POPL '88 Proceedings of the 15th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis
Journal of Computer Security
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
A composable cryptographic library with nested operations
Proceedings of the 10th ACM conference on Computer and communications security
A bisimulation for dynamic sealing
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A judgmental reconstruction of modal logic
Mathematical Structures in Computer Science
Mathematical modal logic: a view of its evolution
Journal of Applied Logic
A Symmetric Modal Lambda Calculus for Distributed Computing
LICS '04 Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Relating Symbolic and Cryptographic Secrecy
IEEE Transactions on Dependable and Secure Computing
Encoding Information Flow in Haskell
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Access control in a core calculus of dependency
Proceedings of the eleventh ACM SIGPLAN international conference on Functional programming
Secure information flow with random assignment and encryption
Proceedings of the fourth ACM workshop on Formal methods in security
Semantics of an effect analysis for exceptions
TLDI '07 Proceedings of the 2007 ACM SIGPLAN international workshop on Types in languages design and implementation
Gradual Release: Unifying Declassification, Encryption and Key Release Policies
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
A Cryptographic Decentralized Label Model
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
A Type Discipline for Authorization in Distributed Systems
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Cryptographically sound implementations for typed information-flow security
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
AURA: a programming language for authorization and audit
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Termination-Insensitive Noninterference Leaks More Than Just a Bit
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Modal types for mobile code
Formal certification of code-based cryptographic proofs
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Exception Handlers as Extensible Cases
APLAS '08 Proceedings of the 6th Asian Symposium on Programming Languages and Systems
Fully homomorphic encryption using ideal lattices
Proceedings of the forty-first annual ACM symposium on Theory of computing
Encoding information flow in Aura
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Fabric: a platform for secure distributed computation and storage
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Aura: programming with authorization and audit
Aura: programming with authorization and audit
Cryptographically-Masked flows
SAS'06 Proceedings of the 13th international conference on Static Analysis
A type system for computationally secure information flow
FCT'05 Proceedings of the 15th international conference on Fundamentals of Computation Theory
Enforcing stateful authorization and information flow policies in fine
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
MrCrypt: static analysis for secure cloud computations
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Noninterference in a predicative polymorphic calculus for access control
Computer Languages, Systems and Structures
| Hi-index | 0.00 |
This paper introduces AuraConf, the first programming language with a unified means to specify access-control and confidentially policies. In concert with a proof-carrying access control mechanism, to known-techniques for describing access-control, AuraConf allows confidentially policies to be specified declaratively using types and enforced via cryptography. Programs written in AuraConf enjoy a formal security guarantee via noninterference. Additionally, the language definition introduces a novel type system where the typechecker may use resources (i.e., private keys) and knowledge of an object's provenance (i.e., how a ciphertext was computed) to guide analysis.