[Pl-seminar] Semantics Seminar Schedule

Mitchell Wand wand at ccs.neu.edu
Sat, 12 Oct 2002 00:05:00 -0400 (EDT)


NU Programming Languages Seminar
Wednesday, October 16, 2002  
206 Egan  Hall, Northeastern University
    (building 44 on http://www.campusmap.neu.edu/)
1030-1230

Andrei Sabelfeld

Language-Based Information-Flow Security

Current standard security practices do not provide substantial
assurance that the end-to-end behavior of a computing system
satisfies important security policies such as confidentiality.  An
end-to-end confidentiality policy might assert that secret input
data cannot be inferred by an attacker through the attacker's
observations of system output; this policy regulates information
flow.

Conventional security mechanisms such as access control and
encryption do not directly address the enforcement of
information-flow policies. Recently, a promising new approach has
been developed: the use of programming-language techniques for
specifying and enforcing information-flow policies.  In this article
we survey the past three decades of research on information-flow
security, particularly focusing on work that uses static program
analysis to enforce information-flow policies.  We give a structured
view of recent work in the area and identify some important open
challenges.

Paper available via
http://www.cs.cornell.edu/~andrei/Papers/jsac.ps
http://www.cs.cornell.edu/~andrei/Papers/jsac.pdf

Upcoming presentations:

To be announced.

--Mitch