Towards a practical secure concurrent language
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Proving concurrent noninterference
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
Confidentiality for probabilistic multi-threaded programs and its verification
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Security completeness: towards noninterference in composed languages
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
Safety versus security in the quality calculus
Theories of Programming and Formal Methods
Hi-index | 0.00 |
The idea of building secure systems by plugging together "secure'' components is appealing, but this requires a definition of security which, in addition to taking care of top-level security goals, is strengthened appropriately in order to be compositional. This approach has been previously studied for information-flow security of shared-variable concurrent programs, but the price for compositionality is very high: a thread must be extremely pessimistic about what an environment might do with shared resources. This pessimism leads to many intuitively secure threads being labelled as insecure. Since in practice it is only meaningful to compose threads which follow an agreed protocol for data access, we take advantage of this to develop a more liberal compositional security condition. The idea is to give the security definition access to the intended pattern of data usage, as expressed by assumption-guarantee style conditions associated with each thread. We illustrate the improved precision by developing the first flow-sensitive security type system that provably enforces a noninterference-like property for concurrent programs.