This talk describes a way to use programming-language and compiler technology to build secure distributed software. The goal is to provide strong confidentiality and integrity guarantees in systems where there are mutually distrusting participants.

This work is based on the Jif programming language, which is a version of Java with a type system that supports information-flow security policies. The compiler makes use of the structure of the security policy to automatically partition the source program among distributed hosts, extracting an appropriate communication protocol from the source and inserting authentication and encryption as required. The resulting distributed subprograms collectively implement the original program, yet the system as a whole satisfies the security requirements of participating principals without requiring a universally trusted host.

This is joint work with Andrew Myers, Lantian Zheng, and Steve Chong of Cornell University.