Our society's widespread dependence on networked information systems
for everything from personal finance to military communications makes
it essential to improve the reliability and security of software.
Recent programming-languages research has demonstrated that security
concerns can be addressed by using both program analysis and program
rewriting as powerful and flexible enforcement mechanisms.
I will describe how to use programming-language techniques to enforce
information-flow policies, which are a natural, high-level way of
specifying how programs may manipulate confidential data. One
challenge is to verify information-flow policies in low-level
(assembly or bytecode) programs. Doing so is desirable for security
because it creates the possibilities of removing the compiler from the
trusted computing base and verifying mobile code. A second challenge
is to enforce information-flow policies in distributed systems without
the need for a universally trusted computing platform. I will show
how both of these problems can be addressed by compiler techniques.
Monday, April 1 at 3:00 p.m. in Duncan Hall 1070
A reception will follow in Duncan Hall 3092
About Steve Zdancewic
Steve Zdancewic received the B.S. degree from Carnegie Mellon
University in 1996, the M.S. in 2000 from Cornell University and the
Ph.D. degree from Cornell is expected in May 2002. He has received
awards for papers in Principles, Logics, and Implementation of high-
level Programming Languages (1999) an the ACM Symposium on Operating
Systems Principles (2001). He was the recipient of a National Science
Foundation Fellowship (1996 - 1999).
Mr. Zdancewic's research interests encompass programming languages and
security with the goal of providing techniques and tools for building
safe, reliable, and secure systems.
![[RiceCS]](http://www.cs.rice.edu/Database/media/CSLogo.gif){kind=small}
![[Rice]](http://www.cs.rice.edu/Database/media/Owl.gif){kind=small}