POPL '88 Proceedings of the 15th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A syntactic approach to type soundness
Information and Computation
FMOODS '97 Proceedings of the IFIP TC6 WG6.1 international workshop on Formal methods for open object-based distributed systems
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Theoretical Computer Science
A sound type system for secure flow analysis
Journal of Computer Security
A lattice model of secure information flow
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
A uniform type structure for secure information flow
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The Definition of Standard ML
Noninterference for concurrent programs and thread systems
Theoretical Computer Science
Information flow vs. resource access in the asynchronous pi-calculus
ACM Transactions on Programming Languages and Systems (TOPLAS)
Secure Information Flow as Typed Process Behaviour
ESOP '00 Proceedings of the 9th European Symposium on Programming Languages and Systems
TACS '01 Proceedings of the 4th International Symposium on Theoretical Aspects of Computer Software
The Impact of Synchronisation on Secure Information Flow in Concurrent Programs
PSI '02 Revised Papers from the 4th International Andrei Ershov Memorial Conference on Perspectives of System Informatics: Akademgorodok, Novosibirsk, Russia
Securing Communication in a Concurrent Language
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Mobile processes: a commented bibliography
Modeling and verification of parallel processes
Probabilistic Noninterference for Multi-Threaded Programs
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Information transmission in computational systems
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
A New Type System for Secure Information Flow
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A unifying approach to the security of distributed and multi-threaded programs
Journal of Computer Security - Special issue on CSFW14
Access control for mobile agents: The calculus of boxed ambients
ACM Transactions on Programming Languages and Systems (TOPLAS)
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Flow Policy Awareness for Distributed Mobile Code
CONCUR 2009 Proceedings of the 20th International Conference on Concurrency Theory
On declassification and the non-disclosure policy
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Non-disclosure for distributed mobile code
FSTTCS '05 Proceedings of the 25th international conference on Foundations of Software Technology and Theoretical Computer Science
A generic membrane model (note)
GC'04 Proceedings of the 2004 IST/FET international conference on Global Computing
ICTAC'05 Proceedings of the Second international conference on Theoretical Aspects of Computing
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
With the emergence of the new possibilities offered by global computing, new security issues follow from the fact that these possibilities can be equally exploited by parties with malicious intentions. Many attacks arise at the application level, and can be tackled by means of programming language techniques. For instance, confidentiality can be violated during the execution of programs that reveal secret information. This kind of program behaviour can be avoided by information flow analyses that detect the encoding of illegal flows. This paper studies information flows that occur in distributed programs with code mobility from a language-based security perspective. New forms of security leaks that are introduced by code mobility, which we call migration leaks, are presented and compared with well-known forms of illegal flow. We propose an information flow property that is adequate for networks consisting of a generalisation of the non-disclosure policy. We design a type and effect system for enforcing it on an expressive distributed calculus, and explain a soundness proof methodology in detail.