PPLV Seminar: Preventing Information Leaks with Policy-Agnostic Programming

Speaker: Jean Yang, CMU
UCL Contact: Julia Savage (Visitors from outside UCL please email in advance).
Date/Time: 22 May 17, 14:30 - 15:30
Venue: Engineering Front Suite 104

Abstract

The high-profile attacks and data-breaches of the last few years demonstrate the importance of securing software. While there are ever more tools that can analyze systems for vulnerabilities, these do not help the programmer write secure code in the first place. To prevent security from becoming a bottleneck--and to prevent expensive security mistakes from becoming increasingly probable--we need to make it easier to write provably secure software.

My work on policy-agnostic programming addresses the issue of unintentional information leaks by factoring out the implementation of information flow security from other functionality. In this paradigm, programmers specify policies about how sensitive data may be used directly with the data, instead of as conditional checks across a program. In this talk, I present dynamic and static approaches for policy-agnostic programming, show how to extend these approaches to support database-backed web applications, and present recent efforts in using type-driven program repair to support this approach.

Jean Yang

Jean Yang is an Assistant Professor position in the Computer Science Department at Carnegie Mellon University. She received her AB from Harvard and PhD from MIT. Her research interests are in developing programming models and tools towards making provable guarantees ubiquitous. During her PhD she created a programming language, Jeeves, that factors information flow checks out of the rest of the program. Her paper on Verve, and operating system verified for type safety, received Best Paper Award at PLDI 2010. Jean also works on analysis tools for modeling intracellular signalling using rule-based graph-rewrite programs.