The interaction between language-based security mechanisms and operating system security mechanisms has remained largely unexamined, and unexploited. Language-based information security uses programming language abstractions and techniques to reason about and enforce information security, and can provide strong fine-grained application-specific information security guarantees. Operating system (OS) information security mechanisms use OS-level abstractions to provide isolation and protection for processes executing in a system; recent operating system mechanisms can provide fine-grained isolation and protection.
This project investigates interactions between language-based and OS mechanisms for information security, and aims to exploit these interactions both to improve the precision of security enforcement, and to provide greater assurance of information security. This talk will outline the proposed primary directions of research: Integration of language-level and OS mechanisms for provenance; Fine-grained information-flow control for scripting; and Automatic partitioning of applications to enforce information security with OS mechanisms.