Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis
Journal of Computer Security
Certification of programs for secure information flow
Communications of the ACM
Systematic design of program analysis frameworks
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Abstract interpretation of operational semantics for secure information flow
Information Processing Letters
Security Typings by Abstract Interpretation
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Secure Information Flow by Self-Composition
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
On flow-sensitive security types
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A logic for information flow in object-oriented programs
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Preliminary design of JML: a behavioral interface specification language for java
ACM SIGSOFT Software Engineering Notes
The rewriting logic semantics project
Theoretical Computer Science
Instruction-level security typing by abstract interpretation
International Journal of Information Security
Dynamic Dependency Monitoring to Secure Information Flow
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Type-based information flow analysis for bytecode languages with variable object field policies
Proceedings of the 2008 ACM symposium on Applied computing
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
On PDG-based noninterference and its modular proof
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Automated Certification of Non-Interference in Rewriting Logic
Formal Methods for Industrial Critical Systems
Automatic certification of Java source code in rewriting logic
FMICS'07 Proceedings of the 12th international conference on Formal methods for industrial critical systems
All about maude - a high-performance logical framework: how to specify, program and verify systems in rewriting logic
A theorem proving approach to analysis of secure information flow
SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
The rewriting logic semantics project: a progress report
FCT'11 Proceedings of the 18th international conference on Fundamentals of computation theory
The rewriting logic semantics project: A progress report
Information and Computation
| Hi-index | 0.00 |
Non-interference is a semantic program property that assigns confidentiality levels to data objects and prevents illicit information flows from occurring from high to low security levels. In this paper, we present a novel security model for global non-interference which approximates non-interference as a safety property. We also propose a certification technique for global non-interference of complete Java classes based on rewriting logic, a very general logical and semantic framework that is efficiently implemented in the high-level programming language Maude. Starting from an existing Java semantics specification written in Maude, we develop an extended, information-flow Java semantics that allows us to correctly observe global non-interference policies. In order to achieve a finite state transition system, we develop an abstract Java semantics that we use for secure and effective non-interference Java analysis. The analysis produces certificates that are independently checkable and are small enough to be used in practice.