The formal semantics of programming languages: an introduction
The formal semantics of programming languages: an introduction
Security properties of typed applets
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Transactions on Information and System Security (TISSEC)
A sound type system for secure flow analysis
Journal of Computer Security
Certification of programs for secure information flow
Communications of the ACM
Programming semantics for multiprogrammed computations
Communications of the ACM
Capability-Based Computer Systems
Capability-Based Computer Systems
A Security Kernel Based on the Lambda-Calculus
A Security Kernel Based on the Lambda-Calculus
Dynamic rebinding for marshalling and update, with destruct-time ?
ICFP '03 Proceedings of the eighth ACM SIGPLAN international conference on Functional programming
The inlined reference monitor approach to security policy enforcement
The inlined reference monitor approach to security policy enforcement
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Emily: A High Performance Language for Enabling Secure Cooperation
C5 '07 Proceedings of the Fifth International Conference on Creating, Connecting and Collaborating through Computing
Robust composition: towards a unified approach to access control and concurrency control
Robust composition: towards a unified approach to access control and concurrency control
Encoding information flow in Aura
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Efficient purely-dynamic information flow analysis
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Declassification: Dimensions and principles
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
A lattice-based approach to mashup security
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Automata-based confidentiality monitoring
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Permissive dynamic information flow analysis
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Dynamic vs. Static Flow-Sensitive Security Analysis
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Information Flow Monitor Inlining
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Noninterference through Secure Multi-execution
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Object Capabilities and Isolation of Untrusted Web Applications
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Unifying facets of information integrity
ICISS'10 Proceedings of the 6th international conference on Information systems security
A practical formal model for safety analysis in capability-based systems
TGC'05 Proceedings of the 1st international conference on Trustworthy global computing
From dynamic to static and back: riding the roller coaster of information-flow control research
PSI'09 Proceedings of the 7th international Andrei Ershov Memorial conference on Perspectives of Systems Informatics
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Security of web mashups: a survey
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Multiple facets for dynamic information flow
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secure multi-execution through static program transformation
FMOODS'12/FORTE'12 Proceedings of the 14th joint IFIP WG 6.1 international conference and Proceedings of the 32nd IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems
Faceted execution of policy-agnostic programs
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
Hi-index | 0.00 |
This paper presents a capability-based mechanism for permissive yet secure enforcement of information-flow policies. Language capabilities have been studied widely, and several popular implementations, such as Caja and Joe-E, are available. By making the connection from capabilities to information flow, we enable smooth enforcement of information-flow policies using capability systems. The paper presents a transformation that given an arbitrary source program in a simple imperative language produces a secure program in a language with capabilities. We present formal guarantees of security and permissiveness and report on experiments to enforce information-flow policies for web applications using Caja.