BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Aura: A Programming Language with Authorization and Audit - Steve 
 Zdancewic - University of Pennsylvania\, USA
DTSTART:20100310T141500Z
DTEND:20100310T151500Z
UID:TALK22090@talks.cam.ac.uk
CONTACT:Mateja Jamnik
DESCRIPTION:Existing mechanisms for authorizing and auditing the flow of\n
 information in networked computer systems are insufficient to meet the\nse
 curity requirements of high-assurance software systems.  Current\nbest pra
 ctices typically rely on operating-system provided file\npermissions for a
 uthorization and an ad-hoc combination of OS and\nnetwork-level (e.g. fire
 wall-level) logging to generate audit trails.\n\nThis talk will describe w
 ork on a security-oriented programming\nlanguage called Aura that attempts
  to address this problem of\nauditable information flows in a more princip
 led way.  Aura supports a\nbuilt-in notion of principal and its type syste
 m incorporates ideas\nfrom authorization logic and information-flow constr
 aints.  These\nfeatures\, together with the Aura run-time system\, enforce
  strong\ninformation-flow policies while generating good audit trails.  Th
 ese\naudit trails record access-control decisions (such as uses of\ndowngr
 ading or declassification) that influence how information flows\nthrough t
 he system.  Aura's programming model is intended to smoothly\nintegrate in
 formation-flow and access control constraints with the\ncryptographic enfo
 rcement mechanisms necessary in a distributed\ncomputing environment.\n\n\
 nThis is joint work with Jeff Vaughan\, Limin Jia\, Karl Mazurak\,\nJianzh
 ou Zhou\, Joseph Schorr\, and Luke Zarko.\n
LOCATION:Lecture Theatre 1\, Computer Laboratory
END:VEVENT
END:VCALENDAR