Skip Header NavigationIntranet 
CENTER FOR EMBEDDED NETWORKED SENSINGContactDirectionsEmploymentEventsNews
HomeAbout UsResearchEducationResourcesPeople

CENS Technical Seminar Series

Secure Web Applications and Expressive Security Policies

Invited Speaker: Stephen Chong
Date: February 13, 2009
Time: 1:00 PM - 2:00 PM
Venue: Boelter Hall 4760

Abstract

In this talk, I'll present two projects that make programming with strong information security more practical: a new way of writing secure web applications, and a framework for expressing and enforcing an application's security requirements.

Swift is a new way to write secure, efficient web applications. Application code is written as Java-like code, annotated with security policies. Using these policies, Swift partitions the application into JavaScript code to run on the client, and Java code to run on the server. Code and data are placed to ensure that the specified policies are obeyed, and also to provide good interactive performance. Security critical code and data are always placed on the server. Swift makes it easier to write secure web applications: the programmer does not need to worry about the secure or efficient placement of code and data.

The security of information changes over time. Declassification occurs when the confidentiality of information is weakened, for example, allowing more people to read. Erasure is the opposite, and occurs when confidentiality is strengthened, for example, allowing fewer people to read, perhaps removing the information from the system entirely. In the second project, we have designed a policy framework to express, and provable enforce, applications' declassification and erasure requirements. We have used the policies in the implementation of a secure remote voting service, giving increased assurance that the voting service satisfies its information security requirements.

Biography

Stephen Chong received a Ph.D. from Cornell University in August 2008, where he was advised by Andrew Myers. Steve's research focuses on programming languages, information security, and the intersection of these two areas. He is currently visiting the computer science departments at Harvey Mudd College and Pomona College, and will be joining Harvard University as an assistant professor in Fall 2009.