Write a Blog >>
POPL 2021
Sun 17 - Fri 22 January 2021 Online
Tue 19 Jan 2021 16:00 - 16:45 at PLMW - Session 3 Chair(s): Azalea Raad

In this talk, I will first provide an overview of language-based approaches to information flow security. The goal is to prevent secret information from being leaked to the attackers. This can be achieved by labeling sensitive data using a security label, e.g., secret, and ensuring that information does not flow from data labeled secret to attacker-observable events (e.g., writes to a memory location that the attacker has access to). There are static approaches that allow programmers to label data using information flow types. There, the compiler checks the security of the program at compile time. There are also dynamic approaches, where a runtime monitor tracks movement of secret data and stops the execution or takes remedial actions (e.g., returns a dummy value when an attack tries to read secret variables) to enforce security policies. In the end, I will show how to connect the two approaches via gradual information flow types.

Dr. Jia is an Associate Research Professor in the ECE Department at Carnegie Mellon University. Dr. Jia received her PhD in Computer Science from Princeton University. She received her BE in Computer Science and Engineering from the University of Science and Technology in China. Dr. Jia’s research interests are in formal aspects of software security, in particular, applying formal logic to constructing software systems with known security guarantees.

Tue 19 Jan

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

16:00 - 17:30
Session 3PLMW at PLMW
Chair(s): Azalea Raad Imperial College London
Connecting Information Flow Types to Runtime Monitors via Gradual Typing
Limin Jia Carnegie Mellon University
Emotional Machines