9: Information security with Alejandro Russo and Haskell

This episode is presented in English! Fredrik speaks to Alejandro Russo about information security. Using Haskell, it is possible to create a library which can guarantee information security even when information (say, your password to a library checking password strength) is passed on to third-party code. We discuss Alejandro’s paper on this topic and the much wider applicability and possibilities of the ideas - they’re hopefully making their way into browsers! We also talk a bit about how to inform yourself about security (and what not to do), as well as discuss the flow of knowledge between academia and non-academia. Alejandro Russo is an associate professor at Chalmers University of Technology working on the intersection of functional languages, security, and systems. He is the recipient of a Google Research Awards and several grants from the Swedish research agencies Vetenskapsrådet, STINT, and Barbro Osher foundation. Internationally, Prof. Russo worked on prestigious research institutions like Stanford University, where he was appointed visiting associate professor. His research ranges from foundational aspects of security to developing tools tosecure software written in Haskell, Python, and JavaScript. Links   Alejandro Russo Functional programming BBS Modem Two Can Keep a Secret, If One of Them Uses Haskell - Alejandro’s paper ICFP 2015 Functional pearls Haskell Access control Information-flow control Side-effects Haskell 98 Dependent-type languages JSFlow - IFC for Javascript, created by people at Chalmers People at Chalmers and Cornell creating Java compilers GDPR - EU directive to strengthen data protection for individuals Webassembly Gradual typing Buffer overflow Dangling pointers Fuzz testing IEEE security and privacy conferences ACMCCS OSDI SOSP Pony Rust Data race Linear types Affine types There is code written in Rust inside Firefox since August 2016 COWL - Confinement with origin web labels Drop Alejandro a line! Under utveckling is a podcast by and for developers, created in sunny (cough) Gothenburg by us at TimeEdit. We would love your feedback on the topics we discuss! We are on Twitter as @uupodden and at Facebook as Under utveckling. If you enjoy the podcast we’d love a rating and review in iTunes!