The most common causes of security issues in today’s software are not inadequate network security, poor security protocols or weak encryption mechanisms. In most cases, they are the result of imperfectly written software that contains the potential for information leaks.
Users are able to exploit leaks and loopholes that are unintentionally introduced during programming, to obtain more information than they should have access to. Unauthorised users may also be able to manipulate sensitive information in the system, such as that contained in a database.
Currently, the most common method of preventing leaks, loopholes and manipulation is to rely on so-called code reviewers, who “proof-read” the code manually in order to identify errors and deficiencies once the programmers are finished with the code.
Paragon identifies potential information leaks while the program is being written
As a solution to these problems, Niklas Broberg has developed the programming language Paragon. The methodology is presented in his thesis "Practical, Flexible Programming with Information Flow Control" which was written in August 2011.
“The main strength of Paragon is its ability to automatically identify potential information leaks while the program is being developed,” says Niklas Broberg. “Paragon is an extension of the commonly-used programming language Java and has been designed to be easy to use. A programmer will easily be able to add my specifications to his or her Java program, thus benefiting from the strong security guarantees that the language provides.”
Two-stage security process
Niklas Broberg’s method has two stages. The first stage specifies how information in the software may be used, who should be allowed access to it and under what conditions. Stage two of the security process takes place during compilation, where the program's use of information is analysed in depth. If the analysis identifies a risk for sensitive information leaking or being manipulated, the compiler reports an error, enabling the programmer to resolve the issue immediately. The analysis is proven to provide better guarantees than all previous attempts in this field.
“Achieving information security in a system requires a chain of different measures, with the system only being as secure as its weakest link,” says Niklas Broberg. “We can have completely effective methods for guaranteeing the authentication of users or encryption of data, but which can be circumvented in practice due to information leaks. Security loopholes in software are currently the most common source of vulnerabilities in our computer systems and it is high time we take these problems seriously.”For more information, please contact: Niklas Broberg
Stanford researchers create new special-purpose computer that may someday save us billions
21.10.2016 | Stanford University
New 3-D wiring technique brings scalable quantum computers closer to reality
19.10.2016 | University of Waterloo
Researchers from the Institute for Quantum Computing (IQC) at the University of Waterloo led the development of a new extensible wiring technique capable of controlling superconducting quantum bits, representing a significant step towards to the realization of a scalable quantum computer.
"The quantum socket is a wiring method that uses three-dimensional wires based on spring-loaded pins to address individual qubits," said Jeremy Béjanin, a PhD...
In a paper in Scientific Reports, a research team at Worcester Polytechnic Institute describes a novel light-activated phenomenon that could become the basis for applications as diverse as microscopic robotic grippers and more efficient solar cells.
A research team at Worcester Polytechnic Institute (WPI) has developed a revolutionary, light-activated semiconductor nanocomposite material that can be used...
By forcefully embedding two silicon atoms in a diamond matrix, Sandia researchers have demonstrated for the first time on a single chip all the components needed to create a quantum bridge to link quantum computers together.
"People have already built small quantum computers," says Sandia researcher Ryan Camacho. "Maybe the first useful one won't be a single giant quantum computer...
COMPAMED has become the leading international marketplace for suppliers of medical manufacturing. The trade fair, which takes place every November and is co-located to MEDICA in Dusseldorf, has been steadily growing over the past years and shows that medical technology remains a rapidly growing market.
In 2016, the joint pavilion by the IVAM Microtechnology Network, the Product Market “High-tech for Medical Devices”, will be located in Hall 8a again and will...
'Ferroelectric' materials can switch between different states of electrical polarization in response to an external electric field. This flexibility means they show promise for many applications, for example in electronic devices and computer memory. Current ferroelectric materials are highly valued for their thermal and chemical stability and rapid electro-mechanical responses, but creating a material that is scalable down to the tiny sizes needed for technologies like silicon-based semiconductors (Si-based CMOS) has proven challenging.
Now, Hiroshi Funakubo and co-workers at the Tokyo Institute of Technology, in collaboration with researchers across Japan, have conducted experiments to...
14.10.2016 | Event News
14.10.2016 | Event News
12.10.2016 | Event News
21.10.2016 | Health and Medicine
21.10.2016 | Information Technology
21.10.2016 | Materials Sciences