by | June 11, 2014 · 7:04 am

Authenticated Data Structures (Generically)

This blog post is the first in my series on secure computation and will be presented in two parts. It briefly introduces some work my collaborators and I published this year, which illustrates a pleasant application of programming languages ideas to cryptographic computation.

In particular, we develop a general-purpose technique for programming authenticated data structures (ADSs) (an idea that this post will introduce). Our approach is implemented as a small extension to a general-purpose programming language. With this extension, we can establish security by typing: any type-correct program (which is a data structure implementation) implemented in our language will be secure. Thus we perform the proof once and for all, for all possible data structures, rather than having to prove security for each variation. Our approach exploits the compositional nature at the core of formal PL semantics and type systems to factor out the tedious part (the data structure logic) to focus on the security-relevant part (the use of cryptographic primitives). The proof ends up being pleasingly straightforward. The idea of security by typing is a powerful one that shows up frequently in PL-inspired work on security.

The remainder of this post — part 1 — introduces the idea of ADSs and why we want general-purpose support for them. The PL ideas show up in part 2, which will introduce our approach for building ADSs.

Continue reading

5 Comments

Filed under Secure computation

Tagged as

by | June 9, 2014 · 4:19 am

Radhia Cousot

Automated analysis of programs is one of the major success stories in PL.  The goal here is to algorithmically infer properties of a program’s runtime behavior without executing the program on concrete inputs. This may be done for many reasons, including optimization and reasoning about correctness. If you are trying to optimize a program, it helps to know that a statement executed within a loop always performs the same update, and can therefore be moved out of the loop. If you want to be certain that your C program doesn’t have buffer overflows, you want to infer bounds on the indices used for array accesses in the program.

Over the years, systems for program analysis have increased in sophistication and entered the mainstream of software development. But how do you know that what your analysis tells you is correct? To be certain that it is, we must relate the program’s semantics – what the program does at runtime – to what the analysis algorithm computes. The framework of abstract interpretation is the gold standard for doing so.

Radhia Cousot, co-inventor of abstract interpretation, passed away earlier this summer after a long struggle with cancer. While her death was tragic, I am consoled that she lived to see her work impact the world in a way that most researchers can only dream of.

Continue reading

3 Comments

Filed under Abstract interpretation, Formal verification

Tagged as , ,

by | June 6, 2014 · 5:06 pm

Securing computation

This post is the introduction of a series that discusses research bringing together ideas from the Programming Languages and Cryptography (Crypto) communities. The combination of ideas aims to produce secure computation technologies that are easier to use efficiently in a general-purpose setting, and easier to reason about, than when applying the Crypto ideas directly. My next post will be on work I’ve recently published in this area in collaboration with colleague cryptographers. Subsequent posts will consider other areas of interesting research (mostly not mine).

Continue reading

1 Comment

Filed under Secure computation

Tagged as

by | June 4, 2014 · 6:20 am

Build-it, Break-it, Fix-it Programming Contest

Starting on August 28, Maryland is hosting an on-line, security-minded programming contest that we call Build-it, Break-it, Fix-it. If you are a graduate or undergraduate student at a US-based University, I encourage you to sign up – you could win significant prizes! Otherwise, please encourage students you know to participate.

The contest web site, with details about the event, is https://builditbreakit.org/

The subject of this blog post is a bit more about the contest, but primarily it is about our motivation for running it and what it has to do with programming languages. Continue reading

8 Comments

Filed under Software Security

Tagged as

by | June 2, 2014 · 7:53 am

Welcome to the PL Enthusiast!

Welcome to our blog about research and developments in programming languages (PL) and their applications and connections to areas across science and technology!

We are Michael Hicks and Swarat Chaudhuri, professors in computer science at the University of Maryland and Rice University, respectively, and we both have a great passion for programming languages.

More about our background and the goals and origins of this blog are explained on the About page.

We are now working on a series of posts across several threads:

  • The role of PL in computer security
  • Comparing PL theory and theory developed in the Algorithms community
  • How PL can help us think about machine learning
  • Highlights and tutorials on emerging programming languages

Stay tuned to this space; we look forward to your comments and contributions!

 

6 Comments

Filed under Uncategorized