Thursday, 21 January 2010, 14:00
Cybernetica Bldg (Akadeemia tee 21), room B101
Slides from the talk [pdf]
Abstract: Access control, firewalls and encryption are conventional ways to protect the confidentiality of information manipulated by computing systems. They are useful yet not perfect. They protect confidential information for instance by disallowing access to a file by non-authorized users or by preventing communication with the outside. But they do not control how confidential information may be used. In this talk, I will overview a language-based approach to information-flow security, preventing information-leaks due to unsafe manipulation of confidential information. I will introduce the notion of noninterference and present standard security type systems statically enforcing noninterference. Then I will have a closer look at information-flow security due to lazy class initialization. (Joint work with A. Sabelfeld.)