Information-flow and data-flow analysis of while-programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis
Journal of Computer Security
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Secure Information Flow by Self-Composition
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Enforcing security and safety models with an information flow analysis tool
Proceedings of the 2004 annual ACM SIGAda international conference on Ada: The engineering of correct and reliable software for real-time & distributed systems using Ada and related technologies
Stack-based access control and secure information flow
Journal of Functional Programming
An overview of JML tools and applications
International Journal on Software Tools for Technology Transfer (STTT) - Special section on formal methods for industrial critical systems
A logic for information flow in object-oriented programs
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Science of Computer Programming
Towards a logical account of declassification
Proceedings of the 2007 workshop on Programming languages and analysis for security
Software verification with BLAST
SPIN'03 Proceedings of the 10th international conference on Model checking software
The spec# programming system: an overview
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
ESC/Java2: uniting ESC/Java and JML
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Building your own software model checker using the bogor extensible model checking framework
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Privacy-sensitive information flow with JML
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
Secure information flow as a safety problem
SAS'05 Proceedings of the 12th international conference on Static Analysis
From coupling relations to mated invariants for checking information flow
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Specification and Checking of Software Contracts for Conditional Information Flow
FM '08 Proceedings of the 15th international symposium on Formal Methods
ICFEM '08 Proceedings of the 10th International Conference on Formal Methods and Software Engineering
Mechanized information flow analysis through inductive assertions
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Automated Analysis of Java Methods for Confidentiality
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Secure information flow by self-composition
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
A certificate infrastructure for machine-checked proofs of conditional information flow
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Noninterference for operating system kernels
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
| Hi-index | 0.00 |
We formulate an intraprocedural information flow analysis algorithm for sequential, heap manipulating programs. We prove correctness of the algorithm, and argue that it can be used to verify some naturally occurring examples in which information flow is conditional on some Hoare-like state predicates being satisfied. Because the correctness of information flow analysis is typically formulated in terms of noninterference of pairs of computations, the algorithm takes as input a program together with two-state assertions as postcondition, and generates two-state preconditions together with verification conditions. To process heap manipulations and while loops, the algorithm must additionally be supplied "object flow invariants" as well as "loop flow invariants" which are themselves two-state, and possibly conditional.