by Shravan Narayan and Deian Stefan on Jul 27, 2021 | Tags: computer security, information flow control, sandboxing, type systems, WebAssembly
Software sandboxing or software-based fault isolation (SFI) is a lightweight approach to building secure systems out of untrusted components. The idea of SFI is old. Its use in production, to sandbox third-party libraries in Firefox, is new. We describe the PL techniques—notably static information flow control—that were key to deploying SFI in practice and their use in tackling software security more generally.
Read more...
by Craig Disselkoen and Marco Vassena on Apr 21, 2021 | Tags: awards, computer security, program analysis, Spectre
Defending cryptographic code from Spectre attacks is difficult. Blade is a fully automatic approach to eliminate speculative leaks provably and efficiently.
Read more...
by John Wickerson on Jun 3, 2020 | Tags: computer security, formal verification, quantum computing
People of PL is a series of interviews with PL researchers. In today’s post, John Wickerson chats with Mike Hicks, who is a Professor in the Department of Computer Science at the University of Maryland, and was former Chair of ACM SIGPLAN.
Read more...
by Lars Birkedal, Michael Hicks, and Brigitte Pientka on Feb 19, 2020 | Tags: computer security, formal verification, functional programming, machine learning, program analysis, program synthesis, semantic models
POPL is the premiere conference on the theoretical foundations of programming languages. The PC Chair, General Chair, and Steering Committee Chair of POPL 2020 review this year’s event.
Read more...