Faculty Candidate Seminar
Secure Web Applications and Expressive Security Policies
Add to Google Calendar
In this talk, I'll present two recent projects that make programming with strong information security more practical: a new way of writing secure web applications, and a framework for expressing and enforcing an application's security requirements.
Declassification occurs when the confidentiality of information is weakened, for example, allowing more people to read. Erasure is the opposite, and occurs when confidentiality is strengthened, for example, allowing fewer people to read, perhaps removing the information from the system entirely. We have designed a policy framework to express, and provable enforce, applications' declassification and erasure requirements. We have used the policies in the implementation of a secure remote voting service, giving increased assurance that the voting service satisfies its information security requirements.
Stephen Chong is a Ph.D. candidate at Cornell University, in Ithaca, NY where he is advised by Andrew Myers. Steve's research focuses on language-based security and programming languages. He received a bachelor's degree from Victoria University of Wellington, new Zealand, and plans to complete his doctorate by May 2008.