Charla: Wyvern: An Extensible Language for Secure Systems


Compartir
Charlista: 
Jonathan Aldrich, Carnegie Mellon University
Fecha: 
21 Enero, 2015 - 14:00
Sala: 
Auditorio DCC, tercer piso.
Organización: 
PLEIAD

Abstract:

Security is an increasingly important concern for software systems, but building systems securely remains difficult.  In this talk, I will discuss two ways in which improvements in language design can help make systems more secure.  First, we can combat command injection by providing a rich syntax extension mechanism within the programming language, making it easier to use native, and safe, syntax for commands than to use unsafe string concatenation.  Second, we can clarify and shrink the attack surface of components by replacing the ad-hoc type-test constructs of object-oriented languages with a new, more foundational tagging mechanism.  Both ideas will be illustrated using Wyvern, a language currently under development at Carnegie Mellon University.

 
About the speaker:
 

Jonathan Aldrich is Associate Professor of Computer Science at Carnegie Mellon University.  He is the director of CMU's Software Engineering Ph.D. program, and he teaches courses in programming languages, software engineering, and program analysis for quality and security.  In addition, he serves as a consultant on architecture, design, process, and legal issues in the software industry.