Carol Harlow harlow at deas.harvard.edu
Thu, 07 Mar 2002 09:07:01 -0500


Harvard University
Computer Science Colloquium Series
33 Oxford St., rm. 347, Cambridge, MA 02138
tel: (617) 496-1440  fax: (617) 495-9837


Programming Languages for Information Security

Steve Zdancewic
Cornell University

Thursday, March 7, 2002
 Maxwell Dworkin G125
 (Ice Cream at 3:30PM - Maxwell Dworkin 2nd Floor Lounge Area)

Our society's widespread dependence on networked information systems
for everything from personal finance to military communications makes
it essential to improve the reliability and security of software.
Recently, programming-languages research has demonstrated that security
concerns can be addressed by using both program analysis and program
rewriting as powerful and flexible enforcement mechanisms.

I will describe how to use programming-language techniques to enforce
information-flow policies, which are a natural, high-level way of
specifying how programs may manipulate confidential data.  One challenge
is to verify information-flow policies in low-level (assembly or
bytecode) programs. Doing so is desirable for security because it
creates the possibilities of removing the compiler from the trusted
computing base and verifying mobile code.  A second challenge is to
enforce information-flow policies in distributed systems without the
need for a universally trusted computing platform.  I will show how both
of these problems can be addressed by compiler techniques.

Host:    Professor Margo Seltzer