Hi! I'm presenting my licentiate research proposal next week, and I thought that some of you might find it interesting. I'd like to find others that are working with similar projects, to have some people to discuss with. The actual proposal is available at http://www.it.kth.se/~cwe/phd/licprop.ps I've included an abstract below. Comments are most welcome. Regards, Christian Wettergren KTH/Teleinformatics. Licentiate Thesis Proposal Seminar ================================== Title: "Runtime Information Flow Analysis and Security" Candidate: Christian Wettergren Time: Wednesday, 15th May, 15:00--16:00 Place: Room Telegrafen, Dept. of Teleinformatics, KTH, Electrum Bldg., lift B, 5th floor, Kistagangen 16, 16440 Kista, Sweden Committee: Gerald Maguire, KTH/Teleinformatics Sead Muftic, SU/DSV Enn Tuygu, KTH/Teleinformatics Abstract: Today's computer security systems are fragile and brittle. I believe this statement to be consistent with practical experiences. One can for example observe the regularity of alerts from CERT. Many of the problems are caused by data-driven bugs in application programs. It is important to find a security paradigm that is more stable for the communicative and networked world of tomorrow. I propose a new way of doing information flow analysis of programs. This information flow analysis is done in runtime, and will provide detailed information about influences of the process to the access control decision process. The information flow is based on sets of subjects instead of preallocated security classes, thus decoupling the flow analysis from the access control. The runtime analysis is performed by special code that is run along with the original program. It shadows the computation and keeps track of the information flows within the program. A special compiler emits this shadow code. I will implement such a compiler for the Java language. Issues about the compiler and the shadow code will be discussed in the thesis. The thesis will also investigate the behaviour of the shadow code for programs with different communication patterns. For more information contact Christian Wettergren, +46 (0)8-751 14 91, cwe@it.kth.se. You can also retrieve the licentiate thesis proposal from http://www.it.kth.se/~cwe/phd/licprop.ps.