Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

The Lazy Programmer's Guide to Secure Computing

Loading...

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
30,202
Loading...
Alert icon
Sign in or sign up now!
Alert icon
There is no Interactive Transcript.

Uploaded by on Mar 19, 2010

Google Tech Talk
March 11, 2010

ABSTRACT

Presented by Marc Stiegler.

This presentation starts with a simple block of code written by the Lazy Programmer, to observe how laziness made the code more compact and simpler. We then define the Principle of Least Authority(POLA), and explain why it is a best practice for secure programming. We show how laziness in that first example enabled enforcement of POLA. We then put the Lazy Programmer through a series of increasingly more difficult tasks as management attempts to make the Lazy Programmer work hard. To achieve maximum laziness, the Lazy Programmer is driven toward increasingly more modular, encapsulating OO designs that happen to implement POLA; ultimately compelled to build systems with defense in depth to avoid work. A secret truth is thus revealed: lazy OO programmers have been using secure techniques for decades, if only they had known. We then describe the tools that turn laziness into correctly enforced security for JavaScript, Java, and distributed computing.

Marc Stiegler is a researcher at Hewlett-Packard Labs who has written "Introduction to Capability Based Security," and designed CapDesk and Polaris, a windows overlay that isolates applications from one another to allow virus safe computing.

Category:

Science & Technology

Tags:

License:

Standard YouTube License

Link to this comment:

Share to:

Top Comments

  • He is a funny guy :) This video makes me want to perfect my laziness :)=

  • I am being serious! Excellent content and quality video...

see all

All Comments (16)

Sign In or Sign Up now to post a comment!
  • This guy is awesome! Really enjoyed this. Thanks.

    Besides...

    while(TheGuyIsSpeaking) { HighPitchVoice(); LowPitchVoice();

    }

  • i think His talk is easy to understand and useful.

    Thanks for posting this informative video!

  • @HDFuXoNiz and what do you do for work... you merit-less prawn.. It really is the freaks and mutants that save and create this shared world.. hope you enjoy your life in the customer service field loser..

  • @HDFuXoNiz That guy your calling nerd probably has a mansion three times the size of your house.

  • Mark has considerable experience with Windows, but as you say not working on what is typically considered Windows 'security'. That is not working on internal features of Windows to do permissions checking, authentication, etc. Instead he has focused most on changing the game of Windows security by working on the HP Polaris project that provided a POLA environment for execution of programs running under the Windows API,

  • Nerd Nerd Nerd Neeeeerd

  • awesome programming explanation!!!

  • @NPderive "efficiency" is simply a euphemism douchebags use for their laziness ;-P

Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more