9: Information security with Alejandro Russo and Haskell
This episode is presented in English!
Fredrik speaks to Alejandro Russo about information security. Using Haskell, it is possible to create a library which can guarantee information security even when information (say, your password to a library checking password strength) is passed on to third-party code. We discuss Alejandro’s paper on this topic and the much wider applicability and possibilities of the ideas - they’re hopefully making their way into browsers!
We also talk a bit about how to inform yourself about security (and what not to do), as well as discuss the flow of knowledge between academia and non-academia.
Alejandro Russo is an associate professor at Chalmers University of Technology working on the intersection of functional languages, security, and systems. He is the recipient of a Google Research Awards and several grants from the Swedish research agencies Vetenskapsrådet, STINT, and Barbro Osher foundation. Internationally, Prof. Russo worked on prestigious research institutions
like Stanford University, where he was appointed visiting associate professor. His research ranges from foundational aspects of security to developing tools tosecure software written in Haskell, Python, and JavaScript.
Links
- Alejandro Russo
- Functional programming
- BBS
- Modem
- Two Can Keep a Secret, If One of Them Uses Haskell - Alejandro’s paper
- ICFP 2015
- Functional pearls
- Haskell
- Access control
- Information-flow control
- Side-effects
- Haskell 98
- Dependent-type languages
- JSFlow - IFC for Javascript, created by people at Chalmers
- People at Chalmers and Cornell creating Java compilers
- GDPR - EU directive to strengthen data protection for individuals
- Webassembly
- Gradual typing
- Buffer overflow
- Dangling pointers
- Fuzz testing
- IEEE security and privacy conferences
- ACMCCS
- OSDI
- SOSP
- Pony
- Rust
- Data race
- Linear types
- Affine types
- There is code written in Rust inside Firefox since August 2016
- COWL - Confinement with origin web labels
- Drop Alejandro a line!
Under utveckling is a podcast by and for developers, created in sunny (cough) Gothenburg by us at TimeEdit. We would love your feedback on the topics we discuss! We are on Twitter as @uupodden and at Facebook as Under utveckling. If you enjoy the podcast we’d love a rating and review in iTunes!