Information-flow and data-flow analysis of while-programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
A practical algorithm for exact array dependence analysis
Communications of the ACM
Advanced compiler design and implementation
Advanced compiler design and implementation
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
The Science of Programming
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
Secure Information Flow by Self-Composition
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Lenient Array Operations for Practical Secure Information Flow
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Enforcing security and safety models with an information flow analysis tool
Proceedings of the 2004 annual ACM SIGAda international conference on Ada: The engineering of correct and reliable software for real-time & distributed systems using Ada and related technologies
A logic for information flow in object-oriented programs
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficient path conditions in dependence graphs for software safety analysis
ACM Transactions on Software Engineering and Methodology (TOSEM)
Proceedings of the 13th ACM conference on Computer and communications security
Verification condition generation for conditional information flow
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Specification and Checking of Software Contracts for Conditional Information Flow
FM '08 Proceedings of the 15th international symposium on Formal Methods
History-based access control and secure information flow
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
A theorem proving approach to analysis of secure information flow
SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
Secure information flow as a safety problem
SAS'05 Proceedings of the 12th international conference on Static Analysis
From coupling relations to mated invariants for checking information flow
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
An accurate type system for information flow in presence of arrays
FMOODS'11/FORTE'11 Proceedings of the joint 13th IFIP WG 6.1 and 30th IFIP WG 6.1 international conference on Formal techniques for distributed systems
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
A certificate infrastructure for machine-checked proofs of conditional information flow
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Idea: writing secure c programs with secprove
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Hi-index | 0.00 |
Embedded information assurance applications that are critical to national and international infrastructures, must often adhere to certification regimes that require information flow properties to be specified and verified. SPARK, a subset of Ada for engineering safety critical systems, is being used to develop multiple certified information assurance systems. While SPARK provides information flow annotations and associated automated checking mechanisms, industrial experience has revealed that these annotations are not precise enough to specify many desired information flow policies. One key problem is that arrays are treated as indivisible entities – flows that involve only particular locations of an array have to be abstracted into flows on the whole array. This has substantial practical impact since SPARK does not allow dynamic allocation of memory, and hence makes heavy use of arrays to implement complex data structures. In this paper, we present a Hoare logic for information flow that enables precise compositional specification of information flow in programs with arrays, and automated deduction algorithms for checking and inferring contracts in an enhanced SPARK information flow contract language. We demonstrate the expressiveness of the enhanced contracts and effectiveness of the automated verification algorithm on realistic embedded applications.