Paragon - a programming language for security
Written by Kay Ewbank   
Friday, 02 December 2011

A new programming language has been devised with the objective of plugging information leaks in software.

As many high profile stories of hackers obtaining information due to data leaks shows, it’s not easy to make sure your application keeps its data safe. Researchers at the University of Gothenburg have developed a language that is designed to do the checks for you while you’re writing your app

.

security1

The idea behind the new Java-based language is that in many cases what goes wrong is that users are able to exploit leaks and loopholes that are unintentionally introduced during programming to obtain more information than they should have access to. In current languages the only way to overcome this is to proofread the code trying to spot where potential weaknesses occur; the alternative is to wait and see where the hackers break through.

The alternative, developed by Niklas Broberg at the University of Gothenburg is called Paragon, and the techniques used by the programming language are shown in his thesis "Practical, Flexible Programming with Information Flow Control".

“The main strength of Paragon is its ability to automatically identify potential information leaks while the program is being developed,

says Niklas Broberg.

“Paragon is an extension of the commonly-used programming language Java and has been designed to be easy to use. A programmer will easily be able to add my specifications to his or her Java program, thus benefiting from the strong security guarantees that the language provides.”

The way Paragon works is that you specify how the information that will be accessed by the app should be used, who should be able to use it, and what conditions they should be able to use it under. When the app is compiled, the way it uses information is analysed. If the analysis shows up potential risks, you get a warning error telling you where the weakness lies.

You can read more about how the concept works, along with a lot of interesting analysis of just how you might apply security, in Broberg’s thesis, which is available here in the Gothenburg University Publications Electronic Archive.

security1

More Information:

Practical, Flexible Programming with Information Flow Control

 

To be informed about new articles on I Programmer, subscribe to the RSS feed, follow us on Google+, Twitter or Facebook or sign up for our weekly newsletter.


 

Banner


1000 Kilobots Make Patterns
17/08/2014

Self organizing swarms are fascinating. If you have grown bored with watching ants or termites do their thing, you can now watch a swarm of 1000 tiny robots making shapes without anyone having overall [ ... ]



Visual Studio Discouragement
11/08/2014

Two Visual Studio extensions have been created to cater for both optimists and pessimists.


More News


Last Updated ( Friday, 02 December 2011 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2014 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.