Sunday, November 27, 2011

The importance of program rewriting approach to security

I was reading this post of schneier on security blog:

"..What happens when anyone can develop and publish an application to the Android Market? A 472% increase in Android malware samples since July 2011. These days, it seems all you need is a developer account, that is relatively easy to anonymize, pay $25 and you can post your applications."

"...I believe that smart phones are going to become the primary platform of attack for cybercriminals in the coming years. As the phones become more integrated into people's lives -- smart phone banking, electronic wallets -- they're simply going to become the most valuable device for criminals to go after. And I don't believe the iPhone will be more secure because of Apple's rigid policies for the app store...securing those devices is going to be hard, because we don't have the same low level of access to these devices that we have with computers."

Mobile, untrusted codes are being spread over the net and our lives is being dependent to these applications more and more. There are huge security and privacy concerns here and we need new mechanisms to securely use theses types of applications. Those mechanisms should be flexible enough to enforce different types of security policies - that may be deliberately violated by program author - and also powerful enough to be useful. The "program rewriting" approach of language-based security aims at providing these types of security enforces which are suitable for securing untrusted codes before executing on the host platform.

Sunday, November 6, 2011

Language-based Security

For the one who wants to begin studying language-based security, this paper, written by is the best:
"A Language-Base Approach to Security"
It is a comprehensive introduction to the field and explains the main idea.