The most common causes of security issues in today’s software are not inadequate network security, poor security protocols or weak encryption mechanisms. In most cases, they are the result of imperfectly written software that contains the potential for information leaks.
Users are able to exploit leaks and loopholes that are unintentionally introduced during programming, to obtain more information than they should have access to. Unauthorised users may also be able to manipulate sensitive information in the system, such as that contained in a database.
Currently, the most common method of preventing leaks, loopholes and manipulation is to rely on so-called code reviewers, who “proof-read” the code manually in order to identify errors and deficiencies once the programmers are finished with the code.
Paragon identifies potential information leaks while the program is being written
As a solution to these problems, Niklas Broberg has developed the programming language Paragon. The methodology is presented in his thesis "Practical, Flexible Programming with Information Flow Control" which was written in August 2011.
“The main strength of Paragon is its ability to automatically identify potential information leaks while the program is being developed,” says Niklas Broberg. “Paragon is an extension of the commonly-used programming language Java and has been designed to be easy to use. A programmer will easily be able to add my specifications to his or her Java program, thus benefiting from the strong security guarantees that the language provides.”
Two-stage security process
Niklas Broberg’s method has two stages. The first stage specifies how information in the software may be used, who should be allowed access to it and under what conditions. Stage two of the security process takes place during compilation, where the program's use of information is analysed in depth. If the analysis identifies a risk for sensitive information leaking or being manipulated, the compiler reports an error, enabling the programmer to resolve the issue immediately. The analysis is proven to provide better guarantees than all previous attempts in this field.
“Achieving information security in a system requires a chain of different measures, with the system only being as secure as its weakest link,” says Niklas Broberg. “We can have completely effective methods for guaranteeing the authentication of users or encryption of data, but which can be circumvented in practice due to information leaks. Security loopholes in software are currently the most common source of vulnerabilities in our computer systems and it is high time we take these problems seriously.”For more information, please contact: Niklas Broberg
Color barcode becomes ISO standard
14.07.2020 | Fraunhofer-Institut für Sichere Informationstechnologie SIT
Virtual reality can assist with the evaluation of future transport concepts
13.07.2020 | Fraunhofer-Institut für Arbeitswirtschaft und Organisation IAO
Biochemists at Martin Luther University Halle-Wittenberg (MLU) have used a standard electron cryo-microscope to achieve surprisingly good images that are on par with those taken by far more sophisticated equipment. They have succeeded in determining the structure of ferritin almost at the atomic level. Their results were published in the journal "PLOS ONE".
Electron cryo-microscopy has become increasingly important in recent years, especially in shedding light on protein structures. The developers of the new...
New insight into the spin behavior in an exotic state of matter puts us closer to next-generation spintronic devices
Aside from the deep understanding of the natural world that quantum physics theory offers, scientists worldwide are working tirelessly to bring forth a...
Kiel physics team observed extremely fast electronic changes in real time in a special material class
In physics, they are currently the subject of intensive research; in electronics, they could enable completely new functions. So-called topological materials...
Solar cells based on perovskite compounds could soon make electricity generation from sunlight even more efficient and cheaper. The laboratory efficiency of these perovskite solar cells already exceeds that of the well-known silicon solar cells. An international team led by Stefan Weber from the Max Planck Institute for Polymer Research (MPI-P) in Mainz has found microscopic structures in perovskite crystals that can guide the charge transport in the solar cell. Clever alignment of these "electron highways" could make perovskite solar cells even more powerful.
Solar cells convert sunlight into electricity. During this process, the electrons of the material inside the cell absorb the energy of the light....
Empa researchers have succeeded in applying aerogels to microelectronics: Aerogels based on cellulose nanofibers can effectively shield electromagnetic radiation over a wide frequency range – and they are unrivalled in terms of weight.
Electric motors and electronic devices generate electromagnetic fields that sometimes have to be shielded in order not to affect neighboring electronic...
07.07.2020 | Event News
02.07.2020 | Event News
19.05.2020 | Event News
14.07.2020 | Information Technology
14.07.2020 | Life Sciences
14.07.2020 | Life Sciences