A lattice model of secure information flow
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
ACM Transactions on Computer Systems (TOCS)
Information flow inference for ML
ACM Transactions on Programming Languages and Systems (TOPLAS)
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Enforcing robust declassification and qualified robustness
Journal of Computer Security - Special issue on CSFW17
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Cryptographically sound implementations for typed information-flow security
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
e-EMV: emulating EMV for internet payments with trusted computing technologies
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Building secure web applications with automatic partitioning
Communications of the ACM - Inspiring Women in Computing
Lest we remember: cold-boot attacks on encryption keys
Communications of the ACM - Security in the Browser
Tight Enforcement of Information-Release Policies for Dynamic Languages
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
A Logic of Secure Systems and its Application to Trusted Computing
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Proceedings of the 16th ACM conference on Computer and communications security
A semantic framework for declassification and endorsement
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Security evaluation of scenarios based on the TCG's TPM specification
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
| Hi-index | 0.00 |
Information-flow policies can express strong security requirements for programs run by distributed parties with different levels of trust. However, this security is hard to preserve as programs get compiled to distributed systems with (potentially) compromised machines. For instance, many programs involve computations too sensitive to be trusted to any of those machines. Also, many programs are not perfectly secure (non-interferent); as they selectively endorse and declassify information, their relative security becomes harder to preserve. We develop a secure compiler for distributed information flows. To minimize trust assumptions, we rely on cryptographic protection, and we exploit hardware and software mechanisms available on modern architectures, such as secure boots, trusted platform modules, and remote attestation. We present a security model for these mechanisms in an imperative language with dynamic code loading.We define program transformations to generate trusted virtual hosts and to run them on untrusted machines. We obtain confidentiality and integrity theorems under realistic assumptions, showing that the compiled distributed system is at least as secure as the source program.