This is an example project from David Walker
-
Jif is a programming language based on Java equipped with a
type system for detecting information-flow.
-
Learn about how Jif works, its features and semantics
-
Use Jif:
-
Design an interface to a cryptographic library using Jif's
decentralized label model.
-
Use the resulting library to implement the cryptographic
protocols used in a secure client-server setting.
-
Evaluate: What did you learn? Jif pros and cons?
-
Starting points on the projects page:
Example Final Project Outline
-
Abstract
-
Section I: Introduction
-
Motivation (argument that makes the contributions seem
inevitable!)
-
Information security is important.
-
Cryptographic primitives are crucial for network-based
security.
-
Language-based security is practical way to increase
confidence in security
-
Current support for cryptographic primitives in languages
is not good.
-
Contributions
-
Design of a cryptographic library in Jif
-
Show how type system can encode desirable invariants
-
Investigation of event driven vs. threaded programs with
information flow
-
Implementation of a (reasonably) substantial system using
Jif
-
Section II: Background material
-
Jif and Decentralized Label Model
-
Important features (label abstraction, first-class
principals, declassification, endorsement), syntax,
semantics
-
Cryptographic operations
-
Section III: Design of the Cryptographic Library
-
Problems: Keeping keys secret; Dependency between keys and
encrypted values; Authentication information encoded in the
types; Integrity Constraints in Jif
-
Solutions: Dynamic Principals; Label polymorphism; Fancy
programming
-
Section IV: Evaluation of the Library
-
Description of the test case
-
Bank/ATM simulation with interesting authentication
protocols
-
Implementation details/examples
-
Insights learned? Design choices you would have changed?
-
Section V: Related Work
-
Section VI: Conclusion
-
Summarize introduction
-
Reiterate contributions
