Communications of the ACM
Nacl to Give Way to Rocksalt
"We wanted to get a guarantee that there are no bugs in the checker, so we set out to construct a rigorous, machine-checked proof that the checker is correct," says Greg Morrisett of Harvard University.
Credit: Rose Lincoln / Harvard News Office
Harvard University researchers have developed RockSalt, software that can boost the security and enhance the performance of commonly used Web and mobile applications. RockSalt can verify that native computer programming languages comply with a certain security policy. "When a user opens an external application, such as Gmail or Angry Birds, Web browsers such as Google Chrome typically run the program's code in an intermediate and safer language such as JavaScript," says Harvard professor Greg Morrisett. "In many cases it would be preferable to run native machine code directly."
Morrisett previously developed a way to implement the decade-old software fault isolation solution developed by University of California, Berkeley on CISC-based chips. Google then modified the routine for Google Chrome, developing it into Google Native Client. However, bugs and different vulnerabilities were eventually discovered within the checker for NaCl, so Morrisett had his undergraduate students develop a solution.
RockSalt consists of just 80 lines of code, and is faster and has no known vulnerabilities. Morrisett says it enables programmers to code in any language, compile it to native executable code, and secure it without going through intermediate languages such as JavaScript.
From Harvard University
View Full Article
Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA
No entries found