Software Tool Plugs Security Leaks

Aug 01, 2007

Often when you make an Internet transaction, symbols on the Web page assure you that your transaction will be secure and that private information about you, such as passwords, bank account or credit card numbers, will not be intercepted by a third party.

Such assurances mean safe passage along the information highway. But is your private information secure after it enters a merchant's computer?

Not necessarily, says a University of Illinois at Chicago computer-security expert who is developing a software tool that will help keep private information from falling under prying eyes.

"There are many ways software can leak information, and often programmers are clueless about how to prevent it," said V.N. Venkatakrishnan, assistant professor of computer science and co-director of UIC's Center for Research and Instruction in Technologies for Electronic Security.

"Programmers need tools and techniques to write good code that safeguards private data," he said. "It is important to address end-user privacy concerns during software development."

The problem focuses on the massive number of computer programs written in C, the language most widely used for building systems software for applications such as mail agents, calendars and web browsers.

Building on previous research findings, Venkatakrishnan has developed a software tool to break up private, protected data-entering programs written in C, separating it from information that is open to public access, such as via an Internet link. The tool automatically identifies what Venkatakrishnan calls the program's public and private zones, monitoring the program while running, checking the information flow almost like a gatekeeper dividing attention between these two zones.

"Taken together, the public and private zones replace the original functionality of the program," he said. "It enables you to enforce different policies on these zones. For instance, the public zone is not allowed to read sensitive data, and the private zone is not allowed network access, which addresses end-user privacy concerns."

Venkatakrishnan has already developed a prototype tool and has successfully tested it on medium-scale software programs. He just received a two-year, $250,000 single-investigator grant from the National Science Foundation to create a way to scale-up the tool for use on large-scale programs, such as mail readers and Web browsers.

The tool will be easy for programmers to use, and applicable to a wide range of programs, Venkatakrishnan said. He expects to have it tested and ready for public release within two years.

"The prototype is there. It will be fairly easy for us to build on it."

Source: University of Illinois at Chicago

Explore further: Computer program to take on world's best in Texas Hold 'em

Related Stories

Bloomberg blames 'internal network issue' for global outage

Apr 17, 2015

Bloomberg LP's trading terminals, which are used by most of the world's biggest financial firms, went down for a few hours Friday due to apparent technical problems, a crash that prompted the British government to postpone ...

Roar of China's 'Great Cannon' heard across the internet

Apr 15, 2015

China has once again surprised researchers by unleashing what has been dubbed its "Great Cannon" – a cyber weapon that has in recent weeks brought down several websites including the Github software code repository and GreatFire, an activist group working against censorship in China ...

Future privacy technologies protect personal data better

Apr 09, 2015

In Estonia, the public and private sector have databases the merging and analysis of which could help the state and enterprises make better management decisions. However, such consolidation of data would be a serious threat ...

Agents probing drug site accused of taking online currency

Mar 31, 2015

Two former federal agents are accused of using their positions and savvy computer skills to siphon more than $1 million in digital currency from the online black market known as Silk Road while they and their agencies operated ...

Recommended for you

Preventing a Fukushima disaster in Europe

15 minutes ago

Improved safety management and further collaboration between experts is required to minimise the risk of flooding at coastal nuclear plants in Europe.

High court to consider lawsuits over personal data

45 minutes ago

The Supreme Court said Monday it will decide whether Web sites and other firms that collect personal data can be sued for publishing inaccurate information even if the mistakes don't cause any actual harm.

Making LED-illuminated advertisements light and flexible

3 hours ago

VTT is involved in a European project, developing novel LED advertising displays, which combine thin, lightweight and bendable structures with advanced optical quality. The project will implement, for example, a LED display ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.