Recent News
Hand and Machine Lab’s Experimental Clay Exhibition closing celebration Nov. 17
November 15, 2023
Moses selected as special assistant to the dean for educational initiatives
October 3, 2023
Computer science student navigates crime’s depths with AI at Department of Homeland Security internship
August 25, 2023
UNM researchers take a deep dive into our changing planet with SIMReef project
August 1, 2023
News Archives
[Colloquium] Secure Web Applications and Expressive Security Policies
February 28, 2008
- Date: Thursday, February 28, 2008
- Time: 11 am — 12:15 pm
- Place: ME 218
Stephen Chong
PhD Candidate Cornell University
Abstract: In this talk, I’ll present two recent projects that make programming with strong information security more practical: a new way of writing secure web applications, and a framework for expressing and enforcing an application’s security requirements.
Swift is a new way to write secure, efficient web applications. Application code is written as Java-like code, annotated with security policies. Using these policies, Swift partitions the application into JavaScript code to run on the client, and Java code to run on the server. Code and data are placed to ensure that the specified policies are obeyed, and also to provide good interactive performance. Security critical code and data are always placed on the server. Swift makes it easier to write secure web applications: the programmer does not need to worry about the secure or efficient placement of code and data.
Declassification occurs when the confidentiality of information is weakened, for example, allowing more people to read. Erasure is the opposite, and occurs when confidentiality is strengthened, for example, allowing fewer people to read, perhaps removing the information from the system entirely. We have designed a policy framework to express, and provable enforce, applications’ declassification and erasure requirements. We have used the policies in the implementation of a secure remote voting service, giving increased assurance that the voting service satisfies its information security requirements.
Bio: Stephen Chong is a Ph.D. candidate at Cornell University, in Ithaca, NY, where he is advised by Andrew Myers. Steve’s research focuses on language-based security and programming languages. He received a bachelor’s degree from Victoria University of Wellington, New Zealand, and plans to complete his doctorate by May 2008.