4/15/2002
2:00pm-3:00pm
ECCR 200
|
Programming Languages for Information Security
Department of Computer Science, Cornell University
Our society's widespread dependence on networked information systems for
everything from personal finance to military communications makes it essential
to improve the reliability and security of software. Recently,
programming-languages research has demonstrated that security concerns can be
addressed by using both program analysis and program rewriting as powerful and
flexible enforcement mechanisms.
I will describe how to use programming-language techniques to enforce
information-flow policies, which are a natural, high-level way of specifying
how programs may manipulate confidential data. One challenge is to verify
information-flow policies in low-level (assembly or bytecode) programs. Doing
so is desirable for security because it creates the possibilities of removing
the compiler from the trusted computing base and verifying mobile code. A
second challenge is to enforce information-flow policies in distributed systems
without the need for a universally trusted computing platform. I will show how
both of these problems can be addressed by compiler techniques.
Hosted by Amer Diwan.
Refreshments will be served immediately following the talk in ECOT 831.
|
The Department holds colloquia throughout the Fall and Spring semesters. These
colloquia, open to the public, are typically held on Thursday afternoons, but
sometimes occur at other times as well.
If you would like to receive email notification of upcoming colloquia,
subscribe to our
Colloquia Mailing List.
If you would like to schedule a colloquium, see
Colloquium Scheduling.
Sign language interpreters are available upon request. Please contact
Stephanie Morris at least five days prior to the colloquium.
|
