The Case for Language-Based Security

 

Fred B. Schneider
Department of Computer Science
Cornell University
Ithaca, New York 14853

Abstract:

The flexibility provided by today's extensible system architectures is also a source of vulnerability. Extensible systems therefore must have security mechanisms to protect against malicious actions by foreign code -- whether that code is provided locally or downloaded across the network. These security mechanisms must support the Principle of Least Privilege instantiated with application-level abstractions and must exhibit low run-time overheads. This talk will discuss a promising new class of enforcement mechanisms that meet these abstractions and must exhibit low run-time overheads. This talk will discuss a promising new class of enforcement mechanisms that meet these needs by rewriting object code performing and program analysis.