Software Tool Plugs Security Leaks

Aug 01, 2007

Often when you make an Internet transaction, symbols on the Web page assure you that your transaction will be secure and that private information about you, such as passwords, bank account or credit card numbers, will not be intercepted by a third party.

Such assurances mean safe passage along the information highway. But is your private information secure after it enters a merchant's computer?

Not necessarily, says a University of Illinois at Chicago computer-security expert who is developing a software tool that will help keep private information from falling under prying eyes.

"There are many ways software can leak information, and often programmers are clueless about how to prevent it," said V.N. Venkatakrishnan, assistant professor of computer science and co-director of UIC's Center for Research and Instruction in Technologies for Electronic Security.

"Programmers need tools and techniques to write good code that safeguards private data," he said. "It is important to address end-user privacy concerns during software development."

The problem focuses on the massive number of computer programs written in C, the language most widely used for building systems software for applications such as mail agents, calendars and web browsers.

Building on previous research findings, Venkatakrishnan has developed a software tool to break up private, protected data-entering programs written in C, separating it from information that is open to public access, such as via an Internet link. The tool automatically identifies what Venkatakrishnan calls the program's public and private zones, monitoring the program while running, checking the information flow almost like a gatekeeper dividing attention between these two zones.

"Taken together, the public and private zones replace the original functionality of the program," he said. "It enables you to enforce different policies on these zones. For instance, the public zone is not allowed to read sensitive data, and the private zone is not allowed network access, which addresses end-user privacy concerns."

Venkatakrishnan has already developed a prototype tool and has successfully tested it on medium-scale software programs. He just received a two-year, $250,000 single-investigator grant from the National Science Foundation to create a way to scale-up the tool for use on large-scale programs, such as mail readers and Web browsers.

The tool will be easy for programmers to use, and applicable to a wide range of programs, Venkatakrishnan said. He expects to have it tested and ready for public release within two years.

"The prototype is there. It will be fairly easy for us to build on it."

Source: University of Illinois at Chicago

Explore further: Computer-assisted authoring tools help to create complex interactive narratives

add to favorites email to friend print save as pdf

Related Stories

Superfish points fingers over ad software security flaws

Feb 22, 2015

A little-known Silicon Valley startup was caught in a firestorm of criticism this week for making software that exposed Lenovo laptop users to hackers bent on stealing personal information. But Superfish Inc. ...

Challenges for doctors using fitness trackers and apps

Feb 20, 2015

More hospitals and doctors are starting to use data from fitness trackers and health apps to help treat patients. But they are moving cautiously. The technology has a lot of potential, but there are key ch ...

Giving web developers tools to protect their sites and users

Feb 06, 2015

Most Internet users know that practicing good online hygiene – never clicking on spam, choosing strong passwords and setting up two-factor authentication – is essential for protecting their personal information. They ...

Safe production in Industry 4.0

Feb 02, 2015

Production facilities and components of Industry 4.0 are linked to the Internet, networked with each other, and thus open to attack. Using an IT security laboratory, Fraunhofer researchers offer a test environment ...

Apple patent focuses on tools for commuters

Dec 06, 2014

Should you take the arthritic trolley today or the local bus with over a dozen stops? Where do you change? When does the bus stop running? Once on the N line, does it pass close enough to the shop? If you ...

Recommended for you

New paper focuses on degree centrality in networks

Feb 26, 2015

Social networks such as Facebook, LinkedIn and Twitter play an increasingly central role in our lives. Centrality is also an important concept in the theory of social networks. Centrality of an individual, called a "node" ...

Linguists tackle computational analysis of grammar

Feb 26, 2015

Children don't have to be told that "cat" and "cats" are variants of the same word—they pick it up just by listening. To a computer, though, they're as different as, well, cats and dogs. Yet it's computers ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.