Sciweavers

ACSAC
2006
IEEE

From Languages to Systems: Understanding Practical Application Development in Security-typed Languages

14 years 6 months ago
From Languages to Systems: Understanding Practical Application Development in Security-typed Languages
Security-typed languages are an evolving tool for implementing systems with provable security guarantees. However, to date, these tools have only been used to build simple “toy” programs. As described in this paper, we have developed the first real-world, security-typed application: a secure email system written in the Java language variant Jif. Real-world policies are mapped onto the information flows controlled by the language primitives, and we consider the process and tractability of broadly enforcing security policy in commodity applications. We find that while the language provided the rudimentary tools to achieve low-level security goals, additional tools, services, and language extensions were necessary to formulate and enforce application policy. We detail the design and use of these tools. We also show how the strong guarantees of Jif in conjunction with our policy tools can be used to evaluate security. This work serves as a starting point–we have demonstrated that...
Boniface Hicks, Kiyan Ahmadizadeh, Patrick Drew Mc
Added 10 Jun 2010
Updated 10 Jun 2010
Type Conference
Year 2006
Where ACSAC
Authors Boniface Hicks, Kiyan Ahmadizadeh, Patrick Drew McDaniel
Comments (0)