Paragon programming language identifies security vulnerabilities
Niklas Broberg from Sweden's University of Gothenburg has developed a programming language which can be used to identify security vulnerabilities in the information flow of applications as they are being developed. Paragon was created as part of Broberg's dissertation entitled "Practical, Flexible Programming with Information Flow Control". It is an extension to the Java programming language and, according to Broberg, can easily be integrated into existing Java applications.
Paragon is reportedly able to detect security vulnerabilities automatically. To do so, it employs a two-stage process. First a developer specifies how the software will be used and who should have access to it and under what conditions; this is expressed in a policy specification language called Paralocks. The second phase occurs during compilation: using the Paralocks specification, the system analyses how the program processes information, the compiler flags up any security risks, such as theft or modification of data, thus giving the developer the opportunity to correct any errors.