At Cornell University, researchers have built an extension to Java that incorporates security logic into a program while it's being written.  The platform, named "Fabric", replaces the mishmash of security layers and intermittent patches with one simple programming interface that provides explicit and direct security logic.

Fred Schneider, a Cornell professor of Computer Science, says that computer security has traditionally been reactive, improving only after software is successfully hacked.  Another Computer Science professor working on this project, Andrew Myers, compared modern security to using duct tape.  We just keep putting patches on top of patches, making system security into an utter mess.

Fabric, on the other hand, creates security in distributed computing systems and weaves the security functionality into the code as you write it.  The language is a set of objects labeled with security policies for data access and operations.  The blocks of code have built-in policies when they are written that tell when and where the code can be run.  

Fabric won't let your write insecure code.  The compiler that turns Fabric language into an executable program enforces security policies transparently.  Schneider and Myers plan to scale up Fabric for large-scale distributed computing systems.  Right now Fabric is in the prototype.  They also want to add more complex security restrictions and the ability to assure security when programs on one node are run on another.  

Check out news.cornell.edu for more details.