Eiffel: the language
The essence of functional programming
POPL '92 Proceedings of the 19th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Application performance and flexibility on exokernel systems
Proceedings of the sixteenth ACM symposium on Operating systems principles
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
Termination in language-based systems
ACM Transactions on Information and System Security (TISSEC)
High Integrity Software: The SPARK Approach to Safety and Security
High Integrity Software: The SPARK Approach to Safety and Security
ACM SIGOPS Operating Systems Review
Report on the programming language Euclid
ACM SIGPLAN Notices
Precise Identification of Side-Effect-Free Methods in Java
ICSM '04 Proceedings of the 20th IEEE International Conference on Software Maintenance
An overview of JML tools and applications
International Journal on Software Tools for Technology Transfer (STTT) - Special section on formal methods for industrial critical systems
Javari: adding reference immutability to Java
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Information Flow in the Peer-Reviewing Process
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Robust composition: towards a unified approach to access control and concurrency control
Robust composition: towards a unified approach to access control and concurrency control
Some thoughts on security after ten years of qmail 1.0
Proceedings of the 2007 ACM workshop on Computer security architecture
The spec# programming system: an overview
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Purity and side effect analysis for java programs
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Side-effect free functions in object-oriented languages
Computer Languages
On voting machine design for verification and testability
Proceedings of the 16th ACM conference on Computer and communications security
Class properties for security review in an object-capability subset of Java: (short paper)
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
xBook: redesigning privacy control in social networking platforms
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Dartmouth internet security testbed (DIST: building a campus-wide wireless testbed
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
Read-only execution for dynamic languages
TOOLS'10 Proceedings of the 48th international conference on Objects, models, components, patterns
JPure:: a modular purity system for java
CC'11/ETAPS'11 Proceedings of the 20th international conference on Compiler construction: part of the joint European conferences on theory and practice of software
Composable reliability for asynchronous systems
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Proceedings of the 2012 Haskell Symposium
Preventing backdoors in server applications with a separated software architecture
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Language-based defenses against untrusted browser origins
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
Proving that particular methods within a code base are functionally pure--deterministic and side-effect free--would aid verification of security properties including function invertibility, reproducibility of computation, and safety of untrusted code execution. Until now it has not been possible to automatically prove a method is functionally pure within a high-level imperative language in wide use, such as Java. We discuss a technique to prove that methods are functionally pure by writing programs in a subset of Java called Joe-E; a static verifier ensures that programs fall within the subset. In Joe-E, pure methods can be trivially recognized from their method signature. To demonstrate the practicality of our approach, we refactor an AES library, an experimental voting machine implementation, and an HTML parser to use our techniques. We prove that their top-level methods are verifiably pure and show how this provides high-level security guarantees about these routines. Our approach to verifiable purity is an attractive way to permit functional-style reasoning about security properties while leveraging the familiarity, convenience, and legacy code of imperative languages.