A university researcher is working on a tool to help C programmers build applications that are much less likely to reveal personal data.
"There are many ways software can leak information, and often programmers are clueless about how to prevent it," said V.N. Venkatakrishnan, assistant professor of computer science and co-director of University of Illinois at Chicago's Center for Research and Instruction in Technologies for Electronic Security.
Internet users might be reassured by web pages telling them their transactions are secure along the network, but Venkatakrishnan’s concern is what becomes of that data once it reaches a computer, such as at a retailer. The key is making sure email, browser and other programs are written with more security in mind from the start, he said.
"It is important to address end-user privacy concerns during software development," he said.
The software his team is developing separates public from private information in applications and monitors it to keep private data hidden from prying eyes.
"Taken together, the public and private zones replace the original functionality of the program," he said. "It enables you to enforce different policies on these zones. For instance, the public zone is not allowed to read sensitive data; and the private zone is not allowed network access, which addresses end-user privacy concerns."
Venkatakrishnan plans to move from prototype and medium-scale software-program testing to large-scale software-program testing. His hope is to have a tool publicly available within two years.
Software companies increasingly are focusing on securing software programs from the start, and the issue has been a major topic of conversation at security conferences this year, including the RSA Conference held in February. Vulnerability assessment also has been a focus of security startups.