Charla: Wyvern: An Extensible Language for Secure Systems

Jonathan Aldrich, Carnegie Mellon University
21 Enero, 2015 - 14:00
Auditorio DCC, tercer piso.


Security is an increasingly important concern for software systems, but building systems securely remains difficult.  In this talk, I will discuss two ways in which improvements in language design can help make systems more secure.  First, we can combat command injection by providing a rich syntax extension mechanism within the programming language, making it easier to use native, and safe, syntax for commands than to use unsafe string concatenation.  Second, we can clarify and shrink the attack surface of components by replacing the ad-hoc type-test constructs of object-oriented languages with a new, more foundational tagging mechanism.  Both ideas will be illustrated using Wyvern, a language currently under development at Carnegie Mellon University.

About the speaker:

Jonathan Aldrich is Associate Professor of Computer Science at Carnegie Mellon University.  He is the director of CMU's Software Engineering Ph.D. program, and he teaches courses in programming languages, software engineering, and program analysis for quality and security.  In addition, he serves as a consultant on architecture, design, process, and legal issues in the software industry.