Andrew Myers

Cornell University—Computer Science


Building secure applications with types for secure information


Distributed systems are hard to build well. I argue that we need to significantly raise the level of abstraction at which these systems are built, by adding new language-based abstractions.


The first example of this approach is Swift: a principled programming system for making web applications secure by construction.  In modern web applications, the desire for interactivity pushes application functionality into client-side JavaScript code.  Moving code and data to the client can create security vulnerabilities, but currently there are no good methods for deciding when it is secure.  Swift automatically partitions application code into JavaScript code running in the browser, and Java code running on the server. Code and data are placed so the system is secure and client-server communication is minimized. 


The second example is Civitas, a practical remote voting system. Civitas allows voters to vote securely and anonymously from the computer of their choice. Crucially, it also prevents coercion and vote buying, because voters cannot prove to a coercer that they voted as demanded. We have shown that Civitas is a scalable system, with acceptable cost per voter. Civitas is built using a version of the Jif security-typed programming language, extended with policies for downgrading and erasure. These policies ensure that the system releases and destroys sensitive information when appropriate.



B17 Upson Hall

Thursday, September 11, 2008

Refreshments at 3:45pm in the Upson 4th Floor Atrium

Computer Science

& Information Science


Fall 2008