Language-based information-flow security technology (IFS)
is a research area based on an innovative fusion of programming language technology and computer security. IFS inspects the code of applications in order to limit the propagation of information, thereby permitting to
preserve confidentiality and integrity of data. Different from IFS, traditional security mechanisms like access control, anti-virus, and firewalls are unable to satisfactory preserve the secrecy of data, e.g., access controls provide no guarantees about how data is used once access is granted. Historically, IFS was thought and conceived for military scenarios but it has recently emerged as a promising technology that can solved the insecurities of web applications (e.g, cross-site scripting) and allows the safe execution of third-party code.
My research combines two research areas: IFS and functional programming (FP). Although these areas have been combined in the past, we focus on designing sound security libraries that, when used, provide IFS. To achieve that, I apply well-established concepts from FP (e.g, monads), program semantics, type-systems, and execution monitoring.
Although FP facilitates the design of mechanisms for IFS, it is not enough per se to solve every security problem that might compromise the confidentiality or integrity of data. I believe that FP facilitates to address some of the open challenges of IFS, several of them neglected by several of the state-of-the-art IFS tools, that thus pushing forward this technology to provide solutions for modern applications.
PC member for
ICFP 2013 ,
WSegI 2012 ,
FMOODS-FORTE 2012 ,
ESSoS 2011 ,
TAIC 2010 ,
Haskell Symposium 2010 ,
ICFP 2010 ,
CSF 2010 ,
ESOP 2010 ,
FoSSaCS 2010 ,
ESOP 2010 ,
CIBSI 2009 ,
CSF 2009 ,
Bytecode 2009 ,
FAST 2008 ,
TGC 2008 ,
ESOP 2008 ,
ESOP 2007 ,
PLAS 2007 ,
APLAS 2006 , and
S & P 2006 .
Transactions on Programming Languages and Systems (TOPLAS),
Theoretical Computer Science ,
Transactions of Information and System Security (ACM TISSEC) ,
Transactions on Automatic Control (IEEE-TAC) ,
Information Processing Letters (IPL) , and
Journal of Computer Security (JCS) .
PhD committee member for:
Graduated Master Students
- Juan Jose Conti (2012): A Taint Mode for Python via a Library.
- Albert Disertholf (2009/2010): Providing Integrity Policies as a Library in Haskell.
- Ta-Chung Tsai (2007): Encoding Multithreaded Information Flow in Haskell.