Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

New programming language to plug information leaks in software

23.11.2011
The current method for preventing users and unauthorised individuals from obtaining information to which they should not have access in data programs is often to have code reviewers check the code manually, looking for potential weaknesses. Niklas Broberg of the University of Gothenburg has developed a new programming language which automatically identifies potential information leaks while the program is being written.

The most common causes of security issues in today’s software are not inadequate network security, poor security protocols or weak encryption mechanisms. In most cases, they are the result of imperfectly written software that contains the potential for information leaks.

Users are able to exploit leaks and loopholes that are unintentionally introduced during programming, to obtain more information than they should have access to. Unauthorised users may also be able to manipulate sensitive information in the system, such as that contained in a database.

Currently, the most common method of preventing leaks, loopholes and manipulation is to rely on so-called code reviewers, who “proof-read” the code manually in order to identify errors and deficiencies once the programmers are finished with the code.

Paragon identifies potential information leaks while the program is being written

As a solution to these problems, Niklas Broberg has developed the programming language Paragon. The methodology is presented in his thesis "Practical, Flexible Programming with Information Flow Control" which was written in August 2011.

“The main strength of Paragon is its ability to automatically identify potential information leaks while the program is being developed,” says Niklas Broberg. “Paragon is an extension of the commonly-used programming language Java and has been designed to be easy to use. A programmer will easily be able to add my specifications to his or her Java program, thus benefiting from the strong security guarantees that the language provides.”

Two-stage security process

Niklas Broberg’s method has two stages. The first stage specifies how information in the software may be used, who should be allowed access to it and under what conditions. Stage two of the security process takes place during compilation, where the program's use of information is analysed in depth. If the analysis identifies a risk for sensitive information leaking or being manipulated, the compiler reports an error, enabling the programmer to resolve the issue immediately. The analysis is proven to provide better guarantees than all previous attempts in this field.

“Achieving information security in a system requires a chain of different measures, with the system only being as secure as its weakest link,” says Niklas Broberg. “We can have completely effective methods for guaranteeing the authentication of users or encryption of data, but which can be circumvented in practice due to information leaks. Security loopholes in software are currently the most common source of vulnerabilities in our computer systems and it is high time we take these problems seriously.”

For more information, please contact: Niklas Broberg
Telephone: +46 (0)31–772 1058, +46 (0)70–649 35 46

Helena Aaberg | idw
Further information:
http://www.gu.se
http://hdl.handle.net/2077/26534

More articles from Information Technology:

nachricht Accelerating quantum technologies with materials processing at the atomic scale
15.05.2019 | University of Oxford

nachricht A step towards probabilistic computing
15.05.2019 | University of Konstanz

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Self-repairing batteries

UTokyo engineers develop a way to create high-capacity long-life batteries

Engineers at the University of Tokyo continually pioneer new ways to improve battery technology. Professor Atsuo Yamada and his team recently developed a...

Im Focus: Quantum Cloud Computing with Self-Check

With a quantum coprocessor in the cloud, physicists from Innsbruck, Austria, open the door to the simulation of previously unsolvable problems in chemistry, materials research or high-energy physics. The research groups led by Rainer Blatt and Peter Zoller report in the journal Nature how they simulated particle physics phenomena on 20 quantum bits and how the quantum simulator self-verified the result for the first time.

Many scientists are currently working on investigating how quantum advantage can be exploited on hardware already available today. Three years ago, physicists...

Im Focus: Accelerating quantum technologies with materials processing at the atomic scale

'Quantum technologies' utilise the unique phenomena of quantum superposition and entanglement to encode and process information, with potentially profound benefits to a wide range of information technologies from communications to sensing and computing.

However a major challenge in developing these technologies is that the quantum phenomena are very fragile, and only a handful of physical systems have been...

Im Focus: A step towards probabilistic computing

Working group led by physicist Professor Ulrich Nowak at the University of Konstanz, in collaboration with a team of physicists from Johannes Gutenberg University Mainz, demonstrates how skyrmions can be used for the computer concepts of the future

When it comes to performing a calculation destined to arrive at an exact result, humans are hopelessly inferior to the computer. In other areas, humans are...

Im Focus: Recording embryonic development

Scientists develop a molecular recording tool that enables in vivo lineage tracing of embryonic cells

The beginning of new life starts with a fascinating process: A single cell gives rise to progenitor cells that eventually differentiate into the three germ...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

SEMANTiCS 2019 brings together industry leaders and data scientists in Karlsruhe

29.04.2019 | Event News

Revered mathematicians and computer scientists converge with 200 young researchers in Heidelberg!

17.04.2019 | Event News

First dust conference in the Central Asian part of the earth’s dust belt

15.04.2019 | Event News

 
Latest News

Summit charts a course to uncover the origins of genetic diseases

22.05.2019 | Life Sciences

New study finds distinct microbes living next to corals

22.05.2019 | Life Sciences

Stellar waltz with dramatic ending

22.05.2019 | Physics and Astronomy

VideoLinks
Science & Research
Overview of more VideoLinks >>>