A Case Study in Language-Based Security: Building an I/O Library for Wyvern (SPLASH 2020 - Onward! Papers) - SPLASH 2020

Sun 15 - Sat 21 November 2020 Online Conference

Who

Jennifer Fish, Darya Melicher, Jonathan Aldrich

Track

SPLASH 2020 Onward! Papers

Time Zone

The program is currently displayed in (GMT-06:00) Central Time (US & Canada).

Use conference time zone: (GMT-06:00) Central Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

When

Tue 17 Nov 2020 10:00 - 10:20 at SPLASH-III - T-2-Onward Chair(s): Avraham Shinnar
Tue 17 Nov 2020 22:00 - 22:20 at SPLASH-III - T-2-Onward Chair(s): Jonathan Edwards

Abstract

As the impact of vulnerabilities increases in practice, it is imperative for programming languages to include security as a first-class design consideration. While a number of security-related language features have been proposed to address this need, in many cases, we do not know enough about whether it is practical and useful to build software systems in languages with these features.

In this paper, we begin to investigate this question, using a case study methodology. The setting of our case study is Wyvern, a recently designed language we selected because it incorporates three advanced security-related features: capability safety for enforcing the principle of least privilege, an effect system for tracking the secure use of resources, and a language extension feature that mitigates command injection. In our case study, we built a small standard I/O library, seeking to use the new language features to create a library that is less vulnerable to misuse and can serve as a building block for more secure programs, compared to conventional I/O library designs. Our study suggests that these features are indeed practicable and useful, and thus potentially promising for inclusion in other future language designs. It also sheds light on the value and cost of these features and suggests directions for future research on security-focused language design.

Link to Publication

https://dl.acm.org/doi/pdf/10.1145/3426428.3426913

Jennifer Fish

Carnegie Mellon University

Darya Melicher

Google

Jonathan Aldrich

Carnegie Mellon University

Time Zone

The program is currently displayed in (GMT-06:00) Central Time (US & Canada).

Use conference time zone: (GMT-06:00) Central Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Session Program

Tue 17 Nov
Displayed time zone: Central Time (US & Canada) change

	09:00 - 10:20	T-2-OnwardOnward! Papers / Onward! Essays at SPLASH-III +12h Chair(s): Avraham Shinnar IBM Research

	09:00 20m Talk		Example-Based Live Programming for Everyone: Building Language-agnostic Tools for Live Programming with LSP and GraalVM Onward! Papers Fabio Niephaus Hasso Plattner Institute, University of Potsdam, Patrick Rein Hasso Plattner Institute, Jakob Edding Hasso Plattner Institute, University of Potsdam, Jonas Hering Hasso Plattner Institute, University of Potsdam, Bastian König Hasso Plattner Institute, University of Potsdam, Kolya Opahle Hasso Plattner Institute, University of Potsdam, Nico Scordialo Hasso Plattner Institute, University of Potsdam, Robert Hirschfeld Hasso Plattner Institute (HPI), University of Potsdam, Germany Link to publication DOI Pre-print Media Attached
	09:20 20m Talk		End-User Software Customization by Direct Manipulation of Tabular Data Onward! Papers Geoffrey Litt MIT, Daniel Jackson MIT, Tyler Millis MIT, Jessica Quaye MIT Link to publication Pre-print
	09:40 20m Talk		Discussion of Aviation Software Oversight Improvement Onward! Essays Marc Ronell U.S. Federal Aviation Administration Link to publication DOI
	10:00 20m Talk		A Case Study in Language-Based Security: Building an I/O Library for Wyvern Onward! Papers Jennifer Fish Carnegie Mellon University, Darya Melicher Google, Jonathan Aldrich Carnegie Mellon University Link to publication

	21:00 - 22:20	T-2-OnwardOnward! Essays / Onward! Papers at SPLASH-III Chair(s): Jonathan Edwards

	21:00 20m Talk		Example-Based Live Programming for Everyone: Building Language-agnostic Tools for Live Programming with LSP and GraalVM Onward! Papers Fabio Niephaus Hasso Plattner Institute, University of Potsdam, Patrick Rein Hasso Plattner Institute, Jakob Edding Hasso Plattner Institute, University of Potsdam, Jonas Hering Hasso Plattner Institute, University of Potsdam, Bastian König Hasso Plattner Institute, University of Potsdam, Kolya Opahle Hasso Plattner Institute, University of Potsdam, Nico Scordialo Hasso Plattner Institute, University of Potsdam, Robert Hirschfeld Hasso Plattner Institute (HPI), University of Potsdam, Germany Link to publication DOI Pre-print Media Attached
	21:20 20m Talk		End-User Software Customization by Direct Manipulation of Tabular Data Onward! Papers Geoffrey Litt MIT, Daniel Jackson MIT, Tyler Millis MIT, Jessica Quaye MIT Link to publication Pre-print
	21:40 20m Talk		Discussion of Aviation Software Oversight Improvement Onward! Essays Marc Ronell U.S. Federal Aviation Administration Link to publication DOI
	22:00 20m Talk		A Case Study in Language-Based Security: Building an I/O Library for Wyvern Onward! Papers Jennifer Fish Carnegie Mellon University, Darya Melicher Google, Jonathan Aldrich Carnegie Mellon University Link to publication