Helping programmers build secure computer systems

Information is often an organization's most valued asset, yet data breaches and other mishandling of information are far too common. Securing sensitive information is a priority in commerce, business dealings, and our personal lives. Dr. Stephen Chong at Harvard University and his research team, aim to help programmers build secure computer systems that ensure information security for users. Dr. Chong says, "Our goal is to make it easier to build safer, secure systems."

To accomplish this goal Dr. Chong and his team focus on computer programming languages. Their research is foundational: they are exploring and establishing principles of programming languages that will be incorporated into the commercial programming languages of the future, to help make programs written in those languages secure.

  • Dr. Chong's group develops new programming languages that give strong guarantees about programs written in these languages.  For example, they work on languages that can ensure that a program doesn't inadvertently leak or reveal confidential information. The programmer can specify what data is confidential, and their programming language will ensure that the program's behavior reveals nothing about the confidential data. Many computer systems handle confidential data, and yet interact with users that aren't allowed to see the confidential data, such as financial systems, medical records, document management systems, Facebook, and hundreds of web and mobile applications. The languages Dr. Chong's team are creating can provide assurance that these computer systems handle confidential data correctly.

 

  • Another example is how to let people safely run programs, even when they are unsure of what exactly this program may do. This happens incredibly frequently, including whenever a user downloads a program from the Internet and runs it. Dr. Chong's group are developing Shill, a shell scripting language that lets programmers and system administrators easily specify restrictions on what such untrusted programs are allowed to do. Computer administrators often need to install new software on a computer, and to do so, they typically give the installation program complete control over the machine. So a malicious or erroneous installation program could corrupt a machine, installing viruses, root kits, or other "malware". This new language (Shill) allows these installation programs to come with a description of what they are allowed to do (e.g., which files they are allowed to write), and enforces these restrictions on the programs when they are run. Thus, Shill allows people to run untrusted and malicious programs yet restrict the potential impact of these programs.

  • Dr. Chong's team also develops new tools and techniques to understand programs written in existing programming languages, such as Java. They have developed Pidgin, a tool that analyzes Java programs to allow programmers to explore how their program handles confidential and untrusted information, and thus to understand whether their program is secure.

  • Application specific security requirements are a key focus for Chong's group. That is, different computer applications have different requirements for handling confidential or untrusted data. We need to develop common languages, tools, and techniques that allow developers of vastly different kinds of computer applications to reason about the security of their programs. Thus the languages and tools being developed have to be flexible and expressive to capture the security requirements of many different kinds of applications.

 

To give some examples, they have worked on ways for a programmer to express when confidential information may need to be declassified, or released, and then to ensure that the program releases the confidential information only under the permitted conditions. Similarly, sensitive information may need to be erased or deleted from a system under certain conditions, and the team has techniques to allow a programmer to specify what information needs to be erased and when,  and will then automatically enforce the information erasure.

Many computer programs handle sensitive information (e.g., health management applications with confidential patient data; web apps with data supplied by possibly malicious users; apps on mobile devices with private user information; financial software with confidential accounting information). Sensitive information---both confidential and untrusted---must be treated carefully: confidential information must not be inappropriately released, and the use of untrusted information must not corrupt trusted computation.

Dr. Chong's research helps programmers build secure systems by providing programming languages and programming tools and techniques that enable programmers to specify and enforce security requirements in the applications they write.

After working as a consultant and software engineer, Dr. Chong was attracted to research in programming languages as it provides well-principled approaches to address practical and relevant problems. Computer security is one of the most important such problems: many computer systems handle sensitive information, and it can be difficult to ensure that this sensitive information is handled correctly.

To Dr. Chong, programming language research is a wonderful mix of theory and practice. It combines elegant mathematics and modeling with practical considerations. This makes it a great match for computer security, where it is important to have good models of computer systems and attackers and clear definitions of security (so that we know what assumptions the security of a system relies on) but equally important to produce usable tools that help programmers build more secure systems.

Stephen Chong is an Associate Professor of Computer Science in the Harvard School of Engineering and Applied Sciences. His research focuses on programming languages, information security, and the intersection of these two areas.

He is the recipient of an NSF CAREER award, an AFOSR Young Investigator award, and a Sloan Research Fellowship. He received a Ph.D. from Cornell University, and a bachelor's degree from Victoria University of Wellington, New Zealand.

 

Secure Web Applications via Automatic Partitioning

Best Paper Award