TY - GEN
T1 - From languages to systems
T2 - 22nd Annual Computer Security Applications Conference, ACSAC 2006
AU - Hicks, Boniface
AU - Ahmadizadeh, Kiyan
AU - McDaniel, Patrick
PY - 2006
Y1 - 2006
N2 - Security-typed languages are an evolving tool for implementing systems with provable security guarantees. However, to date, these tools have only been used to build simple "toy" programs. As described in this paper, we have developed the first real-world, security-typed application: a secure email system written in the Java language variant Jif. Real-world policies are mapped onto the information flows controlled by the language primitives, and we consider the process and tractability of broadly enforcing security policy in commodity applications. We find that while the language provided the rudimentary tools to achieve low-level security goals, additional tools, services, and language extensions were necessary to formulate and enforce application policy. We detail the design and use of these tools. We also show how the strong guarantees of Jif in conjunction with our policy tools can be used to evaluate security. This work serves as a starting point-we have demonstrated that it is possible to implement real-world systems and policy using security-typed languages. However, further investigation of the developer tools and supporting policy infrastructure is necessary before they can fulfill their considerable promise of enabling more secure systems.
AB - Security-typed languages are an evolving tool for implementing systems with provable security guarantees. However, to date, these tools have only been used to build simple "toy" programs. As described in this paper, we have developed the first real-world, security-typed application: a secure email system written in the Java language variant Jif. Real-world policies are mapped onto the information flows controlled by the language primitives, and we consider the process and tractability of broadly enforcing security policy in commodity applications. We find that while the language provided the rudimentary tools to achieve low-level security goals, additional tools, services, and language extensions were necessary to formulate and enforce application policy. We detail the design and use of these tools. We also show how the strong guarantees of Jif in conjunction with our policy tools can be used to evaluate security. This work serves as a starting point-we have demonstrated that it is possible to implement real-world systems and policy using security-typed languages. However, further investigation of the developer tools and supporting policy infrastructure is necessary before they can fulfill their considerable promise of enabling more secure systems.
UR - http://www.scopus.com/inward/record.url?scp=39049162501&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=39049162501&partnerID=8YFLogxK
U2 - 10.1109/ACSAC.2006.30
DO - 10.1109/ACSAC.2006.30
M3 - Conference contribution
AN - SCOPUS:39049162501
SN - 0769527167
SN - 9780769527161
T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC
SP - 153
EP - 164
BT - Proceedings - Annual Computer Security Applications Conference, ACSAC
Y2 - 11 December 2006 through 15 December 2006
ER -