In this project we explore techniques beyond those in the Program Analysis domain, to find bugs and vulnerabilities, as well as ways of preventing such bugs and vulnerabilities from happening in the first instance, through Secure Languages.
Tiramisu – Secure languages
Today’s languages do not support our developers in writing secure code for the most common types of vulnerabilities, such as buffer errors, injection attacks, and information leaks. We are exploring secure language concepts and secure abstractions that can be applied in future languages to prevent these vulnerabilities.
The secure language concepts we are exploring need to extend the boundaries across diﬀerent languages used in cloud applications, as well as extend into the databases used by such applications.
How we meet that challenge
Why not introduce secure language concepts into a multi-lingual, database-backed, memory-safe runtime, while at the same time improve compiler information ﬂow tracking? We are starting to work on enhanced compiler and runtime to support security abstractions in these runtime conditions while we keep track of interoperability across the multiple languages.
Tiramisu – Fuzzing techniques
Why do we need to fuzz JS applications?
To find out more, contact