Jean Yang Curry On 2017 Interview

Jean Yang will be giving a talk at Curry On 2017. Her talk is called Preventing Information Leaks by Construction.

Follow Jean on her Homepage, GitHub and Twitter.

PurelyFunctional.tv: How did you get into Functional Programming?

Jean Yang: In college I learned to program in Scheme and then Standard ML. I found the elegance incredibly seductive, and loved figuring out the simplest way to write my code. The summer before my senior year, when I was programming in C++ at Google, I realized that learning these functional languages made me a more effective programmer. This led me to write my senior thesis on using type Dynamic with type classes, mostly as an excuse to learn Haskell and dig into the guts of the Glasgow Haskell Compiler.

As a programming languages researcher, functional programming has provided a useful foundation for playing with ideas. In language design, formal semantics often take the lambda calculus as a starting point because it's a simple and expressive model. It's the same for language implementation: if you want to experiment with how a language works, if you're at all interested in reasoning with strong formal guarantees you're not going to start with something unruly like JavaScript. Languages like ML and Haskell, with their strong static types and well-studied semantics, provide much better playgrounds for experimentation.

PF.tv: What is your talk about?

JY: I'm talking about policy-agnostic programming, the programming model I have been working on for factoring security and privacy out of code. As there is more code that computes over sensitive data, needing to enforce security and privacy policies becomes a growing programmer bottleneck.

So far, I've been focusing on a class of policies for information flow that talk about how sensitive values may flow through computations. An example of an information flow leak is if Facebook tells you your location is visible only to your friends, but then shows your profile if anyone searches for users at your location. Using existing mainstream programming techniques, information flow is difficult because it requires the programmer to reason about the interaction between sensitive values and functionality throughout the code. Any missing check can lead to a leak. There are many solutions that check a program for leaks, or stop a program before it leaks information, but they are not so useful in helping the programmer construct leak-free programs in the first place.

I've been working on a programming model that factors information flow policies out of the code. Instead of needing to implement information flow security as checks across the program, the programmer can now specify each policy once, and then rely on the runtime and compiler to enforce them. I've been working out the semantics of dynamic (runtime) enforcement in a language called Jeeves, which we've implemented as a Python library that rewrites the source code at runtime. We've also extended the programming model to interface with SQL databases, and used this technique to build the Jacqueline web framework on top of Django. Recently we've been working on a technique to rewrite programs to insert the appropriate checks, in a system called Lifty, and we're working on a web framework using this technology called Binah.

PF.tv: Who is your talk for?

JY: My talk is for people interested in security and privacy, and also people interested in how language design can mitigate programmer burden.

PF.tv: What do you hope people will take away from the talk?

JY: I want people to understand that programmer bottleneck is an important program in security and privacy, and that factoring out these policies is a viable solution. We need to think hard about what the programming models should be if we do this.

PF.tv: What concepts do you recommend people be familiar with to maximize their experience with the talk?

JY: Information flow would be a good one, but not necessary.

PF.tv: What resources are available for people who want to study up before the talk?

JY: The website for the project is here. I also have written a couple of articles for a lay audience:

• Building Privacy Right into Software Code

• James Comey's Twitter Security Problem Is Your Problem, Too

PF.tv: Where can people follow you online?

JY: Follow me on:

• Twitter
• Medium
• Quora
• Blog

PF.tv: Are there any projects you'd like people to be aware of? How can people help out?

JY: I would love it if people wanted to build things using our systems, especially using Lifty and Binah!

PF.tv: Where do you see the state of functional programming in 10 years?

JY: A lot more people will be using functional programming! When I worked at Google in 2007, they were rewriting one of their large systems from Java back to C++ because they couldn't afford the memory overheads. I would try to talk to people about functional programming and nobody would have any of it. Things are different now, and it's very exciting.

PF.tv: If functional programming were a superhero, what superpower would it have?

JY: For programmers, functional programming can give the power of super speed. Higher-order functions, functions that take other functions as arguments, can make code incredibly concise, making it possible to write these programs super quickly. Strong static type systems provide automatic guarantees of type safety and memory safety, which saves a lot of time in testing and debugging.