SPRINT: Secure Programming Using Artificial Intelligence Techniques
Small Business Information
33 Thornwood Drive, Suite 500, Ithaca, NY, 14850
AbstractTo meet the demand for more "intelligent" applications-in web services, enterprise software, network management, etc.-developers are turning to the AI technique of rule-based programming. But the very things that make rule-based programming attractive-its flexibility, its introduction of complex and dynamically changing control structures-raise serious security concerns. ATC-NY, in collaboration with Architecture Technology Corporation (ATC), will develop SPRINT, a tool to support secure programming in the rule-based language CLIPS. SPRINT can be thought of as a sophisticated type-checker for a modest extension of CLIPS. The extensions, which take the form of structured comments, provide a way for programmers to indicate more precise constraints on intended execution, and thereby provide "checkable hints" to SPRINT. A program that passes SPRINT type checks will have eliminated many potential security flaws. Since CLIPS is broadly similar to many other rule-based languages, we expect that the techniques and principles developed in this work will be generally applicable.
* information listed above is at the time of submission.