JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A semantic approach to secure information flow
Science of Computer Programming - Special issue on mathematics of program construction
Certification of programs for secure information flow
Communications of the ACM
Information flow inference for ML
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dynamic Logic
Information flow inference for ML
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Per Model of Secure Information Flow in Sequential Programs
Higher-Order and Symbolic Computation
A Dynamic Logic for the Formal Verification of Java Card Programs
JavaCard '00 Revised Papers from the First International Workshop on Java on Smart Cards: Programming and Security
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Eliminating Covert Flows with Minimum Typings
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Secure Information Flow by Self-Composition
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
A program logic for handling JAVACARD's transaction mechanism
FASE'03 Proceedings of the 6th international conference on Fundamental approaches to software engineering
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Decidability and proof systems for language-based noninterference relations
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A simulation-based proof technique for dynamic information flow
Proceedings of the 2007 workshop on Programming languages and analysis for security
Towards a logical account of declassification
Proceedings of the 2007 workshop on Programming languages and analysis for security
The KeY system 1.0 (Deduction Component)
CADE-21 Proceedings of the 21st international conference on Automated Deduction: Automated Deduction
Specification and Checking of Software Contracts for Conditional Information Flow
FM '08 Proceedings of the 15th international symposium on Formal Methods
Static analysis for inference of explicit information flow
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Mechanized information flow analysis through inductive assertions
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
On temporal path conditions in dependence graphs
Automated Software Engineering
Declassification: Dimensions and principles
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Combining different proof techniques for verifying information flow security
LOPSTR'06 Proceedings of the 16th international conference on Logic-based program synthesis and transformation
KeY: a formal method for object-oriented systems
FMOODS'07 Proceedings of the 9th IFIP WG 6.1 international conference on Formal methods for open object-based distributed systems
Integration of a security type system into a program logic
TGC'06 Proceedings of the 2nd international conference on Trustworthy global computing
Verifying object-oriented programs with KeY: a tutorial
FMCO'06 Proceedings of the 5th international conference on Formal methods for components and objects
On bounding problems of quantitative information flow
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Abstract certification of global non-interference in rewriting logic
FMCO'09 Proceedings of the 8th international conference on Formal methods for components and objects
Relational verification using product programs
FM'11 Proceedings of the 17th international conference on Formal methods
Provably correct runtime enforcement of non-interference properties
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Preserving secrecy under refinement
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Secure information flow by self-composition
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
Modelling declassification policies using abstract domain completeness
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
Verifying a secure information flow analyzer
TPHOLs'05 Proceedings of the 18th international conference on Theorem Proving in Higher Order Logics
From coupling relations to mated invariants for checking information flow
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Model-checking secure information flow for multi-threaded programs
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Towards incrementalization of holistic hyperproperties
POST'12 Proceedings of the First international conference on Principles of Security and Trust
A certificate infrastructure for machine-checked proofs of conditional information flow
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Scheduler-specific confidentiality for multi-threaded programs and its logic-based verification
FoVeOOS'11 Proceedings of the 2011 international conference on Formal Verification of Object-Oriented Software
Verification of information flow properties of java programs without approximations
FoVeOOS'11 Proceedings of the 2011 international conference on Formal Verification of Object-Oriented Software
Conditional information flow policies and unwinding relations
TGC'11 Proceedings of the 6th international conference on Trustworthy Global Computing
Automated analysis of rule-based access control policies
PLPV '13 Proceedings of the 7th workshop on Programming languages meets program verification
Proving concurrent noninterference
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
Relational abstract interpretation for the verification of 2-hypersafety properties
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
On bounding problems of quantitative information flow
Journal of Computer Security - ESORICS 2010
Effective verification of confidentiality for multi-threaded programs
Journal of Computer Security - Foundational Aspects of Security
Hi-index | 0.00 |
Most attempts at analysing secure information flow in programs are based on domain-specific logics. Though computationally feasible, these approaches suffer from the need for abstraction and the high cost of building dedicated tools for real programming languages. We recast the information flow problem in a general program logic rather than a problem-specific one. We investigate the feasibility of this approach by showing how a general purpose tool for software verification can be used to perform information flow analyses. We are able to prove security and insecurity of programs including advanced features such as method calls, loops, and object types for the target language Java Card. In addition, we can express declassification of information.