The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis
Journal of Computer Security
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Information flow inference for ML
ACM Transactions on Programming Languages and Systems (TOPLAS)
Secure Information Flow and Pointer Confinement in a Java-like Language
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Programming languages for information security
Programming languages for information security
Security policies for downgrading
Proceedings of the 11th ACM conference on Computer and communications security
On flow-sensitive security types
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dynamic Dependency Monitoring to Secure Information Flow
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Cryptographically sound implementations for typed information-flow security
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A type system for data-flow integrity on windows vista
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Merlin: specification inference for explicit information flow problems
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Trace-based just-in-time type specialization for dynamic languages
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Catch me if you can: permissive yet secure error handling
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Efficient purely-dynamic information flow analysis
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
A language for information flow: dynamic tracking in multiple interdependent dimensions
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Tight Enforcement of Information-Release Policies for Dynamic Languages
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Securing Timeout Instructions in Web Applications
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
International Journal of Information Security
A lattice-based approach to mashup security
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Automata-based confidentiality monitoring
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Tracking information flow in dynamic tree structures
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Dynamic vs. Static Flow-Sensitive Security Analysis
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Information Flow Monitor Inlining
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Provably correct runtime enforcement of non-interference properties
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
From dynamic to static and back: riding the roller coaster of information-flow control research
PSI'09 Proceedings of the 7th international Andrei Ershov Memorial conference on Perspectives of Systems Informatics
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Information flow analysis for javascript
Proceedings of the 1st ACM SIGPLAN international workshop on Programming language and systems technologies for internet clients
Multiple facets for dynamic information flow
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Limiting information leakage in event-based communication
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Capabilities for information flow
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
On-the-Fly inlining of dynamic dependency monitors for secure information flow
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Secure multi-execution through static program transformation
FMOODS'12/FORTE'12 Proceedings of the 14th joint IFIP WG 6.1 international conference and Proceedings of the 32nd IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems
FlowFox: a web browser with flexible and precise information flow control
Proceedings of the 2012 ACM conference on Computer and communications security
Aspectizing JavaScript security
Proceedings of the 3rd workshop on Modularity in systems software
Dependent Type Theory for Verification of Information Flow and Access Control Policies
ACM Transactions on Programming Languages and Systems (TOPLAS)
Information flow tracking meets just-in-time compilation
ACM Transactions on Architecture and Code Optimization (TACO)
| Hi-index | 0.00 |
A key challenge in dynamic information flow analysis is handling implicit flows, where code conditional on a private variable updates a public variable x. The naive approach of upgrading x to private results in x being partially leaked, where its value contains private data but its label might remain public on an alternative execution (where the conditional update was not performed). Prior work proposed the no-sensitive-upgrade check, which handles implicit flows by prohibiting partially leaked data, but attempts to update a public variable from a private context causes execution to get stuck. To overcome this limitation, we develop a sound yet flexible permissive-upgrade strategy. To prevent information leaks, partially leaked data is permitted but carefully tracked to ensure that it is never totally leaked. This permissive-upgrade strategy is more flexible than the prior approaches such as the no-sensitive-upgrade check. Under the permissive-upgrade strategy, partially leaked data must be marked as private before being used in a conditional test, thereby ensuring that it is private for both the current execution as well as alternate execution paths. This paper also presents a dynamic analysis technique for inferring these privatization operations and inserting them into the program source code. The combination of these techniques allows more programs to run to completion, while still guaranteeing termination-insensitive non-interference in a purely dynamic manner.