School of Engineering and Applied Sciences (SEAS) researchers and two Harvard undergraduates have developed a “clever bit of code” called RockSalt that could boost security for popular Web and mobile applications such as Gmail, Facebook, and Angry Birds.
When computer scientists at the University of California, Berkeley, developed a similar solution called software fault isolation (SFI) more than a decade ago, it was limited to devices using RISC chips, a type of processor more common in research than in consumer computing. In 2006, Morrisett developed a way to implement SFI on the more popular CISC-based chips, like the Intel x86 processor, eventually leading to Google’s development of Google Native Client (or NaCl).
When bugs and vulnerabilities were found in the checker for NaCl, Morrissett once again tackled the challenge, turning the problem into an opportunity for his students, and then presenting their research at the June ACM Conference on Programming Language Design and Implementation (PLDI) in Beijing. His team expects RockSalt to be integrated into future versions of common Web browsers, and plans to adapt the tool for use in a broader variety of processors.
“The biggest benefit,” says Morrisett, “may be that users can have more peace of mind that a piece of software works as they want it to.”