SPLASH 2014
Mon 20 - Fri 24 October 2014 Portland, Oregon, United States
Tue 21 Oct 2014 15:30 - 15:52 at Salon D - Session 4 Chair(s): Thomas LaToza

Breaches of software security affect millions of people, and therefore it is crucial to strive for more secure software systems. However, the effect of programming language design on software security is not easily measured or studied. In the absence of scientific insight, opinions range from those that claim that programming language design has no effect on security of the system, to those that believe that programming language design is the only way to provide “high-assurance software.” In this paper, we discuss how programming language design can impact software security by looking at a specific example: the Wyvern programming language. We report on how the design of the Wyvern programming language leverages security principles, together with hypotheses about how usability impacts security, in order to prevent command injection attacks. Furthermore, we discuss what security principles we considered in Wyvern’s design.

Tue 21 Oct

Displayed time zone: Tijuana, Baja California change

15:30 - 17:00
Session 4PLATEAU at Salon D
Chair(s): Thomas LaToza University of California, Irvine
15:30
22m
Talk
Wyvern: Impacting Software Security via Programming Language Design
PLATEAU
Darya Melicher Carnegie Mellon University, Alex Potanin Victoria University of Wellington, Jonathan Aldrich Carnegie Mellon University
File Attached
15:52
22m
Talk
Considering Productivity Effects of Explicit Type Declarations
PLATEAU
Michael Coblenz Carnegie Mellon University, Jonathan Aldrich Carnegie Mellon University, Brad A. Myers Carnegie Mellon University, Joshua Sunshine Carnegie Mellon University
File Attached
16:15
22m
Talk
Usability Hypotheses in the Design of Plaid
PLATEAU
Jonathan Aldrich Carnegie Mellon University, Joshua Sunshine Carnegie Mellon University
File Attached
16:37
22m
Other
Group Activity
PLATEAU