Making it easier to build secure Web applications
Two years ago, a fledgling social-networking site called Blippy accidentally posted the credit card numbers of its users online. While that was a particularly egregious example, such inadvertent information leaks happen all the time: In April, for instance, the Texas attorney general’s office sent civil-rights groups information on 13.1 million registered voters — including, accidentally, the complete Social Security numbers of many of them. Less than a month before, the city of Providence, R.I., accidentally released the Social Security numbers of nearly 3,000 former state employees to a local news organization.At the USENIX Annual Technical Conference in Boston this month, MIT researchers will present a new programming system that could help prevent such inadvertent information leaks.The system, dubbed Aeolus, is designed for programmers developing large, distributed Web applications, and it automatically keeps track of users’ data-access privileges. While academics have been investigating such systems for years, Institute Professor Barbara Liskov,...