A security-aware refactoring tool for Java programs
Proceedings of the 4th Workshop on Refactoring Tools
From exponential to polynomial-time security typing via principal types
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
SWIPE: eager erasure of sensitive data in large scale systems software
Proceedings of the second ACM conference on Data and Application Security and Privacy
A semantic hierarchy for erasure policies
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Implementing erasure policies using taint analysis
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Precise enforcement of progress-sensitive security
Proceedings of the 2012 ACM conference on Computer and communications security
Dependent Type Theory for Verification of Information Flow and Access Control Policies
ACM Transactions on Programming Languages and Systems (TOPLAS)
Proceedings of the 15th Symposium on Principles and Practice of Declarative Programming
| Hi-index | 0.00 |
Declassification occurs when the confidentiality of information is weakened; erasure occurs when the confidentiality of information is strengthened, perhaps to the point of completely removing the information from the system. This paper shows how to enforce erasure and declassification policies. A combination of a type system that controls information flow and a simple runtime mechanism to overwrite data ensures end-to-end enforcement of policies. We prove that well-typed programs satisfy the semantic security condition noninterference according to policy. We extend the Jif programming language with erasure and declassification enforcement mechanisms and use the resulting language in a large case study of a voting system.