Secure Software
Anindya Banerjee, Ph.D.
Assistant Professor,
Department of Computer Science,
Stevens Institute of Technology
CS Faculty Candidate
March 2, 2001
11 a.m.
Fuller Laboratories (FL 320)
Abstract
You have downloaded software that is advertised as offering "powerful features for banking, investing, taxes and more!" But is the software secure? Will it leak confidential information (e.g., salary or social security number) to a data warehouse? Is there a way to provide assurance that such information is never leaked?
You want to implement a slicer to do program testing. For a specific testing criterion, and a point P in the program, you want to know what other parts of the program (i.e., the slice of the program with respect to the criterion) influence the values of variables at P. Is there a way to provide assurance that the values of variables at P are not influenced by values outside the slice?
You want to implement binding time analysis in a partial evaluator. Then static data must be separated from dynamic data, so that static computations can be performed before dynamic computations. Is there a way to provide assurance that static data is not influenced by dynamic data?
The examples above address diverse scenarios: information-flow for security, slicing, partial evaluation. But is there anything common to all of them? In this talk we explore our thesis that a notion of program dependence is the underlying thread that unites them. (This work is joint with Martin Abadi, Nevin Heintze and Jon G. Riecke.)
Host
Professor Micha Hofri
Maintained by webmaster@wpi.eduLast modified: Sep 27, 2006, 16:05 EDT
![[WPI]](http://www.wpi.edu/Buttons/seal.gif "WPI Homepage"){kind=small}
![[Home]](http://www.wpi.edu/Buttons/home.gif){kind=small}
![[Back]](http://www.wpi.edu/Buttons/back.gif){kind=small}
![[Top]](http://www.wpi.edu/Buttons/top.gif){kind=small}