A programming language called Paragon is now in development that can identify security vulnerabilities in the information flow of applications as they develop.
The language is an extension to the Java programming language and, said Niklas Broberg from Sweden’s University of Gothenburg, it can easily integrate into existing Java applications. Paragon is a part of Broberg’s dissertation entitled “Practical, Flexible Programming with Information Flow Control.”
Paragon can detect security vulnerabilities automatically, Broberg said.
To do so, it employs a two-stage process. First a developer specifies how they will use the software and who should have access to it and under what conditions; this accessibility is in a policy specification language called Paralocks.
The second phase occurs during compilation: Using the Paralocks specification, the system analyzes how the program processes information, the compiler flags up any security risks, such as theft or modification of data, thus giving the developer the opportunity to correct any errors.