Our society's widespread dependence on networked information systems for everything from personal finance to military communications makes it essential to improve the reliability and security of software. Recently, programming-languages research has demonstrated that security concerns can be addressed by using both program analysis and program rewriting as powerful and flexible enforcement mechanisms.
I will describe how to use programming-language techniques to enforce information-flow policies, which are a natural, high-level way of specifying how programs may manipulate confidential data. One challenge is to verify information-flow policies in low-level (assembly or bytecode) programs. Doing so is desirable for security because it creates the possibilities of removing the compiler from the trusted computing base and verifying mobile code. A second challenge is to enforce information-flow policies in distributed systems without the need for a universally trusted computing platform. I will show how both of these problems can be addressed by compiler techniques.
Hosted by Amer Diwan.
Refreshments will be served immediately following the talk in ECOT 831.