Who stole my secrets: information flow security in real world applications

Tuesday, August 08, 2023 - 2:30 pm3:00 pm

Limin Jia, Carnegie Mellon University

Abstract: 

Preventing information from being leaked to attackers is one of the key security goals of systems that handle sensitive data. Research in information flow security aims to develop theoretical foundations and practical tools to address this issue. One of the cornerstones of information flow security is the Bell-LaPadula and Biba models developed in the 1970s and the subsequent lattice-based model by Denning, which started a long line of research in information flow security. These models described how to protect and use potentially sensitive information and are incredibly useful in formally analyzing security risks of practical systems. In this talk, I will show that these classical information flow security principles are extremely helpful in understanding vulnerabilities and defenses in modern application domains like web applications, smart homes, and Node.js.

Limin Jia, Carnegie Mellon University

Limin Jia is a Research Professor of Electrical and Computer Engineering Department at Carnegie Mellon University. She is also a member of CyLab, Carnegie Mellon's computer security and privacy institute. Jia received her Ph.D. from Princeton in 2008. Jia’s research is in the intersection of computer security, programming languages, and formal method.

BibTeX
@conference {292506,
author = {Limin Jia},
title = {Who stole my secrets: information flow security in real world applications},
year = {2023},
address = {Anaheim, CA},
publisher = {USENIX Association},
month = aug
}