Secure Internet Programming Languages
The Secure Internet Programming Languages (SIPL) aims to incrementally develop a secure-flow logic for a deterministic, imperative programming language. The Principle Investigators (PIs) are starting with a logic that characterizes the early work in secure flow static analysis by Dorothy Denning. The idea is to treat secure-flow analysis as a form of type checking in the context of subtypes. Simply put, SIPL is a holistic environment for developing secure software.
Impact
- Secure programming languages for thin-clients/server applications, e.g. Army java boxes and Java-based command and control such as Navy JMCIS-Ashore
- Will allow software to be analyzed and "certified" to meet specific security properties
- Safe and secure features of programming languages for extensible architectures and active networks
New Ideas
- Static security analysis for software
- Tools for inferring security properties of code
- Provably secure programming languages
- Treat secure flow analysis as type checking
- Application type interference to security
Abstract & Papers
SIPL Abstract and papers (web site)
SIPL Research Quad Chart (PDF download)
|
