The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Relative Completeness of Abstraction Refinement for Software Model Checking
TACAS '02 Proceedings of the 8th International Conference on Tools and Algorithms for the Construction and Analysis of Systems
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Abstract non-interference: parameterizing non-interference by abstract interpretation
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secure Information Flow by Self-Composition
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Transition predicate abstraction and fair termination
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Downgrading policies and relaxed noninterference
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Transition predicate abstraction and fair termination
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Decidability and proof systems for language-based noninterference relations
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 2006 workshop on Programming languages and analysis for security
Observational purity and encapsulation
Theoretical Computer Science
A simulation-based proof technique for dynamic information flow
Proceedings of the 2007 workshop on Programming languages and analysis for security
Towards a logical account of declassification
Proceedings of the 2007 workshop on Programming languages and analysis for security
Verification condition generation for conditional information flow
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Modular Reasoning in Object-Oriented Programming
Verified Software: Theories, Tools, Experiments
Specification and Checking of Software Contracts for Conditional Information Flow
FM '08 Proceedings of the 15th international symposium on Formal Methods
Embedding verifiable information flow analysis
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Secure Information Flow as a Safety Property
Formal Aspects in Security and Trust
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Efficient purely-dynamic information flow analysis
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Declassification: Dimensions and principles
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Efficient purely-dynamic information flow analysis
ACM SIGPLAN Notices
Verifying Cryptographic Software Correctness with Respect to Reference Implementations
FMICS '09 Proceedings of the 14th International Workshop on Formal Methods for Industrial Critical Systems
Deductive verification of cryptographic software
Innovations in Systems and Software Engineering
An empirical study of privacy-violating information flows in JavaScript web applications
Proceedings of the 17th ACM conference on Computer and communications security
Information theory and security: quantitative information flow
SFM'10 Proceedings of the Formal methods for quantitative aspects of programming languages, and 10th international conference on School on formal methods for the design of computer, communication and software systems
On bounding problems of quantitative information flow
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Quantifying information leaks in software
Proceedings of the 26th Annual Computer Security Applications Conference
Relational verification using product programs
FM'11 Proceedings of the 17th international conference on Formal methods
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
A multi-compositional enforcement on information flow security
ICICS'11 Proceedings of the 13th international conference on Information and communications security
Provably correct runtime enforcement of non-interference properties
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Preserving secrecy under refinement
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Probabilistic relational reasoning for differential privacy
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Applied quantitative information flow and statistical databases
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Specification and verification of side channel declassification
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Secure information flow by self-composition
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
From coupling relations to mated invariants for checking information flow
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Model-checking secure information flow for multi-threaded programs
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
A certificate infrastructure for machine-checked proofs of conditional information flow
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Conditional information flow policies and unwinding relations
TGC'11 Proceedings of the 6th international conference on Trustworthy Global Computing
Noninterference via symbolic execution
FMOODS'12/FORTE'12 Proceedings of the 14th joint IFIP WG 6.1 international conference and Proceedings of the 32nd IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems
Enforcing information flow policies by a three-valued analysis
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Future Generation Computer Systems
Runtime verification: the application perspective
ISoLA'12 Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: technologies for mastering change - Volume Part I
Noninterference for operating system kernels
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
Verifying information flow properties of hybrid systems
Proceedings of the 2nd ACM international conference on High confidence networked systems
Formal verification of side-channel countermeasures using self-composition
Science of Computer Programming
Differential assertion checking
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Dependent Type Theory for Verification of Information Flow and Access Control Policies
ACM Transactions on Programming Languages and Systems (TOPLAS)
Probabilistic Relational Reasoning for Differential Privacy
ACM Transactions on Programming Languages and Systems (TOPLAS)
Relational abstract interpretation for the verification of 2-hypersafety properties
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
SAT-Based analysis and quantification of information flow in programs
QEST'13 Proceedings of the 10th international conference on Quantitative Evaluation of Systems
On bounding problems of quantitative information flow
Journal of Computer Security - ESORICS 2010
| Hi-index | 0.00 |
The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D'Argenio, and Rezk coined the term “self-composition” to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the self-compositional approach.