Abstract

Special purpose languages have been developed over the years to guarantee confidentiality or integrity of data. In practice, the impact of these languages has been limited. Rather than producing new languages from scratch, it has been shown that security policies can be also guaranteed via a library, which makes this technology more likely to be adopted. This course seeks to describe the principles behind libraries that provide information-flow security (IFS). We present security libraries for Haskell and Python. In Haskell, the concepts of Monads are used to enforce confidentiality and integrity policies either statically or dynamically. We formally prove that the abstraction provided by Monads can guarantee the security policy non-interference, i.e. that secrets are not leaked and that trustworthy data cannot be affected by untrustworthy inputs. In Python, the dynamic dispatch mechanisms and decorator concepts allow to implement a library able to provide taint-analysis, a special form of IFS, in a mostly transparent manner. The course is based on recently published research papers.

E-mail contact

Please, use the following e-mail address for contact in any course related matter:
eci-2011-security at googlegroups dot com .

You can also visit the google group web page and register!

Course related e-mail to any other e-mail address than the one above might not be handled at all or at lowest priority at best. You have been warned!

Lecturer

• Alejandro Russo