CT-ISG Collaborative Research: Open Software Security: Principles and Systems

Modern software systems are often extensible, in particular through software upgrades and third-party add-ons. The level of trust in the producers and distributors of extensions vary significantly. This motivates the need for general policies and mechanisms that can be used to allow system extensions, even untrusted ones, without compromising the stability and security of the host system.

This project develops an open infrastructure that enables and supports such policies and mechanisms, by expanding the reach of language-based security machinery, such as type checking, and integrating it with authority-based reasoning, for example based on digital signatures. The project emphasizes applicability to a wide range of safety policies, ease of deployment, and accessibility to developers with varying levels of formal training.

While security is central to this work, it aims to contribute to trustworthiness and reliability in a broad sense, protecting both against errors and attacks. It intends to do so through publications in the peer-reviewed literature, education, and the development of software artifacts.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Communication Foundations (CCF)
Type
Standard Grant (Standard)
Application #
0524078
Program Officer
Sol J. Greenspan
Project Start
Project End
Budget Start
2005-09-01
Budget End
2009-08-31
Support Year
Fiscal Year
2005
Total Cost
$150,000
Indirect Cost
Name
University of California Santa Cruz
Department
Type
DUNS #
City
Santa Cruz
State
CA
Country
United States
Zip Code
95064