It is alarming that the society's critical infrastructures are not
fully prepared to meet the challenge of information security. Modern
computing systems are increasingly extensible, inter-connected, and
mobile. However, exactly these trends make systems more vulnerable to
attacks. A particularly exposed infrastructure is the world-wide web
infrastructure, where allowing the mere possibility of fetching a web
page opens up opportunities for delivering potentially malicious
executable content past current security mechanisms such as
firewalls. A critical challenge is to secure the computing
infrastructures without losing the benefits of the trends.
It is our firm belief that attacks will continue succeeding unless a
fundamental security solution, one that focuses on the security of the
actual applications (code), is devised. To this end, we are convinced
that application-level security can be best enforced, *by
construction*, at the level of programming languages.
ProSecuToR will develop the technology of *programming language-based
security* in order to secure computing infrastructures.
Language-based security is an innovative approach for enforcing
security by construction. The project will deliver policies and
enforcement mechanisms for protecting who can see and who can modify
sensitive data. Security policies will be expressible by the
programmer at the construction phase. We will devise a policy
framework capable of expressing fine-grained application-level
security policies. We will build practical enforcement mechanisms to
enforce the policies for expressive languages. Enforcement mechanisms
will be fully automatic, preventing dangerous programs from executing
whenever there is a possibility of compromising desired security
properties. The practicality will be demonstrated by building robust
web applications. ProSecuToR is expected to lead to breakthroughs in
*securing web mashups* and *end-to-end web application security*.
Call for proposal
See other projects for this call