Write a Blog >>

The high-profile attacks and data-breaches of the last few years demonstrate the importance of securing software. While there are ever more tools that can analyze systems for vulnerabilities, these do not help the programmer write secure code in the first place. To prevent security from becoming a bottleneck–and to prevent expensive security mistakes from becoming increasingly probable–we need to make it easier to write provably secure software.

My work on policy-agnostic programming addresses the issue of unintentional information leaks by factoring out the implementation of information flow security from other functionality. In this paradigm, programmers specify policies about how sensitive data may be used directly with the data, instead of as conditional checks across a program. In this talk, I present dynamic and static approaches for policy-agnostic programming, show how to extend these approaches to support database-backed web applications, and discuss how the policy-agnostic approach can help us secure legacy code written in existing languages.

Tue 20 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

10:25 - 12:45
Tuesday - 10:25 - 12:45 - AuditoriumCurry On Talks at Auditorium, Vertex Building
10:25
40m
Talk
Building Tools and Languages for Terabyte Scale Biology: A Call to Action
Curry On Talks
Daniel King Broad Institute
11:15
40m
Talk
Preventing Information Leaks by Construction
Curry On Talks
Jean Yang Carnegie Mellon University
12:05
40m
Talk
The Sharp Edges of Leaky Abstraction
Curry On Talks
Mark Allen Alert Logic