JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The Craft of Programming
Information flow inference for ML
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Per Model of Secure Information Flow in Sequential Programs
Higher-Order and Symbolic Computation
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
Simple relational correctness proofs for static analyses and program transformations
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secure Information Flow by Self-Composition
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Non-interference for a JVM-like language
TLDI '05 Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation
Stack-based access control and secure information flow
Journal of Functional Programming
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Ownership confinement ensures representation independence for object-oriented programs
Journal of the ACM (JACM)
A logic for information flow in object-oriented programs
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Towards imperative modules: reasoning about invariants and sharing of mutable state
Theoretical Computer Science - Components and objects
Theoretical Computer Science
The spec# programming system: an overview
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Verifying a secure information flow analyzer
TPHOLs'05 Proceedings of the 18th international conference on Theorem Proving in Higher Order Logics
Privacy-sensitive information flow with JML
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
A theorem proving approach to analysis of secure information flow
SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
Secure information flow as a safety problem
SAS'05 Proceedings of the 12th international conference on Static Analysis
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Observational purity and encapsulation
Theoretical Computer Science
Towards a logical account of declassification
Proceedings of the 2007 workshop on Programming languages and analysis for security
Verification condition generation for conditional information flow
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Modular Reasoning in Object-Oriented Programming
Verified Software: Theories, Tools, Experiments
Specification and Checking of Software Contracts for Conditional Information Flow
FM '08 Proceedings of the 15th international symposium on Formal Methods
Verification of equivalent-results methods
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Deductive verification of cryptographic software
Innovations in Systems and Software Engineering
On bounding problems of quantitative information flow
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Relational verification using product programs
FM'11 Proceedings of the 17th international conference on Formal methods
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
A multi-compositional enforcement on information flow security
ICICS'11 Proceedings of the 13th international conference on Information and communications security
Secure information flow by self-composition
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Formal verification of side-channel countermeasures using self-composition
Science of Computer Programming
Relational abstract interpretation for the verification of 2-hypersafety properties
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
On bounding problems of quantitative information flow
Journal of Computer Security - ESORICS 2010
| Hi-index | 0.00 |
This paper investigates a technique for using automated program verifiers to check conformance with information flow policy, in particular for programs acting on shared, dynamically allocated mutable heap objects. The technique encompasses rich policies with forms of declassification and supports modular, invariant-based verification of object-oriented programs. The technique is based on the known idea of self-composition, whereby noninterference for a command is reduced to an ordinary partial correctness property of the command sequentially composed with a renamed copy of itself. The first contribution is to extend this technique to encompass heap objects, which is difficult because textual renaming is inapplicable. The second contribution is a systematic means to validate transformations on self-composed programs. Certain transformations are needed for effective use of existing automated program verifiers and they exploit conservative flow inference, e.g., from security type inference. Experiments with the technique using ESC/Java2 and Spec# verifiers are reported.