Object-oriented software construction (2nd ed.)
Object-oriented software construction (2nd ed.)
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An axiomatic basis for computer programming
Communications of the ACM
Privacy-Oriented Data Mining by Proof Checking
PKDD '02 Proceedings of the 6th European Conference on Principles of Data Mining and Knowledge Discovery
Secure Information Flow and Pointer Confinement in a Java-like Language
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A New Type System for Secure Information Flow
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Providing flexibility in information flow control for object oriented systems
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Secure Information Flow by Self-Composition
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Enforcing Robust Declassification
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Data Mining
Language-Based enforcement of privacy policies
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
Privacy in data mining using formal methods
TLCA'05 Proceedings of the 7th international conference on Typed Lambda Calculi and Applications
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Verification condition generation for conditional information flow
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Deductive verification of cryptographic software
Innovations in Systems and Software Engineering
Relational verification using product programs
FM'11 Proceedings of the 17th international conference on Formal methods
Formal methods for smartcard security
Foundations of Security Analysis and Design III
Secure information flow by self-composition
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
From coupling relations to mated invariants for checking information flow
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
A certificate infrastructure for machine-checked proofs of conditional information flow
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Verification of information flow properties of java programs without approximations
FoVeOOS'11 Proceedings of the 2011 international conference on Formal Verification of Object-Oriented Software
Formal verification of side-channel countermeasures using self-composition
Science of Computer Programming
Relational abstract interpretation for the verification of 2-hypersafety properties
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
In today's society, people have very little control over what kinds of personal data are collected and stored by various agencies in both the private and public sectors. We describe an approach to addressing this problem that allows individuals to specify constraints on the way their own data is used. Our solution uses formal methods to allow developers of software that processes personal data to provide assurances that the software meets the specified privacy constraints. In the domain of privacy, it is often not sufficient to express properties of interest as a relation between the input and output of a program as is done for general program correctness. Here we consider a stronger class of properties that allows us to express constraints on information flow. In particular, we can express that an algorithm does not leak any information from particular “sensitive” values. We describe a general methodology for expressing this kind of information flow property as Hoare-style program verification judgments. We begin with the Java Modelling Language (JML), which is a behavioral interface specification language designed for Java, and we extend the language to include new concepts and keywords for expressing such properties. We use the Krakatoa tool which starts from JML-annotated Java programs, generates proof obligations in the Coq Proof Assistant, and helps to automate their proofs. We extend the Krakatoa tool to understand our extensions to JML and to generate the new form of required proof obligations. We illustrate our method on several data mining algorithms implemented in Java.