Extending Developer Tools for Security-typed Languages

Award #: N/A
Amount Awarded: $23,200
Sponsoring Organization: Software Engineering Research Center
Grant Period: 2005-2006
Primary Investigator(s): Patrick McDaniel (PI) and Patrick Boniface Hicks (Co-PI)

Abstract

This work seeks to provide developer tools for JifĐa robust, powerful security-typed languageĐusing EclipseĐa powerful, flexible, open source framework which has been used for building IDEs. Although Jif is very promising for developing secure programs, it is currently inhibitive for real applications. We propose to build visualization and automation tools to assist programmers with tasks which currently make Jif programming prohibitive. This work will make Jif accessible for programming real applications.

Currently, security-typed languages (such as Jif) provide much promise, but are essentially unused. The tools we plan to build will be an important advance towards more wide-spread use of security-typed languages, especially Jif. Our work holds the promise of more rapid development of programs with provably secure information flows. If this is realized, it will have a broad impact on all applications that need to enforce confidentiality policies on data, such as medical databases, file systems, commercial applications and military applications, to name a few.

Related Research Projects

Secure Languages

Related Publications

Boniface Hicks, Timothy Misiak, and Patrick McDaniel, Channels: Runtime System Infrastructure for Security-typed Languages. 23rd Annual Computer Security Applications Conference (ACSAC), December 2007.

Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel, From Trusted to Secure: Building and Executing Applications that Enforce System Security. Proceedings of the USENIX Annual Technical Conference, June 2007. [Full Paper: pdf Abstract]

Boniface Hicks, Dave King, and Patrick McDaniel, Jifclipse: Development Tools for Security-Typed Applications. Proceedings of the 2nd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '07), ACM Press, June 14 2007. Editor: Michael Hicks. [Full Paper: pdf Abstract]

Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel, Integrating SELinux with Security-typed Languages. Third Annual Security Enhanced Linux Symposium, March 2007. [Full Paper: pdf Abstract]

Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel, From Trusted to Secure: Building and Executing Applications that Enforce System Security. Technical Report NAS-TR-0061-2007, Network and Security Research Center, January 2007.

Boniface Hicks, Kiyan Ahmadizadeh, and Patrick McDaniel, Understanding Practical Application Development in Security-typed Languages. 22st Annual Computer Security Applications Conference (ACSAC), December 2006. [Full Paper: pdf Abstract]

Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel, Breaking Down the Walls of Mutual Distrust: Security-typed Email Using Labeled IPsec. Technical Report NAS-TR-0049-2006, Network and Security Research Center, September 2006.

Boniface Hicks, Dave King, Patrick McDaniel, and Michael Hicks, Trusted Declassification: High-level policy for a security-typed language. Proceedings of the 1st ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '06), ACM Press, June 10 2006. [Full Paper: pdf Abstract]

Boniface Hicks, Kiyan Ahmadizadeh, and Patrick McDaniel, From Languages to Systems: Understanding Practical Application Development in Security-typed Languages. Technical Report NAS-TR-0035-2006, Network and Security Research Center, April 2006.

Boniface Hicks, Dave King, and Patrick McDaniel, Declassification with Cryptographic Functions in a Security-Typed Language. Technical Report NAS-TR-0004-2005, Network and Security Center, January 2005. (updated May 2005). [Full Paper: Abstract]