Abstract
Most software developed today runs in an Internet-connected, and hence possibly hostile environment. As a consequence, it is generally recognized that it is important to pay attention to security aspects during the development of software.
The programming language used for development can have a significant impact on the security of the software product: it is for instance easier to write secure code in Java than in C or C++.
This talk discusses a representative selection of advances in programming language technology that can further improve the security properties of Java, and will likely influence the future evolution of Java-like languages.
The audience will be given a taste of new type systems, new program analysis techniques, and new modularization constructs that can improve the security properties of programs. Prototype implementations of all these technologies (most often as extensions of the Java language) have been made by different research teams, and are freely available.
The talk will cover:
- type systems that can eradicate the most common programming errors in Java, such as null dereferencing, race conditions and unintented sharing of object references. (Prototype implementations: SafeJava, ArchJava and Spec#)
- type systems that control information flow in Java programs. (Prototype implementation: JIF)
- program analysis techniques that support user-friendly verification of light-weight specifications. (Prototype implementations: ESC/Java, Spec#)
- new aspect-oriented modularization constructs that can support reusable security components. (Representative prototypes: AspectJ, Caesar, Lasagne/J)
Date and Time
Thursday, December 16th 2004 - 14:00-15:00
Audience
Expert
Speaker
Interesting Links
