India's first Portal in English and Hindi on Defence, Strategic Affairs, Aerospace, Civil Aviation and Internal Security.

June 19, 2013

|English|हिन्दी

Scientists develop tool to step up software security
Jul 23 2012 5:54:43:883PM
by IANS
|
| | | Post a comment

View(s): 232

Washington : A new tool developed by a team of Harvard researchers, could step up security and ensure enhanced performance for commonly used web and mobile applications. Called RockSalt, the clever bit of code can verify that native computer programming languages comply with a particular security policy.

"When a user opens an external application, such as Gmail or Angry Birds, web browsers such as Google Chrome typically run the programme s code in an intermediate and safer language such as JavaScript," says Greg Morrisett, professor of computer science at the Harvard School of Engineering and Applied Sciences (SEAS).

The use of native code, especially in an online environment, however, opens up the door to hackers who can exploit vulnerabilities and readily gain access to other parts of a computer or device. An initial solution to this problem was offered over a decade ago by computer scientists at the University of California, Berkeley, who developed software fault isolation (SFI), according to a Harvard statement.

SFI forces native code to "behave" by rewriting machine code to limit itself to functions that fall within particular parameters. This "sandbox process" sets up a contained environment for running native code. A separate "checker" programme can then ensure that the executable code adheres to regulations before running the program. While considered a major breakthrough, the solution was limited to devices using RISC chips, a processor more common in research than in consumer computing. In 2006, Morrisett developed a way to implement SFI on the more popular CISC-based chips, like the Intel x86 processor.

The technique was adopted widely. Google modified the routine for Google Chrome, eventually developing it into Google Native Client (or "NaCl").

When bugs and vulnerabilities were found in the checker for NaCl, Google sent out a call to arms. Morrissett once again took on the challenge, turning the problem into an opportunity for his students. The result was RockSalt, an improvement over NaCl, built using Coq, a proof development system.
Tags :Scientists , security , software , security,
- |
- | | | Post a comment

Post a comment
Name *
Email address *
English/Hindi Roman Hindi

Comments *
Security Code *

Defence Industry

Defence procurement policy will boost local industry: FICCI

News & Current Affairs

Internal Security

US experts for more counter-terror ties with India, checking LeT

Beyond Headlines

DRDO

Avinash Chander Takes Over as 11th SA to RM

Defence Monitor Viewed: 89

भारत डिफेंस कवच की नई हिन्दी पत्रिका ‘डिफेंस मॉनिटर’ का ताजा अंक ऊपर दर्शाया गया है। इसके पहले दस पन्ने आप मुफ्त देख सकते हैं। पूरी पत्रिका पढ़ने के लिए कुछ राशि का भुगतान करना होता है। पुराने अंक आप पूरी तरह फ्री पढ़ सकते हैं। पत्रिका के अंकों पर क्लिक करें और देखें।-संपादक

Click Here For Archives