14 DAY TRIAL // A researcher from the University of Gothenburg in Sweden, created a programming language called Paragon that can determine, during the development process, if an application presents vulnerabilities.
According to H-Security, Niklas Broberg made Paragon as a part of his doctoral thesis entitled “Practical, Flexible programming with Information Flow Control.”
The paper reveals that Paragon is actually an extension of Java that relies on Paralocks, a language that creates “fine grained” information flow policies.
Broberg believes that most vulnerabilities don’t necessarily come from deficiencies in network security or encryption, but from pieces of software that fail to properly protect the information they handle.
Since restriction to data is not a viable solution, he claims that a mechanism is needed to control exactly what information an application can access. Another important part of the problem refers to how the information is handled once it’s in the possession of a program.
The two components, Paralocks and the programming language Paragon, built on top, represent a complete framework for keeping the information flow under control while developing software.
So how is the system actually able to identify security vulnerabilities that imply the use of data?
With the use of Paralock, the conditions and the means in which the application has access to the information are set. In the second phase, using the specifications set previously in Paralock, the way the system processes information is checked to make sure there are no discrepancies.
While this software can turn out to be highly useful for anyone that plans on creating applications that must make sure the information they process is perfectly secure, the researcher claims that a lot of improvements can be done to both Paragon and Paralocks.
“It is our hope that this work will help bridge the gap between theory and practice concerning information flow control, and help promote awareness of the need for, and the adoption of suitable methods for, programming with information flow,” Broberg concludes.