[Colloq] HIRING TALK, TUESDAY, MARCH 5, 11:00AM, 149CN

Rachel Bates rachelb at ccs.neu.edu
Thu, 28 Feb 2002 09:27:52 -0500


Steve Zdancewic
will speak on:
Programming Languages for Secure Information Flow

Tuesday, March 5, 2002
11:00am
149 Cullinane Hall
Northeastern University


ABSTRACT

Our society’s widespread dependence on networked information systems for
everything from personal finance to military communications makes it
essential to improve the reliability and security of software.  Recently,
programming-languages research has demonstrated that security concerns can
be addressed by using both program analysis and program rewriting as
powerful and flexible enforcement mechanisms.
I will describe how to use programming-language techniques to enforce
information-flow policies, which are a natural, high-level way of specifying
how programs may manipulate confidential data.  One challenge is to verify
information-flow policies in low-level (assembly or bytecode) programs.
Doing so is desirable for security because it creates the possibilities of
removing the compiler from the trusted computing base and verifying mobile
code.  A second challenge is to enforce information-flow policies in
distributed systems without the need for a universally trusted computing
platform.  I will show how both of these problems can be addressed by
compiler techniques.

Host:
Mitch Wand