Stephan Boyer
MIT EECS - Quanta Computer Undergraduate Research and Innovation Scholar
Using Data Flow Assertions to Secure Web Applications
2012–2013
Srinivas Devadas
Security policies in web applications are typically expressed as assertions spread throughout the application code. This is both error-prone and expensive, as all developers must be aware of security concerns. We are developing a new approach to improving the security of Web applications that allows data flow assertions to be expressed right next to the definitions of the data that they apply to. Resin uses taint tracking techniques to propagate security policies with the flow of data and enforce them when data enters and leaves the system.
I worked with Prof. Alan Edelman and Jeff Bezanson on a dynamic translation compiler for a high-performance parallel computation system. I worked at Dropbox Inc. on the backend infrastructure for processing, serving, and caching user-generated images. I was the lead engineer of a D-Lab project to produce a low-cost refrigeration device for monitoring temperature-sensitive MDRtuberculosis medication.