The SOL group at the University of Pennsylvania develops programming-language technology for improving software security. Specifically, we've been working on programming languages that allow programmers to specify advanced information-flow and access control security policies on data manipulated by the software.
Personnel:
Steve Zdancewic, Assistant Professor
Limin Jia, Post Doc.
Peng Li, Ph.D. Student
Karl Mazurak, Ph.D. Student
Jeff Vaughan, Ph.D. Student
Jianzhou Zhao, Ph.D. Student
Joey Schorr, Masters Student
Luke Zarko, Undergraduate Student
Alumni:
Stephen Tse, Ph.D. Student (Now at Google)
Software Projects:
- AURA - A language with authorization and audit
- Apollo - An experimental programming language for expressive information-flow security policies.
- Fjavac - A Java 5 compiler implemented in the functional language OCaml.
- Flowarrow - Example code for creating secure embedded languages in Haskell.
Papers
Related Projects:
Manifest Security at U. Penn. and CMU
The Grey Project at CMU.
SELinks at U. Maryland, College Park
Jif at Cornell University.
FlowCaml at INRIA.
Polymer at Princeton.
Cryptyc at DePaul University.
Related papers
Funding:
This research has been supported in part by the following grants. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.- NSF CCR-0311204: Dynamic Security Policies
- NSF CNS-0346939: CAREER: Language-based Distributed System Security
- NSF CNS-0524059: Resource-guided Implementation of Secure Embedded Software
- NSF CCF-0524035: Flexible, Decentralized Infomation-flow Control for Dynamic Environments
- NSF CCF-0716469: Manifest Security
- ONR: TIME-DC