As an undergraduate member of the Trusted Computing Group (TCG), I will be learning about and helping to implement Resin, a new language runtime that helps prevent security vulnerabilities in web applications. Resin allows the developer to specify security policies, called data flow assertions, using the application’s programming language. Policy objects are attached to data as it enters the application, and checked at the points where the data leaves the applications. The policies are automatically propagated throughout the application’s data flow, instead of relying on the programmer to place checks throughout the source code. The under-development version of Resin for this project is called Police, and will be implemented in the popular web development framework Ruby on Rails.

I have worked with Prof. Srini Devadas on this project last year. I
had an internship last summer using Ruby on Rails to implement
various tools for admins to use to manage ad campaigns. I am a
prospective at MIT’s SIPB, helping out with the Scripts project.