Ensuring the confidentiality and integrity of data in distributed healthcare or financial applications is challenging. Developers may introduce unintended or deliberate security flaws in different parts of an application, which may lead to the disclosure of sensitive data. While access control mechanisms and source code auditing are used in practice to avoid security flaws, security violations nevertheless remain a frequent occurrence.

Instead of trying to avoid all security flaws, I introduce our research on providing a "safety net" to distributed applications, which prevents sensitive data disclosure from happening. Our approach is to use information flow control (IFC) to track the flow of data through a complex, heterogeneous distributed application and constrain undesirable flows, which could violate data protection policy. I illustrate this idea with two prototype systems for runtime data flow tracking: (1) the DEFCon middleware that applies the IFC model to event-based systems implemented in Java, after adding support for strong isolation between objects to the Java runtime; and (2) PHP Aspis, a tool that uses partial data flow tracking to protect PHP web applications against cross-site scripting and SQL injection vulnerabilities.

Bio: Dr Peter Pietzuch is a Senior Lecturer (Associate Professor), leading the Large-scale Distributed Systems (LSDS) group in the Department of Computing at Imperial College London. His research focuses on the design and engineering of scalable, reliable and secure large-scale software systems, including event processing, peer-to-peer and cloud computing applications. Dr Pietzuch has published over fifty research papers in peer-reviewed venues, including USENIX ATC, NSDI, ICDE, ICDCS, ACM/USENIX Middleware and DEBS. He has co-authored a book on Distributed Event-based Systems published by Springer. Before joining Imperial College, he was a post-doctoral fellow at Harvard University. He holds Ph.D. and M.A. degrees from the University of Cambridge.