Words Matter: Language In Security Engineering
Chris Palmer
Abstract:
Language impacts everything in software: API design, types and type systems, the grammars from which serialized inputs and outputs come, what semantics our programming languages easily and not-so-easily afford, the natural language words and 'visual language' we use in our user interfaces, and more.
In this talk, I'll describe how our use and mis-use of languages, broadly construed, directly impacts software safety in the field and the costs of developing safe software. I'll describe how the concepts of language-theoretic security, typeful programming, and user interface design open broad avenues for safe, correct, and usable software that we have only begun to explore.
I'll illustrate the ideas with specific examples of how language has affected the safety of Google Chrome, for better and for worse.