A sound type system for secure flow analysis
Journal of Computer Security
Information flow inference for ML
ACM Transactions on Programming Languages and Systems (TOPLAS)
A general theory of security properties
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Protecting browser state from web privacy attacks
Proceedings of the 15th international conference on World Wide Web
Information-Flow Security for Interactive Programs
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Subspace: secure cross-domain communication for web mashups
Proceedings of the 16th international conference on World Wide Web
ACM Transactions on Information and System Security (TISSEC)
Just forget it: the semantics and enforcement of information erasure
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Featherweight Firefox: formalizing the core of a web browser
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
Information flow in interactive systems
CONCUR'10 Proceedings of the 21st international conference on Concurrency theory
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
A multi-compositional enforcement on information flow security
ICICS'11 Proceedings of the 13th international conference on Information and communications security
Multiple facets for dynamic information flow
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Limiting information leakage in event-based communication
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Epistemic temporal logic for information flow security
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Towards incrementalization of holistic hyperproperties
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Establishing browser security guarantees through formal shim verification
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Better security and privacy for web browsers: a survey of techniques, and a new implementation
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
FlowFox: a web browser with flexible and precise information flow control
Proceedings of the 2012 ACM conference on Computer and communications security
Coinductive unwinding of security-relevant hyperproperties
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Quantitative information flow in interactive systems
Journal of Computer Security - ARSPA-WITS'10
Hi-index | 0.00 |
Many programs operate reactively--patiently waiting for user input, running for a while producing output, and eventually returning to a state where they are ready to accept another input (or occasionally diverging). When a reactive program communicates with multiple parties, we would like to be sure that it can be given secret information by one without leaking it to others. Motivated by web browsers and client-side web applications, we explore definitions of noninterference for reactive programs and identify two of special interest--one corresponding to termination-insensitive noninterference for a simple sequential language, the other to termination-sensitive noninterference. We focus on the former and develop a proof technique for showing that program behaviors are secure according to this definition. To demonstrate the viability of the approach, we define a simple reactive language with an information-flow type system and apply our proof technique to show that well-typed programs are secure.