The theory and practice of first-class prompts
POPL '88 Proceedings of the 15th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '90 Proceedings of the 17th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Programming perl
Analysis and caching of dependencies
Proceedings of the first ACM SIGPLAN international conference on Functional programming
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secrecy by typing in security protocols
Journal of the ACM (JACM)
Information flow inference for free
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
A sound type system for secure flow analysis
Journal of Computer Security
Certification of programs for secure information flow
Communications of the ACM
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Analyzing security protocols with secrecy types and logic programs
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A uniform type structure for secure information flow
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Noninterference for concurrent programs and thread systems
Theoretical Computer Science
Information flow vs. resource access in the asynchronous pi-calculus
ACM Transactions on Programming Languages and Systems (TOPLAS)
Secure Information Flow via Linear Continuations
Higher-Order and Symbolic Computation
A Typed Process Calculus for Fine-Grained Resource Access Control in Distributed Computation
TACS '01 Proceedings of the 4th International Symposium on Theoretical Aspects of Computer Software
ACM SIGOPS Operating Systems Review
Typing correspondence assertions for communication protocols
Theoretical Computer Science
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Channel dependent types for higher-order mobile processes
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Enforcing Robust Declassification
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Downgrading policies and relaxed noninterference
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Information and Computation
A systematic approach to static access control
ACM Transactions on Programming Languages and Systems (TOPLAS)
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Secrecy despite compromise: types, cryptography, and the pi-calculus
CONCUR 2005 - Concurrency Theory
safeDpi: a language for controlling mobile code
Acta Informatica - Special issue: Types in concurrency. Part II , Guest Editor: R. De Nicola, D. Sangiorgi
Type-based information flow analysis for the π-calculus
Acta Informatica - Special issue: Types in concurrency. Part II , Guest Editor: R. De Nicola, D. Sangiorgi
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secrecy by Typing and File-Access Control
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Writing Secure Code for Windows Vista(TM) (Pro - Step By Step Developer)
Writing Secure Code for Windows Vista(TM) (Pro - Step By Step Developer)
Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Dytan: a generic dynamic taint analysis framework
Proceedings of the 2007 international symposium on Software testing and analysis
Securing software by enforcing data-flow integrity
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Proving the Correctness of Multiprocess Programs
IEEE Transactions on Software Engineering
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
A type discipline for authorization policies
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Dynamic access control in a concurrent object calculus
CONCUR'06 Proceedings of the 17th international conference on Concurrency Theory
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
EON: modeling and analyzing dynamic access control systems with logic programs
Proceedings of the 15th ACM conference on Computer and communications security
Language-based security on Android
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
PCAL: language support for proof-carrying authorization systems
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Permissive dynamic information flow analysis
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
| Hi-index | 0.00 |
The Windows Vista operating system implements an interesting model of multi-level integrity. We observe that in this model, trusted code must participate in any information-flow attack. Thus, it is possible to eliminate such attacks by statically restricting trusted code. We formalize this model by designing a type system that can efficiently enforce data-flow integrity on Windows Vista. Typechecking guarantees that objects whose contents are statically trusted never contain untrusted values, regardless of what untrusted code runs in the environment. Some of Windows Vista's runtime access checks are necessary for soundness; others are redundant and can be optimized away.