CAPEd crusader addresses online security

Security breaches are becoming more frequent and serious as our dependence on computer systems increases. Anyone concerned about the security of their data may view Professor James Noble of Victoria University of Wellington as a hero. He has been awarded a Marsden Fund grant to develop a new way of keeping computer systems more secure.

Any program reachable via the Internet will typically have a number of trusted objects (like the core of a web browser) that interact with untrusted objects (like the animation scripts displayed on a web page). A crucial security requirement is to ensure that the trusted parts can’t be compromised by the untrusted parts – viewing a web page should never leak the user’s address book or passwords.

Most current computer systems use security based on “capabilities”. These are unforgeable “keys” that provide access to system services and resources. The problem is that they are scattered throughout the code of programs. Any part of a program that uses an object may (by oversight, error or fraud) hand that object to an untrusted part, particularly where the program has multiple components from different suppliers.

Professor Noble will work with programmers to develop Capability Policies Explicit (CAPE) – capability policies that will explicitly state which objects are trusted, which are untrusted, and which keys can be accessed by which object.

He will also design programming language features that will support component security, meaning that a program will be secure, even when it is being used with other programs in an untrusted environment.

This timely work will make developing secure programs easier and help stop future breaches.

Professor James Noble

Total Funding: $521,739 (excl. GST)
Researchers: Professor James Noble, Victoria University of Wellington, PO Box 600, Wellington 6140
Telephone: (04) 463 6736