Paragon - a programming language for security
Paragon - a programming language for security
Written by Kay Ewbank   
Friday, 02 December 2011

A new programming language has been devised with the objective of plugging information leaks in software.

As many high profile stories of hackers obtaining information due to data leaks shows, it’s not easy to make sure your application keeps its data safe. Researchers at the University of Gothenburg have developed a language that is designed to do the checks for you while you’re writing your app



The idea behind the new Java-based language is that in many cases what goes wrong is that users are able to exploit leaks and loopholes that are unintentionally introduced during programming to obtain more information than they should have access to. In current languages the only way to overcome this is to proofread the code trying to spot where potential weaknesses occur; the alternative is to wait and see where the hackers break through.

The alternative, developed by Niklas Broberg at the University of Gothenburg is called Paragon, and the techniques used by the programming language are shown in his thesis "Practical, Flexible Programming with Information Flow Control".

“The main strength of Paragon is its ability to automatically identify potential information leaks while the program is being developed,

says Niklas Broberg.

“Paragon is an extension of the commonly-used programming language Java and has been designed to be easy to use. A programmer will easily be able to add my specifications to his or her Java program, thus benefiting from the strong security guarantees that the language provides.”

The way Paragon works is that you specify how the information that will be accessed by the app should be used, who should be able to use it, and what conditions they should be able to use it under. When the app is compiled, the way it uses information is analysed. If the analysis shows up potential risks, you get a warning error telling you where the weakness lies.

You can read more about how the concept works, along with a lot of interesting analysis of just how you might apply security, in Broberg’s thesis, which is available here in the Gothenburg University Publications Electronic Archive.


More Information:

Practical, Flexible Programming with Information Flow Control


To be informed about new articles on I Programmer, subscribe to the RSS feed, follow us on Google+, Twitter or Facebook or sign up for our weekly newsletter.



Atom v Visual Studio Code - The Unexpected Consequence Of Consolidation

OK, so you got upset about Microsoft taking over GitHub, but after a lot of reassurance you can see that commercial interests mean that Microsoft isn't going to trash GitHub - well not at first. But w [ ... ]

HackXLR8 2018 London

Do you have an IoT, Smart Mobility or GreenTech solution or idea? Put it on the map at London Tech Week’s official hackathon, HackXLR8 2018 taking place at ExCel, London on June 13 - 14.

More News

Last Updated ( Friday, 02 December 2011 )

RSS feed of news items only
I Programmer News
Copyright © 2018 All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.