My name is Tom Austin. Currently I am a PhD student in the SLANG lab of the CS department at UC Santa Cruz. I am interested in the intersection of programming languages and security. If you are looking for employees, please check out my resume.
My dissertation focuses on dynamic information flow analysis for JavaScript. Typically, JavaScript code is included from many different sources in a single page. Unfortunately, all code runs with full privileges. Given that we use our browsers for interacting with financial sites, medical sites, and a number of other sites handling our private data, the lack of real security guarantees is alarming. Information flow analysis tracks the flow of private data and prevent it from leaking to an untrusted site.
For a more in-depth discussion of the problem and my solution, see my recent POPL talk online. (The video seems to play well in Chrome, but has issues in Firefox, unfortunately. I have not tried other browsers).
For more details about my latest projects, check out my blog and my github page. A few highlights are listed here.
Zaphod is a Firefox plugin that allows language hackers to experiment with new JavaScript features. It incorporates the Narcissus JavaScript engine, a metacircular JavaScript implementation. Since Narcissus is written in JavaScript, it is easy to extend and modify. Zaphod allows you to incorporate Narcissus into your browser and try out your new features in a realistic setting. Furthermore, Zaphod integrates dom.js, a DOM implementation also written in JavaScript. If you are a JavaScript language hacker and have a new JavaScript or DOM feature that you want to test out, Zaphod is the ideal tool.
For a sample extension, I developed ZaphodFacets, which integrates information flow controls into the browser. (It relies on the same mechanism that I used in my POPL talk).
XMUltra is a feed processing framework built by Knight Ridder for handling its news stories. They briefly open sourced it in 2003 before withdrawing it. After McClatchy merged with KnightRidder, they agreed to open source it again, which was very, very cool of them. I've been busy updating it for general usage.
Think of it like Ant for handling data feeds. Once you use it, feed processing is never the same again. Available at http://xmultra.sourceforge.net.
For my master's thesis at San Jose State I explored metaobject protocols for different languages. I've added some new MOP features to Mozilla's Rhino JavaScript, and as a proof of concept I am working on integrating this into RhinoFaces. RhinoFaces is built on JavaServer Faces, but it is patterned more after Ruby on Rails.
This seems to be about the first paper on MOPs for languages with prototype-based object systems. It has some interesting characteristics. If you are interested in programming language design, take a look.
These began as projects for San Jose State, but they came out particularly well, so I decided to put them up here.
Questions or comments? Contact me at [email protected].
Also, check out my blog at http://tomTheMighty.blogspot.com/