The most common causes of security issues in today’s software are not inadequate network security, poor security protocols or weak encryption mechanisms. In most cases, they are the result of imperfectly written software that contains the potential for information leaks.
Users are able to exploit leaks and loopholes that are unintentionally introduced during programming, to obtain more information than they should have access to. Unauthorised users may also be able to manipulate sensitive information in the system, such as that contained in a database.
Currently, the most common method of preventing leaks, loopholes and manipulation is to rely on so-called code reviewers, who “proof-read” the code manually in order to identify errors and deficiencies once the programmers are finished with the code.
Paragon identifies potential information leaks while the program is being written
As a solution to these problems, Niklas Broberg has developed the programming language Paragon. The methodology is presented in his thesis "Practical, Flexible Programming with Information Flow Control" which was written in August 2011.
“The main strength of Paragon is its ability to automatically identify potential information leaks while the program is being developed,” says Niklas Broberg. “Paragon is an extension of the commonly-used programming language Java and has been designed to be easy to use. A programmer will easily be able to add my specifications to his or her Java program, thus benefiting from the strong security guarantees that the language provides.”
Two-stage security process
Niklas Broberg’s method has two stages. The first stage specifies how information in the software may be used, who should be allowed access to it and under what conditions. Stage two of the security process takes place during compilation, where the program's use of information is analysed in depth. If the analysis identifies a risk for sensitive information leaking or being manipulated, the compiler reports an error, enabling the programmer to resolve the issue immediately. The analysis is proven to provide better guarantees than all previous attempts in this field.
“Achieving information security in a system requires a chain of different measures, with the system only being as secure as its weakest link,” says Niklas Broberg. “We can have completely effective methods for guaranteeing the authentication of users or encryption of data, but which can be circumvented in practice due to information leaks. Security loopholes in software are currently the most common source of vulnerabilities in our computer systems and it is high time we take these problems seriously.”For more information, please contact: Niklas Broberg
Accelerating quantum technologies with materials processing at the atomic scale
15.05.2019 | University of Oxford
A step towards probabilistic computing
15.05.2019 | University of Konstanz
Engineers at the University of Tokyo continually pioneer new ways to improve battery technology. Professor Atsuo Yamada and his team recently developed a...
With a quantum coprocessor in the cloud, physicists from Innsbruck, Austria, open the door to the simulation of previously unsolvable problems in chemistry, materials research or high-energy physics. The research groups led by Rainer Blatt and Peter Zoller report in the journal Nature how they simulated particle physics phenomena on 20 quantum bits and how the quantum simulator self-verified the result for the first time.
Many scientists are currently working on investigating how quantum advantage can be exploited on hardware already available today. Three years ago, physicists...
'Quantum technologies' utilise the unique phenomena of quantum superposition and entanglement to encode and process information, with potentially profound benefits to a wide range of information technologies from communications to sensing and computing.
However a major challenge in developing these technologies is that the quantum phenomena are very fragile, and only a handful of physical systems have been...
Working group led by physicist Professor Ulrich Nowak at the University of Konstanz, in collaboration with a team of physicists from Johannes Gutenberg University Mainz, demonstrates how skyrmions can be used for the computer concepts of the future
When it comes to performing a calculation destined to arrive at an exact result, humans are hopelessly inferior to the computer. In other areas, humans are...
Scientists develop a molecular recording tool that enables in vivo lineage tracing of embryonic cells
The beginning of new life starts with a fascinating process: A single cell gives rise to progenitor cells that eventually differentiate into the three germ...
29.04.2019 | Event News
17.04.2019 | Event News
15.04.2019 | Event News
22.05.2019 | Life Sciences
22.05.2019 | Life Sciences
22.05.2019 | Physics and Astronomy