A Case Study in Language-Based Security: Building an I/O Library for Wyvern (SPLASH 2020 - Posters) - SPLASH 2020

Sun 15 - Sat 21 November 2020 Online Conference

Who

Jennifer Fish, Darya Melicher, Jonathan Aldrich

Track

SPLASH 2020 Posters

Time Zone

The program is currently displayed in (GMT-06:00) Central Time (US & Canada).

Use conference time zone: (GMT-06:00) Central Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

When

Sun 15 Nov 2020 08:20 - 09:00 at SPLASH-VII - Posters Session 1
Sun 15 Nov 2020 20:20 - 21:00 at SPLASH-VII - Posters Session 1 Mirror

Abstract

As the impact of vulnerabilities increases in practice, it is imperative for programming languages to include security as a first-class design consideration. While a number of security-related language features have been proposed to address this need, in many cases, we do not know enough about whether it is practical and useful to build software systems in languages with these features.

In this paper, we begin to investigate this question, using a case study methodology. The setting of our case study is Wyvern, a recently designed language we selected because it incorporates three advanced security-related features: capability safety for enforcing the principle of least privilege, an effect system for tracking the secure use of resources, and a language extension feature that mitigates command injection. In our case study, we built a small standard I/O library, seeking to use the new language features to create a library that is less vulnerable to misuse and can serve as a building block for more secure programs, compared to conventional I/O library designs. Our study suggests that these features are indeed practicable and useful, and thus potentially promising for inclusion in other future language designs. It also sheds light on the value and cost of these features and suggests directions for future research on security-focused language design.

Jennifer Fish

Carnegie Mellon University

Darya Melicher

Google

Jonathan Aldrich

Carnegie Mellon University

Time Zone

The program is currently displayed in (GMT-06:00) Central Time (US & Canada).

Use conference time zone: (GMT-06:00) Central Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Session Program

Sun 15 Nov
Displayed time zone: Central Time (US & Canada) change

	08:20 - 09:00	Posters Session 1Posters at SPLASH-VII +12h

	08:20 40m Poster		Formulog: Datalog for SMT-based Static AnalysisOOPSLA Posters Aaron Bembenek Harvard University, Michael Greenberg Pomona College, Stephen Chong Harvard University
	08:20 40m Poster		Analogy-Making as a Core Primitive in the Software Engineering ToolboxOnward! Papers Posters Matthew Sotoudeh University of California, Davis, Aditya V. Thakur University of California, Davis
	08:20 40m Poster		Row and Bounded Polymorphism via Disjoint PolymorphismECOOP Posters Ningning Xie University of Toronto, Bruno C. d. S. Oliveira University of Hong Kong, Xuan Bi The University of Hong Kong, Tom Schrijvers KU Leuven
	08:20 40m Poster		Gradual Verification of Recursive Heap Data StructuresOOPSLA Posters Jenna DiVincenzo (Wise) Carnegie Mellon University, Johannes Bader Jane Street, Cameron Wong Jane Street, Jonathan Aldrich Carnegie Mellon University, Éric Tanter University of Chile, Joshua Sunshine Carnegie Mellon University
	08:20 40m Poster		Knowing When to Ask: Sound Scheduling of Name Resolution in Type Checkers Derived from Declarative SpecificationsOOPSLA Posters Arjen Rouvoet Delft University of Technology, Hendrik van Antwerpen Delft University of Technology, Casper Bach Poulsen Delft University of Technology, Robbert Krebbers Radboud University Nijmegen, Eelco Visser Delft University of Technology
	08:20 40m Poster		Owicki-Gries Reasoning for C11 RARECOOP Posters Sadegh Dalvandi University of Surrey, Simon Doherty University of Sheffield, Brijesh Dongol University of Surrey, Heike Wehrheim Paderborn University
	08:20 40m Poster		Demystifying DependenceOnward! Papers Posters James Koppel MIT, Daniel Jackson MIT
	08:20 40m Poster		Can Advanced Type Systems Be Usable? An Empirical Study of Ownership, Assets, and Typestate in ObsidianOOPSLA Posters Michael Coblenz University of Maryland at College Park, Jonathan Aldrich Carnegie Mellon University, Brad A. Myers Carnegie Mellon University, Joshua Sunshine Carnegie Mellon University
	08:20 40m Poster		Multiparty Session Programming with Global Protocol CombinatorsECOOP Posters Keigo Imai Gifu University, Rumyana Neykova Brunel University London, Nobuko Yoshida Imperial College London, Shoji Yuen Nagoya University
	08:20 40m Poster		Static Race Detection and Mutex Safety and Liveness for Go ProgramsECOOP Posters Julia Gabet Imperial College London, Nobuko Yoshida Imperial College London
	08:20 40m Poster		CAMP: Cost-Aware Multiparty Session ProtocolsOOPSLA Posters David Castro-Perez Imperial College London, Nobuko Yoshida Imperial College London
	08:20 40m Poster		A Case Study in Language-Based Security: Building an I/O Library for WyvernOnward! Papers Posters Jennifer Fish Carnegie Mellon University, Darya Melicher Google, Jonathan Aldrich Carnegie Mellon University
	08:20 40m Poster		On the Unusual Effectiveness of Type-aware Operator Mutations for Testing SMT SolversOOPSLA Posters Dominik Winterer ETH Zurich, Chengyu Zhang East China Normal University, Zhendong Su ETH Zurich
	08:20 40m Poster		Reshape Your Layouts, Not Your Programs: A Safe Language Extension for Better Cache LocalityECOOP Posters Alexandros Tasos Imperial College London, Juliana Franco Microsoft Research, Cambridge, Sophia Drossopoulou Imperial College London, Tobias Wrigstad Uppsala University, Sweden, Susan Eisenbach Imperial College London
	08:20 40m Poster		A Type-Directed Operational Semantics for a Calculus with a Merge OperatorECOOP Posters Xuejing Huang The University of Hong Kong, Bruno C. d. S. Oliveira University of Hong Kong
	08:20 40m Poster		Geometry Types for Graphics ProgrammingOOPSLA Posters Dietrich Geisler Cornell University, Irene Yoon University of Pennsylvania, Aditi Kabra Carnegie Mellon University, Horace He Cornell University, Yinnon Sanders Cornell University, Adrian Sampson Cornell University

	20:20 - 21:00	Posters Session 1 MirrorPosters at SPLASH-VII

	20:20 40m Poster		Analogy-Making as a Core Primitive in the Software Engineering ToolboxOnward! Papers Posters Matthew Sotoudeh University of California, Davis, Aditya V. Thakur University of California, Davis
	20:20 40m Poster		Static Race Detection and Mutex Safety and Liveness for Go ProgramsECOOP Posters Julia Gabet Imperial College London, Nobuko Yoshida Imperial College London
	20:20 40m Poster		On the Unusual Effectiveness of Type-aware Operator Mutations for Testing SMT SolversOOPSLA Posters Dominik Winterer ETH Zurich, Chengyu Zhang East China Normal University, Zhendong Su ETH Zurich
	20:20 40m Poster		A Type-Directed Operational Semantics for a Calculus with a Merge OperatorECOOP Posters Xuejing Huang The University of Hong Kong, Bruno C. d. S. Oliveira University of Hong Kong
	20:20 40m Poster		Knowing When to Ask: Sound Scheduling of Name Resolution in Type Checkers Derived from Declarative SpecificationsOOPSLA Posters Arjen Rouvoet Delft University of Technology, Hendrik van Antwerpen Delft University of Technology, Casper Bach Poulsen Delft University of Technology, Robbert Krebbers Radboud University Nijmegen, Eelco Visser Delft University of Technology
	20:20 40m Poster		A Case Study in Language-Based Security: Building an I/O Library for WyvernOnward! Papers Posters Jennifer Fish Carnegie Mellon University, Darya Melicher Google, Jonathan Aldrich Carnegie Mellon University
	20:20 40m Poster		CAMP: Cost-Aware Multiparty Session ProtocolsOOPSLA Posters David Castro-Perez Imperial College London, Nobuko Yoshida Imperial College London
	20:20 40m Poster		Owicki-Gries Reasoning for C11 RARECOOP Posters Sadegh Dalvandi University of Surrey, Simon Doherty University of Sheffield, Brijesh Dongol University of Surrey, Heike Wehrheim Paderborn University
	20:20 40m Poster		Formulog: Datalog for SMT-based Static AnalysisOOPSLA Posters Aaron Bembenek Harvard University, Michael Greenberg Pomona College, Stephen Chong Harvard University
	20:20 40m Poster		Demystifying DependenceOnward! Papers Posters James Koppel MIT, Daniel Jackson MIT
	20:20 40m Poster		Row and Bounded Polymorphism via Disjoint PolymorphismECOOP Posters Ningning Xie University of Toronto, Bruno C. d. S. Oliveira University of Hong Kong, Xuan Bi The University of Hong Kong, Tom Schrijvers KU Leuven
	20:20 40m Poster		Reshape Your Layouts, Not Your Programs: A Safe Language Extension for Better Cache LocalityECOOP Posters Alexandros Tasos Imperial College London, Juliana Franco Microsoft Research, Cambridge, Sophia Drossopoulou Imperial College London, Tobias Wrigstad Uppsala University, Sweden, Susan Eisenbach Imperial College London
	20:20 40m Poster		Gradual Verification of Recursive Heap Data StructuresOOPSLA Posters Jenna DiVincenzo (Wise) Carnegie Mellon University, Johannes Bader Jane Street, Cameron Wong Jane Street, Jonathan Aldrich Carnegie Mellon University, Éric Tanter University of Chile, Joshua Sunshine Carnegie Mellon University
	20:20 40m Poster		Multiparty Session Programming with Global Protocol CombinatorsECOOP Posters Keigo Imai Gifu University, Rumyana Neykova Brunel University London, Nobuko Yoshida Imperial College London, Shoji Yuen Nagoya University
	20:20 40m Poster		Can Advanced Type Systems Be Usable? An Empirical Study of Ownership, Assets, and Typestate in ObsidianOOPSLA Posters Michael Coblenz University of Maryland at College Park, Jonathan Aldrich Carnegie Mellon University, Brad A. Myers Carnegie Mellon University, Joshua Sunshine Carnegie Mellon University
	20:20 40m Poster		Geometry Types for Graphics ProgrammingOOPSLA Posters Dietrich Geisler Cornell University, Irene Yoon University of Pennsylvania, Aditi Kabra Carnegie Mellon University, Horace He Cornell University, Yinnon Sanders Cornell University, Adrian Sampson Cornell University