Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

New programming language to plug information leaks in software

23.11.2011
The current method for preventing users and unauthorised individuals from obtaining information to which they should not have access in data programs is often to have code reviewers check the code manually, looking for potential weaknesses. Niklas Broberg of the University of Gothenburg has developed a new programming language which automatically identifies potential information leaks while the program is being written.

The most common causes of security issues in today’s software are not inadequate network security, poor security protocols or weak encryption mechanisms. In most cases, they are the result of imperfectly written software that contains the potential for information leaks.

Users are able to exploit leaks and loopholes that are unintentionally introduced during programming, to obtain more information than they should have access to. Unauthorised users may also be able to manipulate sensitive information in the system, such as that contained in a database.

Currently, the most common method of preventing leaks, loopholes and manipulation is to rely on so-called code reviewers, who “proof-read” the code manually in order to identify errors and deficiencies once the programmers are finished with the code.

Paragon identifies potential information leaks while the program is being written

As a solution to these problems, Niklas Broberg has developed the programming language Paragon. The methodology is presented in his thesis "Practical, Flexible Programming with Information Flow Control" which was written in August 2011.

“The main strength of Paragon is its ability to automatically identify potential information leaks while the program is being developed,” says Niklas Broberg. “Paragon is an extension of the commonly-used programming language Java and has been designed to be easy to use. A programmer will easily be able to add my specifications to his or her Java program, thus benefiting from the strong security guarantees that the language provides.”

Two-stage security process

Niklas Broberg’s method has two stages. The first stage specifies how information in the software may be used, who should be allowed access to it and under what conditions. Stage two of the security process takes place during compilation, where the program's use of information is analysed in depth. If the analysis identifies a risk for sensitive information leaking or being manipulated, the compiler reports an error, enabling the programmer to resolve the issue immediately. The analysis is proven to provide better guarantees than all previous attempts in this field.

“Achieving information security in a system requires a chain of different measures, with the system only being as secure as its weakest link,” says Niklas Broberg. “We can have completely effective methods for guaranteeing the authentication of users or encryption of data, but which can be circumvented in practice due to information leaks. Security loopholes in software are currently the most common source of vulnerabilities in our computer systems and it is high time we take these problems seriously.”

For more information, please contact: Niklas Broberg
Telephone: +46 (0)31–772 1058, +46 (0)70–649 35 46

Helena Aaberg | idw
Further information:
http://www.gu.se
http://hdl.handle.net/2077/26534

More articles from Information Technology:

nachricht CiViQ brings quantum technologies to the telecommunications arena
21.11.2018 | Fraunhofer-Institut für Nachrichtentechnik, Heinrich-Hertz-Institut, HHI

nachricht Earthquake researchers finalists for supercomputing prize
19.11.2018 | University of Tokyo

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: First diode for magnetic fields

Innsbruck quantum physicists have constructed a diode for magnetic fields and then tested it in the laboratory. The device, developed by the research groups led by the theorist Oriol Romero-Isart and the experimental physicist Gerhard Kirchmair, could open up a number of new applications.

Electric diodes are essential electronic components that conduct electricity in one direction but prevent conduction in the opposite one. They are found at the...

Im Focus: Nonstop Tranport of Cargo in Nanomachines

Max Planck researchers revel the nano-structure of molecular trains and the reason for smooth transport in cellular antennas.

Moving around, sensing the extracellular environment, and signaling to other cells are important for a cell to function properly. Responsible for those tasks...

Im Focus: UNH scientists help provide first-ever views of elusive energy explosion

Researchers at the University of New Hampshire have captured a difficult-to-view singular event involving "magnetic reconnection"--the process by which sparse particles and energy around Earth collide producing a quick but mighty explosion--in the Earth's magnetotail, the magnetic environment that trails behind the planet.

Magnetic reconnection has remained a bit of a mystery to scientists. They know it exists and have documented the effects that the energy explosions can...

Im Focus: A Chip with Blood Vessels

Biochips have been developed at TU Wien (Vienna), on which tissue can be produced and examined. This allows supplying the tissue with different substances in a very controlled way.

Cultivating human cells in the Petri dish is not a big challenge today. Producing artificial tissue, however, permeated by fine blood vessels, is a much more...

Im Focus: A Leap Into Quantum Technology

Faster and secure data communication: This is the goal of a new joint project involving physicists from the University of Würzburg. The German Federal Ministry of Education and Research funds the project with 14.8 million euro.

In our digital world data security and secure communication are becoming more and more important. Quantum communication is a promising approach to achieve...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

Optical Coherence Tomography: German-Japanese Research Alliance hosted Medical Imaging Conference

19.11.2018 | Event News

“3rd Conference on Laser Polishing – LaP 2018” Attracts International Experts and Users

09.11.2018 | Event News

On the brain’s ability to find the right direction

06.11.2018 | Event News

 
Latest News

Helping to Transport Proteins Inside the Cell

21.11.2018 | Life Sciences

Meta-surface corrects for chromatic aberrations across all kinds of lenses

21.11.2018 | Power and Electrical Engineering

Removing toxic mercury from contaminated water

21.11.2018 | Life Sciences

VideoLinks
Science & Research
Overview of more VideoLinks >>>