Permissive dynamic information flow analysis
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
Information flow enforcement in monadic libraries
Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
Unifying facets of information integrity
ICISS'10 Proceedings of the 6th international conference on Information systems security
Flexible dynamic information flow control in Haskell
Proceedings of the 4th ACM symposium on Haskell
Implementing a Language with Flow-Sensitive and Structural Typing on the JVM
Electronic Notes in Theoretical Computer Science (ENTCS)
Information flow analysis for javascript
Proceedings of the 1st ACM SIGPLAN international workshop on Programming language and systems technologies for internet clients
Multiple facets for dynamic information flow
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Limiting information leakage in event-based communication
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Capabilities for information flow
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Decentralized delimited release
APLAS'11 Proceedings of the 9th Asian conference on Programming Languages and Systems
On-the-Fly inlining of dynamic dependency monitors for secure information flow
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Precise enforcement of progress-sensitive security
Proceedings of the 2012 ACM conference on Computer and communications security
Towards a practical secure concurrent language
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
A low-overhead, value-tracking approach to information flow security
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Enforcing information flow policies by a three-valued analysis
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Monitoring temporal information flow
ISoLA'12 Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: technologies for mastering change - Volume Part I
Faceted execution of policy-agnostic programs
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
Position paper: Sapper -- a language for provable hardware policy enforcement
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
A calculus for constraint-based flow typing
Proceedings of the 15th Workshop on Formal Techniques for Java-like Programs
Testing noninterference, quickly
Proceedings of the 18th ACM SIGPLAN international conference on Functional programming
A verified information-flow architecture
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Hi-index | 0.00 |
This paper seeks to answer fundamental questions about trade-offs between static and dynamic security analysis. It has been previously shown that flow-sensitive static information-flow analysis is a natural generalization of flow-insensitive static analysis, which allows accepting more secure programs. It has been also shown that sound purely dynamic information-flow enforcement is more permissive than static analysis in the flow-insensitive case. We argue that the step from flow-insensitive to flow-sensitive is fundamentally limited for purely dynamic information-flow controls. We prove impossibility of a sound purely dynamic information-flow monitor that accepts programs certified by a classical flow-sensitive static analysis. A side implication is impossibility of permissive dynamic instrumented security semantics for information flow, which guides us to uncover an unsound semantics from the literature. We present a general framework for hybrid mechanisms that is parameterized in the static part and in the reaction method of the enforcement (stop, suppress, or rewrite) and give security guarantees with respect to termination-insensitive noninterference for a simple language with output.