The Case for Language-Based Security
Fred B. Schneider
Department of Computer Science
Cornell University
Ithaca, New York 14853
Abstract:
The flexibility provided by today's extensible system architectures is
also a source of vulnerability. Extensible systems therefore must
have security mechanisms to protect against malicious actions by
foreign code -- whether that code is provided locally or downloaded
across the network. These security mechanisms must support the
Principle of Least Privilege instantiated with application-level
abstractions and must exhibit low run-time overheads. This talk will
discuss a promising new class of enforcement mechanisms that meet these
abstractions and must exhibit low run-time overheads. This talk will
discuss a promising new class of enforcement mechanisms that meet these
needs by rewriting object code performing and program analysis.