Colloquium Details
Programming Languages for Secure Information Flow
Author: | Stephan Zdancewic Cornell University |
---|---|
Date: | February 14, 2002 |
Time: | 15:30 |
Location: | 220 Deschutes |
Abstract
Our society's widespread dependence on networked information systems for everything from personal finance to military communications makes it essential to improve the reliability and security of software. Recently, programming-languages research has demonstrated that security concerns can be addressed by using both program analysis and program rewriting as powerful and flexible enforcement mechanisms.
I will describe how to use programming-language techniques to enforce information-flow policies, which are a natural, high-level way of specifying how programs may manipulate confidential data. One challenge is to verify information-flow policies in low-level (assembly or bytecode) programs. Doing so is desirable for security because it creates the possibilities of removing the compiler from the trusted computing base and verifying mobile code. A second challenge is to enforce information-flow policies in distributed systems without the need for a universally trusted computing platform. I will show how both of these problems can be addressed by compiler techniques.
Biography
Stephan Zdancewic is a Ph.D. candidate in the Department of Computer Science at Cornell University. He received his M.S. in Computer Science from Cornell University and his B.S. in Computer Science and Mathematics from Carnegie Mellon University. His main research interests encompass programming languages and security with the goal of providing techniques and tools for building safe, reliable and secure systems.