The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis
Journal of Computer Security
Certification of programs for secure information flow
Communications of the ACM
ACM Transactions on Computer Systems (TOCS)
Semantics and Program Analysis of Computationally Secure Information Flow
ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Cryptographically sound implementations for typed information-flow security
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
On the computational soundness of cryptographically masked flows
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Securing distributed systems with information flow control
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Proceedings of the 2008 workshop on Middleware security
Proceedings of the 16th ACM conference on Computer and communications security
Event-processing middleware with information flow control
Proceedings of the 10th ACM/IFIP/USENIX International Conference on Middleware
Polyglot: an extensible compiler framework for Java
CC'03 Proceedings of the 12th international conference on Compiler construction
Computationally sound typing for non-interference: the case of deterministic encryption
FSTTCS'07 Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science
Cryptographically sound implementations for communicating processes
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
| Hi-index | 0.00 |
Automating the construction of secure distributed systems becomes necessary. Indeed, developing security code requires a deep expertise and verifying that the developed code respects the specified policy is a tedious task. In this paper, we define a toolkit called CIF (Component Information Flow) that automates the development of secure distributed systems. The developer defines the security properties through a policy configuration file. When this configuration is validated, that is no security leak is detected, the system security code is generated. A performance evaluation of an implemented use case shows the effectiveness of the approach.