A software called RockSalt developed by Harvard researchers boosts app security

RockSalt software improves app security.

Greg Morrisett

School of Engineering and Applied Sciences (SEAS) researchers and two Harvard undergraduates have developed a “clever bit of code” called RockSalt that could boost security for popular Web and mobile applications such as Gmail, Facebook, and Angry Birds.

When a user surfing the Web opens an external application, says Cutting professor of computer science and lead researcher Greg Morrisett, Web browsers such as Google Chrome typically “sandbox” the program’s code by running it in JavaScript, an intermediate—and safer—language. This approach limits native code (computer code compiled to run with a particular processor) to functions that fall within particular security parameters, but can also slow the application. If the application runs in native code instead, it will execute commands more quickly, but at a price: it makes devices more susceptible to hackers looking to gain access to other parts of a computer or mobile device. RockSalt solves the security problems of native code without slowdowns. Developed by Morrisett, former postdoctoral fellow Jean-Baptiste Tristan (now at Oracle), rising seniors Edward Gan ’13 and Joseph Tassarotti ’13, and Gang Tan of Lehigh University, RockSalt enables programmers to code in any language, compile their work in native executable code, and secure it without going through intermediate languages such as JavaScript.

When computer scientists at the University of California, Berkeley, developed a similar solution called software fault isolation (SFI) more than a decade ago, it was limited to devices using RISC chips, a type of processor more common in research than in consumer computing. In 2006, Morrisett developed a way to implement SFI on the more popular CISC-based chips, like the Intel x86 processor, eventually leading to Google’s development of Google Native Client (or NaCl).

When bugs and vulnerabilities were found in the checker for NaCl, Morrissett once again tackled the challenge, turning the problem into an opportunity for his students, and then presenting their research at the June ACM Conference on Programming Language Design and Implementation (PLDI) in Beijing. His team expects RockSalt to be integrated into future versions of common Web browsers, and plans to adapt the tool for use in a broader variety of processors.

“The biggest benefit,” says Morrisett, “may be that users can have more peace of mind that a piece of software works as they want it to.”

You might also like

A New Narrative of Civil Rights

Political philosopher Brandon Terry’s vision of racial progress

This Astronomer is Sounding a Warning on 'Space Junk'

As debris accumulates in low Earth orbit, the danger of destructive collisions continues to rise.

Isaac Kohlberg to Step Down as Head of Harvard Technology Development

Partnerships and licensing office could become more critical as funding cuts loom

Most popular

Shakespeare’s Greatest Rival

Without Christopher Marlowe, there might not have been a Bard.

How MAGA Went Mainstream at Harvard

Trump, TikTok, and the pandemic are reshaping Gen Z politics.

How AI Could Be Raising Your Energy Bill

Utilities shift AI infrastructure costs onto consumers.

Explore More From Current Issue

Julie Riew, wearing a white dress, playing guitar and singing into a microphone on stage.

Bringing Korean Stories to Life

Composer Julia Riew writes the musicals she needed to see.

Illustration of college students running under a large red "MAGA" hat while others look on with some skeptisim.

How MAGA Went Mainstream at Harvard

Trump, TikTok, and the pandemic are reshaping Gen Z politics.

Catherine Zipf smiling, wearing striped shirt and dark sweater outdoors.

Preserving the History of Jim Crow Era Safe Havens

Architectural historian Catherine Zipf is building a database of Green Book sites.