technical Achievement Award and of a Humboldt Prize. He has graduated 33 PhDs. as primary advisor, published more than 130 peer-reviewed articles, and holds 6 U.S. Patents.

Biography

Born and raised in Hamburg, Germany, Franz attended the Christianeum in Hamburg and the Gordonstoun School in Elgin, Scotland and eventually graduated from the Christianeum with an accelerated high school diploma ahead of the rest of his class.
After completing military service in Germany, Franz moved to Switzerland to begin studies of computer science at ETH Zurich, finishing his Diplom-Ingenieur degree in 1989. During his undergraduate years, he was President of ETH's Computer Science Students Association.
Declining a Full Fulbright scholarship that would have funded doctoral studies in the United States, he stayed at ETH and began doctoral studies under the supervision of Turing Award Winner Niklaus Wirth, completing his Doctor of Technical Sciences degree in 1994.
Following two further years at ETH Zurich as a Senior Research Associate and lecturer, he joined the University of California, Irvine as an Assistant Professor of Computer Science in January 1996. He was promoted to Associate Professor in 2001 and Full Professor in 2006. Since 2007, he has held a second appointment in UCI's School of Engineering, as a Professor of Electrical Engineering and Computer Sciences. In 2016, he was awarded the title Chancellor's Professor.

Research

Franz is well known for pioneering and advancing several research ideas that were quite unconventional when he proposed them and that now seem almost obvious in hindsight.
His doctoral dissertation, entitled "Code Generation On-The-Fly: A Key To Portable Software" proposed to make software portable among different target computer architectures by way of using on-the-fly compilation from a compressed intermediate data structure at load time. Two years later, the Java programming language and system were launched and took this idea mainstream, albeit using the term "just-in-time compilation" instead of the term "on-the-fly compilation" that Franz had used.
Franz was also one of the first academics to realise that JavaScript was going to be huge. At a time when most of the academic community was ignoring JavaScript and similar dynamic languages as "little scripting languages," Franz and his student Andreas Gal researched how one would best tackle the specific features of a dynamically typed language in a just-in-time compiler. The resulting technique, Trace Tree Compilation, is now covered by a U.S. Patent. Franz took this idea to Brendan Eich, the inventor of JavaScript and Mozilla's CTO at the time, and a collaborative project between UCI and Mozilla was born that eventually culminated in the TraceMonkey JavaScript engine in Firefox.
More recently, Franz has been one of the main drivers of the "Moving Target Defense" movement for cyber security. He has been pioneering compiler-generated software diversity as a defence mechanism against software attacks, inspired by biodiversity in nature. Imagine an "App Store" containing a diversification engine that automatically generates a unique version of every program for every user. All the different versions of the same program behave in exactly the same way from the perspective of the end-user, but they implement their functionality in subtly different ways. As a result, any specific attack will succeed only on a small fraction of targets. An attacker would require a large number of different attacks and would have no way of knowing a priori which specific attack will succeed on which specific target. Equally importantly, this approach makes it much more difficult for an attacker to generate attack vectors by way of reverse engineering of security patches.
This project has attracted attention beyond academia, with coverage in the popular press ranging from as far as The Economist to Wired Magazine. Franz and some of his students hold a U.S. Patent on some of the underlying ideas.