Language-based information-flow security technology (IFS)
is a research area based on an innovative fusion of programming language technology and computer security. IFS inspects the code of applications in order to limit the propagation of information, thereby permitting to
preserve confidentiality and integrity of data. Different from IFS, traditional security mechanisms like access control, anti-virus, and firewalls are unable to satisfactory preserve the secrecy of data, e.g., access controls provide no guarantees about how data is used once access is granted. Historically, IFS was thought and conceived for military scenarios but it has recently emerged as a promising technology that can solved the insecurities of web applications (e.g, cross-site scripting) and allows the safe execution of third-party code.
My research combines two research areas: IFS and functional programming (FP). Although these areas have been combined in the past, we focus on designing sound security libraries that, when used, provide IFS. To achieve that, I apply well-established concepts from FP (e.g, monads), program semantics, type-systems, and execution monitoring.
Although FP facilitates the design of mechanisms for IFS, it is not enough per se to solve every security problem that might compromise the confidentiality or integrity of data. I believe that FP facilitates to address some of the open challenges of IFS, several of them neglected by several of the state-of-the-art IFS tools, that thus pushing forward this technology to provide solutions for modern applications.