From Languages to Systems: Understanding Practical Application Development in Security-typed Languages

Miami Beach, Florida, USA December 11-December 15

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.30

22nd Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Boniface Hicks Articles by Kiyan Ahmadizadeh Articles by Patrick McDaniel

	ASCII Text	x
	Boniface Hicks, Kiyan Ahmadizadeh, Patrick McDaniel, "From Languages to Systems: Understanding Practical Application Development in Security-typed Languages," Computer Security Applications Conference, Annual, pp. 153-164, 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006.

	BibTex	x
	@article{ 10.1109/ACSAC.2006.30, author = {Boniface Hicks and Kiyan Ahmadizadeh and Patrick McDaniel}, title = {From Languages to Systems: Understanding Practical Application Development in Security-typed Languages}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2006}, issn = {1063-9527}, pages = {153-164}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.30}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - From Languages to Systems: Understanding Practical Application Development in Security-typed Languages SN - 1063-9527 SP153 EP164 A1 - Boniface Hicks, A1 - Kiyan Ahmadizadeh, A1 - Patrick McDaniel, PY - 2006 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Boniface Hicks, Pennsylvania State University, USA

Kiyan Ahmadizadeh, Pennsylvania State University, USA

Patrick McDaniel, Pennsylvania State University, USA

Security-typed languages are an evolving tool for implementing systems with provable security guarantees. However, to date, these tools have only been used to build simple ?toy? programs. As described in this paper, we have developed the first real-world, security-typed application: a secure email system written in the Java language variant Jif. Real-world policies are mapped onto the information flows controlled by the language primitives, and we consider the process and tractability of broadly enforcing security policy in commodity applications. We find that while the language provided the rudimentary tools to achieve low-level security goals, additional tools, services, and language extensions were necessary to formulate and enforce application policy. We detail the design and use of these tools. We also show how the strong guarantees of Jif in conjunction with our policy tools can be used to evaluate security. This work serves as a starting point--we have demonstrated that it is possible to implement real-world systems and policy using security-typed languages. However, further investigation of the developer tools and supporting policy infrastructure is necessary before they can fulfill their considerable promise of enabling more secure systems.

Citation:

Boniface Hicks, Kiyan Ahmadizadeh, Patrick McDaniel, "From Languages to Systems: Understanding Practical Application Development in Security-typed Languages," acsac, pp.153-164, 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.