Many important security properties are consequences of the software architecture of a system, for example the choice to use middleware with known security characteristics. Unfortunately, engineers do not always follow the intended architectural design, resulting in vulnerable code. In our approach, sensitive modules are capabilities whose use can be controlled to enforce architectrural restrictions. We show, via working demonstrations paired with a smidgen of theory, that this lightweight approach can aid in enforcing a surprising variety of security properties, while significantly reducing the body of code that must be inspected for violations.

Jonathan Aldrich is Associate Professor of Computer Science at Carnegie Mellon University. He is the director of CMU’s Ph.D. and undergraduate minor programs in Software Engineering, and teaches courses in programming languages, software engineering, and program analysis for quality and security. In addition, he serves as a consultant on architecture, design, and legal issues in the software industry. Dr. Aldrich joined the CMU faculty after completing a Ph.D. at the University of Washington and a B.S. at Caltech.

Dr. Aldrich’s research centers on programming languages and type systems that are deeply informed by software engineering considerations. His research contributions include verifying the correct implementation of an architectural design, modular formal reasoning about code, and API protocol specification and verification. For his work on software architecture, Aldrich received a 2006 NSF CAREER award and the 2007 Dahl-Nygaard Junior Prize, given annually for a significant technical contribution to object-oriented programming. Current areas of research focus include extensible programming languages, analysis and type systems for security and productivity, and foundations of object-oriented programming.