Recent News
Partnering for success: Computer Science students represent UNM in NASA and Supercomputing Competitions
December 11, 2024
New associate dean interested in helping students realize their potential
August 6, 2024
Hand and Machine Lab researchers showcase work at Hawaii conference
June 13, 2024
Two from School of Engineering to receive local 40 Under 40 awards
April 18, 2024
News Archives
[Colloquium] Secure Web Applications and Expressive Security Policies
February 28, 2008
- Date: Thursday, February 28, 2008
- Time: 11 am — 12:15 pm
- Place: ME 218
Stephen Chong
PhD Candidate Cornell University
Abstract: In this talk, I’ll present two recent projects that make programming with strong information security more practical: a new way of writing secure web applications, and a framework for expressing and enforcing an application’s security requirements.
Swift is a new way to write secure, efficient web applications. Application code is written as Java-like code, annotated with security policies. Using these policies, Swift partitions the application into JavaScript code to run on the client, and Java code to run on the server. Code and data are placed to ensure that the specified policies are obeyed, and also to provide good interactive performance. Security critical code and data are always placed on the server. Swift makes it easier to write secure web applications: the programmer does not need to worry about the secure or efficient placement of code and data.
Declassification occurs when the confidentiality of information is weakened, for example, allowing more people to read. Erasure is the opposite, and occurs when confidentiality is strengthened, for example, allowing fewer people to read, perhaps removing the information from the system entirely. We have designed a policy framework to express, and provable enforce, applications’ declassification and erasure requirements. We have used the policies in the implementation of a secure remote voting service, giving increased assurance that the voting service satisfies its information security requirements.
Bio: Stephen Chong is a Ph.D. candidate at Cornell University, in Ithaca, NY, where he is advised by Andrew Myers. Steve’s research focuses on language-based security and programming languages. He received a bachelor’s degree from Victoria University of Wellington, New Zealand, and plans to complete his doctorate by May 2008.