One example of this approach is my current work on the problem of protecting secret data. Current trends are making this problem both more important and more difficult. Computer systems are nearly completely connected via the Internet, allowing software to disseminate private information to almost any location.
In addition, we increasingly use untrusted software; for
software such as applets. Standard
access-control mechanisms are
inadequate because they do not
control information propagation. The
new programming language Jif
judiciously extends Java with privacy
annotations that facilitate static analysis
of information flows within programs.
Privacy annotations are decentralized
in the sense that they work even in
systems with mutual distrust. These
innovations make Jif the most practical
language yet implemented for static
enforcement of privacy policies.
Further areas of investigation include
extensions to Jif to address covert
channels, investigation of its formal
properties, and its use for secure distributed computation with mobile
PhD Massachusetts Inst. of Technology, 1999
Semantic information about programs and data, obtained from the programming language level, provides leverage for addressing difficult problems in computer systems. Programming language ideas can be applied effectively to problems in security, systems, and databases. I am particularly interested in using language-level information to
improve security guarantees, performance, and transparency for distributed systems and mobile code.
Program Committee, International Workshop on
Foundations of Object-Oriented Languages, Jan.
Practical mostly-static information flow control.
Proc. ACM Symp. on Principles of
Programming Languages (POPL) (Jan. 1999),
Decentralized mostly-static information flow
control. Ph.D. Thesis. Technical Report
MIT-LCS-TR-783 (Jan. 1999).
PolyJ: Parameterized types for Java. Located at
http://www.pmg.lcs.mit.edu/polyj. July 1998.