Loading...

The Lazy Programmer's Guide to Secure Computing

60,569 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Mar 19, 2010

Google Tech Talk
March 11, 2010

ABSTRACT

Presented by Marc Stiegler.

This presentation starts with a simple block of code written by the Lazy Programmer, to observe how laziness made the code more compact and simpler. We then define the Principle of Least Authority(POLA), and explain why it is a best practice for secure programming. We show how laziness in that first example enabled enforcement of POLA. We then put the Lazy Programmer through a series of increasingly more difficult tasks as management attempts to make the Lazy Programmer work hard. To achieve maximum laziness, the Lazy Programmer is driven toward increasingly more modular, encapsulating OO designs that happen to implement POLA; ultimately compelled to build systems with defense in depth to avoid work. A secret truth is thus revealed: lazy OO programmers have been using secure techniques for decades, if only they had known. We then describe the tools that turn laziness into correctly enforced security for JavaScript, Java, and distributed computing.

Marc Stiegler is a researcher at Hewlett-Packard Labs who has written "Introduction to Capability Based Security," and designed CapDesk and Polaris, a windows overlay that isolates applications from one another to allow virus safe computing.

Loading...


to add this to Watch Later

Add to

Loading playlists...