SecOpen: Securing Open Development Platforms
We witness a revolution on the way that people communicate, e.g. social networks like Facebook or Twitter, smartphones like iPhone or Android, etc. The success of this new era partially comes from the possibility to provide third-party applications to users. These applications, developed by independent programmers or companies, provide extra functionalities. IT-industry seems to be shifting to a model of open development platforms, where open means that almost anyone can developed an application to enhance the user experience. While the benefits of this approach are evident, the model also facilitates the presence of security threats, i.e. anyone could potentially develop and massively deploy malicious applications. Unfortunately, the security mechanims provided by nowadays platforms are insufficient to protect confidentiality and integrity of users´ data. Language-based information-flow security, a research area based on a fusion of programming language techniques and computer security, emerges like a suitable technology to secure open development platforms. This proposal seeks to develop some foundational work based on formal semantics, type-systems, monitors, and rewriting techniques that will serve as bases for future tools to enforce confidentiality and integrity of data. The proposal also looks to implement some prototypes in order to quickly evaluate our theoretical models.
Alejandro Russo (contact)
Software Technology (Chalmers)
Swedish Research Council (VR)
Project ID: 2011-6220
Funding Chalmers participation during 2012–2015