Paragon - a programming language for security
Banner
Paragon - a programming language for security
Written by Kay Ewbank   
Friday, 02 December 2011

A new programming language has been devised with the objective of plugging information leaks in software.

As many high profile stories of hackers obtaining information due to data leaks shows, it’s not easy to make sure your application keeps its data safe. Researchers at the University of Gothenburg have developed a language that is designed to do the checks for you while you’re writing your app

.

security1

The idea behind the new Java-based language is that in many cases what goes wrong is that users are able to exploit leaks and loopholes that are unintentionally introduced during programming to obtain more information than they should have access to. In current languages the only way to overcome this is to proofread the code trying to spot where potential weaknesses occur; the alternative is to wait and see where the hackers break through.

The alternative, developed by Niklas Broberg at the University of Gothenburg is called Paragon, and the techniques used by the programming language are shown in his thesis "Practical, Flexible Programming with Information Flow Control".

“The main strength of Paragon is its ability to automatically identify potential information leaks while the program is being developed,

says Niklas Broberg.

“Paragon is an extension of the commonly-used programming language Java and has been designed to be easy to use. A programmer will easily be able to add my specifications to his or her Java program, thus benefiting from the strong security guarantees that the language provides.”

The way Paragon works is that you specify how the information that will be accessed by the app should be used, who should be able to use it, and what conditions they should be able to use it under. When the app is compiled, the way it uses information is analysed. If the analysis shows up potential risks, you get a warning error telling you where the weakness lies.

You can read more about how the concept works, along with a lot of interesting analysis of just how you might apply security, in Broberg’s thesis, which is available here in the Gothenburg University Publications Electronic Archive.

security1

More Information:

Practical, Flexible Programming with Information Flow Control

 

To be informed about new articles on I Programmer, subscribe to the RSS feed, follow us on Google+, Twitter or Facebook or sign up for our weekly newsletter.


 

Banner


Apple Opens Siri To Developers
15/06/2016

Among the news from this week's WWDC is that Apple is opening up Siri and iMessage apps to third party developers, giving new opportunities for adding features to your iOS apps.



Free C MOOC From Finland
08/06/2016

A new free open online course to teach the basics of the C programming language has been made available by Aalto University and the University of Helsinki, using the same material as the C programming [ ... ]


More News


Last Updated ( Friday, 02 December 2011 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2016 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.