CT-ISG Collaborative Research: Open Software Security: Principles and Systems
Modern software systems are often extensible, in particular through software upgrades and third-party add-ons. The level of trust in the producers and distributors of extensions vary significantly. This motivates the need for general policies and mechanisms that can be used to allow system extensions, even untrusted ones, without compromising the stability and security of the host system.
This project develops an open infrastructure that enables and supports such policies and mechanisms, by expanding the reach of language-based security machinery, such as type checking, and integrating it with authority-based reasoning, for example based on digital signatures. The project emphasizes applicability to a wide range of safety policies, ease of deployment, and accessibility to developers with varying levels of formal training.
While security is central to this work, it aims to contribute to trustworthiness and reliability in a broad sense, protecting both against errors and attacks. It intends to do so through publications in the peer-reviewed literature, education, and the development of software artifacts.
