home · mobile · calendar · colloquia · 2001-2002 · 

Colloquium - Zdancewic

Programming Languages for Information Security
Department of Computer Science, Cornell University

Our society's widespread dependence on networked information systems for everything from personal finance to military communications makes it essential to improve the reliability and security of software. Recently, programming-languages research has demonstrated that security concerns can be addressed by using both program analysis and program rewriting as powerful and flexible enforcement mechanisms.

I will describe how to use programming-language techniques to enforce information-flow policies, which are a natural, high-level way of specifying how programs may manipulate confidential data. One challenge is to verify information-flow policies in low-level (assembly or bytecode) programs. Doing so is desirable for security because it creates the possibilities of removing the compiler from the trusted computing base and verifying mobile code. A second challenge is to enforce information-flow policies in distributed systems without the need for a universally trusted computing platform. I will show how both of these problems can be addressed by compiler techniques.

Hosted by Amer Diwan.
Refreshments will be served immediately following the talk in ECOT 831.

Department of Computer Science
University of Colorado Boulder
Boulder, CO 80309-0430 USA
May 5, 2012 (14:13)